[Bug 501228] Review Request: mod_selinux - An apache module to launch web applications with restrictive privileges
bugzilla at redhat.com
bugzilla at redhat.com
Tue May 19 02:17:57 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=501228
--- Comment #3 from KaiGai Kohei <kaigai at kaigai.gr.jp> 2009-05-18 22:17:56 EDT ---
Jochen, Thanks for your detailed reviewing.
I uploaded the revised Spec and SRPM at:
Spec URL: http://sepgsql.googlecode.com/files/mod_selinux.spec_v2.2.1904
SRPM URL:
http://sepgsql.googlecode.com/files/mod_selinux-2.2.1904-1.fc11.src.rpm
(In reply to comment #2)
> - Package fails on koji (pleas see:
> http://koji.fedoraproject.org/koji/taskinfo?taskID=1361107)
> This happens only for 64-bit architectures
Its Makefile assumed an external file provided by httpd-devel is deployed at
/usr/lib/httpd/build/special.mk, but it was /usr/lib64/httpd/build/special.mk
in x86_64 and ppc64.
So, I updated it as follows:
- top_srcdir=/etc/httpd
- top_builddir=/usr/lib/httpd
- include /usr/lib/httpd/build/special.mk
+ top_srcdir=/etc/httpd
+ top_builddir=$(shell $(APXS) -q libdir)/httpd
+ include $(top_builddir)/build/special.mk
The /usr/sbin/apxs (provided by httpd-devel) can return a correct path for the
target environment, so the Makefile new gets being portable.
at x86_64:
[kaigai at masu ~]$ /usr/sbin/apxs -q libdir
/usr/lib64
at i386:
[kaigai at saba ~]$ /usr/sbin/apxs -q libdir
/usr/lib
> - Package could no build localy on F-10 because of dependencies
Yes, this package uses a new feature in linux-2.6.28 will be available in F-11.
The mod_selinux switches the security context on the worker thread to handle
a http request prior to invocations of contents handler.
But it was not available at linux-2.6.27 or older.
Fortunately, it was sumarized at SELinux-ML yesterday:
http://marc.info/?l=selinux&m=124265539924989&w=2
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list