Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 2850 by p...@talk21.com: rb-site fails to set SELinux security context on new files
http://code.google.com/p/reviewboard/issues/detail?id=2850

What version are you running?
1.7.1


What's the URL of the page containing the problem?
N/A


What steps will reproduce the problem?
1. rb-site install <path>
2. Visit new website, failures due to file ownership (expected)
3. Change ownership of files as suggested by Reviewboard
3. Visit website, failures still present due to SELinux constrains rather than traditional unix permissions (unexpected).

What is the expected output? What do you see instead?
Expected chown commands suggested by Reviewboard website would be sufficient, e.g.
$ sudo chown -R apache "/var/www/reviewboard/data"
$ sudo chown -R apache "/var/www/reviewboard/htdocs/media/ext"


What operating system are you using? What browser?
Linux (Fedora 18), Firefox 17

Please provide any additional information below.
The files created by rb-site need their security context adjusted.

Original context:
$ ls -ldZ /var/www/reviewboard/htdocs/media/ext/
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/reviewboard/htdocs/media/ext/
$ ls -ldZ /var/www/reviewboard/data
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_content_t:s0 /var/www/reviewboard/data

Suggestion from SELinux Trouble shooter fixed the issue:
$ sudo restorecon -v /var/www/reviewboard/htdocs/media/ext
$ ls -ldZ /var/www/reviewboard/htdocs/media/ext/
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_rw_content_t:s0 /var/www/reviewboard/htdocs/media/ext/

If rb-site could set "httpd_sys_rw_content_t" where necessary, this would avoid AVC denial messages and manual SELinux setup.
$ sudo restorecon -v /var/www/reviewboard/data/
$ ls -ldZ /var/www/reviewboard/data
drwxrwxr-x. apache pafee unconfined_u:object_r:httpd_sys_rw_content_t:s0 /var/www/reviewboard/data



--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To post to this group, send email to reviewboard-issues@googlegroups.com.
To unsubscribe from this group, send email to 
reviewboard-issues+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/reviewboard-issues?hl=en.

Reply via email to