[Bug 479101] New: SElinux and Kwiki: not done yet

bugzilla at redhat.com bugzilla at redhat.com
Wed Jan 7 07:21:09 UTC 2009 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: SElinux and Kwiki: not done yet

https://bugzilla.redhat.com/show_bug.cgi?id=479101

           Summary: SElinux and Kwiki: not done yet
           Product: Fedora
           Version: 10
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: low
         Component: perl-Kwiki
        AssignedTo: steve at silug.org
        ReportedBy: kernel at pkts.ca
         QAContact: extras-qa at fedoraproject.org
                CC: steve at silug.org, fedora-perl-devel-list at redhat.com
    Classification: Fedora


Description of problem:
I've installed perl-Kwiki-0.39-3.fc9.noarch and found that it only works when I
type 'setenforce 0'.  This indicates that the package has not been
selinux-ified yet.

Version-Release number of selected component (if applicable):
perl-Kwiki-0.39-3.fc9.noarch

How reproducible:
Always

Steps to Reproduce:
1. Install perl-Kwiki and all related perl-Kwiki-* modules.
2. cd /var/www/html
3. kwiki -new kwiki
4. access it

Actual results:
Permission denied.

type=AVC msg=audit(1231312115.429:446): avc:  denied  { create } for  pid=14831
comm="index.cgi" name="pGk5VmnoH1" scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=AVC msg=audit(1231312115.429:446): avc:  denied  { write } for  pid=14831
comm="index.cgi" name="pGk5VmnoH1" dev=dm-0 ino=3883227
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=SYSCALL msg=audit(1231312115.429:446): arch=40000003 syscall=5 success=yes
exit=28 a0=9a8b03c a1=280c2 a2=180 a3=280c2 items=0 ppid=14470 pid=14831 auid=0
uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none)
ses=2 comm="index.cgi" exe="/usr/bin/perl"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1231312115.430:447): avc:  denied  { setattr } for 
pid=14831 comm="index.cgi" name="pGk5VmnoH1" dev=dm-0 ino=3883227
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=SYSCALL msg=audit(1231312115.430:447): arch=40000003 syscall=15
success=yes exit=0 a0=9a8ac1c a1=180 a2=d5f5ec a3=9a8ac1c items=0 ppid=14470
pid=14831 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) ses=2 comm="index.cgi" exe="/usr/bin/perl"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1231312115.431:448): avc:  denied  { rename } for  pid=14831
comm="index.cgi" name="pGk5VmnoH1" dev=dm-0 ino=3883227
scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
type=SYSCALL msg=audit(1231312115.431:448): arch=40000003 syscall=38
success=yes exit=0 a0=9a8b114 a1=99d6b7c a2=d5f5ec a3=926c008 items=0
ppid=14470 pid=14831 auid=0 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48
sgid=48 fsgid=48 tty=(none) ses=2 comm="index.cgi" exe="/usr/bin/perl"
subj=unconfined_u:system_r:httpd_t:s0 key=(null)



Expected results:
Not permission denied.

Additional info:

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-perl-devel-list mailing list