On 06/18/2010 04:51 PM, Rob Crittenden wrote:
Adam Young wrote:
Pavel's current code base tries to write to /var/cache/ipa/assets/
from within httpd, which is forbidden by SELinux. I suspect the code
in the mainline might be doing this as well. The work around is:
chcon -R -t httpd_sys_content_rw_t /var/cache/ipa/assets
semanage fcontext -a -t httpd_sys_content_rw_t 'assets'
If we are going to do this kind of code generation, we might want to
do it at install time, or as part of something like
/etc/init.d/ipa-server start
I'd think this rule would cover it in ipa_httpd.fc:
/var/cache/ipa/assets(/.*)?
gen_context(system_u:object_r:httpd_sys_content_t,s0)
rob
Before I open a bug I want to review with Pavel. I wasn't seeing this
before I merged in his changes, and it wasn't for code in the main git
repo, so no bug yet.
_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel
