selinux with gosa
Daniel J Walsh
dwalsh at redhat.com
Tue Mar 29 14:07:59 UTC 2005
Farkas Levente wrote:
> Daniel J Walsh wrote:
>
>> Farkas Levente wrote:
>>
>>> hi,
>>> is anyone try to use gosa with selinux?
>>> since gosa try to write into /var/spool/gosa directory which has
>>> var_spool_t type and by default it can write into this directory.
>>> what is the prefered why to enable write for gosa into this
>>> directory? should i simple change /var/spool/gosa to
>>> httpd_sys_script_rw_t? it's working but i don't know what is the
>>> right solution.
>>> another question how can i add this attrib to the gosa rpm for
>>> /var/spool/gosa?
>>> yours.
>>>
>> Yes that is a good solution.
>>
>> chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
>>
>> If you are using rawhide you can just add
>>
>> /var/spool/gosa(/.*)? system_u:object_r:httpd_sys_script_rw_t
>> to /etc/selinux/targeted/contexts/files/file_contexts.local
>>
>> And then RPM will pick it up on install. We have not back ported
>> this to FC3/RHEL4 yet.
>
>
> and how can i add this attrin to the rpm? in the rpm there is an empty
> /var/spool/gosa directory. should i do a
> chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
> during the rpm build section and the rpm automaticaly will include the
> attribs? or what is the prefered way to include file attribs in the
> rpm packages?
> thanks in advance.
> yours.
>
Currently there is none. You could do it in a post install script,
something like
[ -x /usr/sbin/selinuxenabled] && /usr/sbin/selinux/enabled && chcon -t
httpd_sys_script_rw_t /var/spool/gosa
Or you could ask the guy doing the policy for Fedora to add a line to
default policy to do this automagically.
Oh right that is me. :^) I will add this line to policy and submit it
for upstream acceptance.
Dan
--
More information about the fedora-selinux-list
mailing list