[Bug 169247] Review request: rt3 - Request tracker 3

bugzilla at redhat.com bugzilla at redhat.com
Mon Oct 17 07:46:39 UTC 2005 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review request: rt3 - Request tracker 3


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169247





------- Additional Comments From rc040203 at freenet.de  2005-10-17 03:46 EST -------
(In reply to comment #19)
> (In reply to comment #16)
> > (In reply to comment #14)
> > 
> > > The following lines added to file_contexts/program/apache.fc in the policy
> > > sources should take care of both HTML::Mason and rt3
> > > 
> > > /var/cache/mason(/.*)?	system_u:object_r:httpd_cache_t
> > > /var/cache/rt3(/.*)?	system_u:object_r:httpd_cache_t
> > How can this be achieved inside of the rt3-rpm?
> 
> They could be added to a file in /etc/selinux/targeted/contexts/files.
> However, that would be the wrong approach.
IMO, this approach is wrong without any doubt.

> The right approach is to get the policy
> changed upstream, by raising a bug on selinux-policy-targeted or mentioning the
> issue on fedora-selinux-list, as mentioned in the previous two comments.
I can't avoid to disagree, again.

> > > I think we're all agreed that /var/cache/rt3 is a better option than
> > > /var/lib/rt3, aren't we?
> > Yes, but unless somebody tells me how to achieve this inside of an rpm, without
> > having to modify on of the centralized SELinux packages I don't seem any
> > perspective to do so.
> > 
> > AFAIK, the current SELinux implementation doesn't allow this, except of (may-be)
> > running chcon inside of a %postin script directly.
> 
> I'm happy to handle the SELinux bug report and get it fixed, but I need
> to make sure that I'm getting the right directories fixed. There's no 
> point getting the
> context of /var/cache/{mason,rt3} fixed if /var/lib/{mason,rt3} are being used
> by the {mason,rt3} packages. So, are /var/cache/{mason,rt3} the 
> directories that are going to be used?
Yes, we want /var/cache/*, but are deadlocked and we can't switch to it, before
_SELinux_ has been changed.

> BTW, I believe FC5 will have a more modular approach where tweaks to 
> policy like this *can* be handled within the package.
Well, face it: SELinux suffers from the same design flaws as any other
centralized registry suffer from. IMO, this must be fixed ASAP or SELinux should
be discontinued.

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the fedora-extras-list mailing list