On Wed, Apr 1, 2015 at 12:36 AM, Kort Travis <
[email protected]> wrote:
> Dear Sir / Madam:
>
>
> I just tried to register for an *account* on "Bloodhound issue
> tracker" and I get:
>
> """
> Error: Not Found
>
> No handler matched request to /register
> """
>
> Which is quite IRONIC to me, as my bloodhound installation *here*
> isn't working either! :(
>
Well, yes the project is in quite bad shape. We had to disable
registration due to excessive spam. I feel bad about the state of the
project, but I don't have significant time to contribute to the project
these days, and that seems to be the case for the other contributors
as well.
> Basically, I just wanted to submit the *bug* with respect to your
> installation script, or even to start a discussion on the mailing list
> about this issue:
>
> """
> python bloodhound_setup.py
> --environments_directory=/opt/bloodhound/environments
> --default-product-prefix=DEF
> """
>
> Which then installs everything under "/opt/bloodhound" as SELinux type
> "usr_t". And this was supposed to work with present SELinux
> policies controlling my HTTPD server (, and I don't *care* what your
> distribution specifics are), precisely HOW? :(
>
> Basically, I'm getting:
> """
> avc: denied { write } for pid=13793 comm="/usr/sbin/httpd"
> name="bloodhound.htdigest" dev="dm-3" ino=132376
> scontext=system_u:system_r:httpd_t:s0
> tcontext=unconfined_u:object_r:usr_t:s0
> """
> And even as a mere human, *I* would have denied this access as well!
> This request absolutely should be denied. I just don't understand why
> the *default* "bloodhound" installation, which I kind-of *visualized*
> as being compatible with being served over the web by an httpd server,
> would have this issue at all.
>
> Unfortunately, I *completely* understand how to solve this issue by
> editing the SELinux policies (, and defining and changing the SELinux
> type associated with "bloodhound.htdigest".) What I do *not*
> understand, is why I even need to do that at all when working from the
> *default* setup script.
>
The setup script has no knowledge of SELinux policies. I haven't worked with
SELinux in years so I can't really comment on whether there needs to be
some modifications to the script to make it SELinux aware, or whether there
just needs to be different instructions on how to execute the script in an
installation
in which SELinux is enabled. Any insight you have on that, or a patch, would
be welcomed. Could you let us know the steps you took to fix the problem on
your installation?
- Ryan
