selinux with gosa

[Daniel J Walsh]

Farkas Levente wrote:

> Daniel J Walsh wrote:
>
>> Farkas Levente wrote:
>>
>>> hi,
>>> is anyone try to use gosa with selinux?
>>> since gosa try to write into /var/spool/gosa directory which has 
>>> var_spool_t type and by default it can write into this directory. 
>>> what is the prefered why to enable write for gosa into this 
>>> directory? should i simple change /var/spool/gosa to 
>>> httpd_sys_script_rw_t? it's working but i don't know what is the 
>>> right solution.
>>> another question how can i add this attrib to the gosa rpm for 
>>> /var/spool/gosa?
>>> yours.
>>>
>> Yes that is a good solution.
>>
>> chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
>>
>> If you are using rawhide you can just add
>>
>> /var/spool/gosa(/.*)?     system_u:object_r:httpd_sys_script_rw_t
>> to /etc/selinux/targeted/contexts/files/file_contexts.local
>>
>> And then RPM will pick it up on install.  We have not back ported 
>> this to FC3/RHEL4 yet.
>
>
> and how can i add this attrin to the rpm? in the rpm there is an empty 
> /var/spool/gosa directory. should i do a
> chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
> during the rpm build section and the rpm automaticaly will include the 
> attribs? or what is the prefered way to include file attribs in the 
> rpm packages?
> thanks in advance.
> yours.
>
Currently there is none.  You could do it in a post install script, 
something like

[ -x /usr/sbin/selinuxenabled] && /usr/sbin/selinux/enabled && chcon -t 
httpd_sys_script_rw_t /var/spool/gosa

Or you could ask the guy doing the policy for Fedora to add a line to 
default policy to do this automagically. 
Oh right that is me.  :^) I will add this line to policy and submit it 
for upstream acceptance.

Dan

--