Farkas Levente wrote:
Daniel J Walsh wrote:
> Farkas Levente wrote:
>
>> hi,
>> is anyone try to use gosa with selinux?
>> since gosa try to write into /var/spool/gosa directory which has
>> var_spool_t type and by default it can write into this directory.
>> what is the prefered why to enable write for gosa into this
>> directory? should i simple change /var/spool/gosa to
>> httpd_sys_script_rw_t? it's working but i don't know what is the
>> right solution.
>> another question how can i add this attrib to the gosa rpm for
>> /var/spool/gosa?
>> yours.
>>
> Yes that is a good solution.
>
> chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
>
> If you are using rawhide you can just add
>
> /var/spool/gosa(/.*)? system_u:object_r:httpd_sys_script_rw_t
> to /etc/selinux/targeted/contexts/files/file_contexts.local
>
> And then RPM will pick it up on install. We have not back ported
> this to FC3/RHEL4 yet.
and how can i add this attrin to the rpm? in the rpm there is an empty
/var/spool/gosa directory. should i do a
chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
during the rpm build section and the rpm automaticaly will include the
attribs? or what is the prefered way to include file attribs in the
rpm packages?
thanks in advance.
yours.
Currently there is none. You could do it in a post install script,
something like
[ -x /usr/sbin/selinuxenabled] && /usr/sbin/selinux/enabled && chcon -t
httpd_sys_script_rw_t /var/spool/gosa
Or you could ask the guy doing the policy for Fedora to add a line to
default policy to do this automagically.
Oh right that is me. :^) I will add this line to policy and submit it
for upstream acceptance.
Dan
--