Am 05.01.2017 um 10:31 schrieb Martin Gansser:
Hi,
i am the package maintainer of boomaga and users told me that there is a problem with
access rights, when writing to ~/.cache directory.
I created already a selinux package for testing:
https://martinkg.fedorapeople.org/Review/test/boomaga/ however, I have only little
knowledge regarding selinux. A bugzilla bug report also exists:
https://bugzilla.redhat.com/show_bug.cgi?id=1409115
Can someone test the package and if necessary, help with changes?
almost always - if it is no simple task - the proposed fix of
audit2allow is just wrong.
The output of
aureport --avc
would be a good start ( while your policy isn't loaded ).
The backend will be run in cupsd_t and not in the users (most probably
unconfined_t) context.
A good start would maybe be the interfaces of the cups policy:
https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cup...
. the very first interface cups_backend seems to be the one to start with.
Example of this interface:
https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cup...
Example of the file context definition:
https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cup...
Example start policy for your problem:
boomaga.te:
https://paste.fedoraproject.org/520132/83610964
boomaga.fc:
https://paste.fedoraproject.org/520135/48361109
- Thomas