[Freeipa-devel] Writing to /var/cache/ipa/assets/
Rob Crittenden
rcritten at redhat.com
Fri Jun 18 20:51:52 UTC 2010
Adam Young wrote:
> Pavel's current code base tries to write to /var/cache/ipa/assets/ from
> within httpd, which is forbidden by SELinux. I suspect the code in the
> mainline might be doing this as well. The work around is:
>
> chcon -R -t httpd_sys_content_rw_t /var/cache/ipa/assets
> semanage fcontext -a -t httpd_sys_content_rw_t 'assets'
>
> If we are going to do this kind of code generation, we might want to do
> it at install time, or as part of something like
> /etc/init.d/ipa-server start
>
I'd think this rule would cover it in ipa_httpd.fc:
/var/cache/ipa/assets(/.*)?
gen_context(system_u:object_r:httpd_sys_content_t,s0)
rob
More information about the Freeipa-devel
mailing list