Transitions for files.
Vadym Chepkov
vchepkov at gmail.com
Tue Oct 19 11:58:35 UTC 2010
On Oct 19, 2010, at 3:17 AM, Miroslav Grepl wrote:
> On 10/18/2010 04:46 PM, Vadym Chepkov wrote:
>> Hi,
>>
>> I have an issue I would like to fix properly.
>>
>> I have a policy for mediawiki defined this way:
>>
>> apache_content_template(mediawiki)
>> apache_search_sys_content(httpd_mediawiki_script_t)
>>
>> /var/www/mediawiki/bin(/.*)?
>> gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0)
>> /var/www/mediawiki/images(/.*)?
>> gen_context(system_u:object_r:httpd_mediawiki_script_rw_t,s0)
>> /var/www/mediawiki/cache(/.*)?
>> gen_context(system_u:object_r:httpd_mediawiki_script_rw_t,s0)
> Vadym,
> we shipped the mediawiki policy in Fedora 13+. Any chance you have some of these Fedora release?
>
This package is usually very behind. mediawiki 1.15.5 and 1.16.0 were released back in July and they are security releases no less,
but Fedora still has 1.15.4
Anyway, I always install directly from mediawiki subversion tag.
I don't need multi-site feature and other then that I don't see any other patches that would prevent the problem I have.
I tried to check what selinux policy does Fedora provide and I found just one line in selinux-policy-3.7.19-62.fc13.src.rpm :
/var/cache/mediawiki(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
And I can assure you it's not enough.
I suspect whoever uses mediawiki on Fedora either just turns SELinux off or has httpd_unified on.
Vadym
More information about the selinux
mailing list