[Bug 750464] build.gnome.org selinux labeling issues

Andrea Veri changed bug 750464
What Removed Added
CC   andrea.veri@gmail.com

Comment # 1 on bug 750464 from Andrea Veri
Fixed the context on:

 1. /srv/ostree/public_html
 2. /srv/ostree/src/gnome-continuous/extras/build.gnome.org 

Seems SELinux is complaining about more files though which are hosted on
directories that are generated daily so having those in Puppet won't make much
sense. Do you think we can automate the labeling of these files directly at the
end of the build process? (the relevant binary file should have a setuid on
root already so ideally we can include a matching rule for httpd_sys_content_t
for all files ending with .json, .png and .qcow2.gz, which are the majority of

An excerpt of audit.log:

type=AVC msg=audit(1433601104.588:224112): avc:  denied  { getattr } for 
pid=12321 comm="httpd"
dev="dm-2" ino=48590874 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:var_t:s0 tclass=file

type=AVC msg=audit(1433601093.518:224097): avc:  denied  { getattr } for 
pid=7567 comm="httpd"
dev="dm-2" ino=68296508 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:var_t:s0 tclass=file

type=AVC msg=audit(1433600852.354:223953): avc:  denied  { getattr } for 
pid=9267 comm="httpd"
dev="dm-2" ino=68289050 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:var_t:s0 tclass=file

You are receiving this mail because:

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]