Hi,
i am the package maintainer of boomaga and users told me that there is a problem with access rights, when writing to ~/.cache directory. I created already a selinux package for testing: https://martinkg.fedorapeople.org/Review/test/boomaga/ however, I have only little knowledge regarding selinux. A bugzilla bug report also exists: https://bugzilla.redhat.com/show_bug.cgi?id=1409115
Can someone test the package and if necessary, help with changes?
Am 05.01.2017 um 10:31 schrieb Martin Gansser:
Hi,
i am the package maintainer of boomaga and users told me that there is a problem with access rights, when writing to ~/.cache directory. I created already a selinux package for testing: https://martinkg.fedorapeople.org/Review/test/boomaga/ however, I have only little knowledge regarding selinux. A bugzilla bug report also exists: https://bugzilla.redhat.com/show_bug.cgi?id=1409115
Can someone test the package and if necessary, help with changes?
almost always - if it is no simple task - the proposed fix of audit2allow is just wrong.
The output of
aureport --avc
would be a good start ( while your policy isn't loaded ).
The backend will be run in cupsd_t and not in the users (most probably unconfined_t) context.
A good start would maybe be the interfaces of the cups policy: https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cups.i... . the very first interface cups_backend seems to be the one to start with.
Example of this interface: https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cups.t... Example of the file context definition: https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cups.f...
Example start policy for your problem:
boomaga.te: https://paste.fedoraproject.org/520132/83610964 boomaga.fc: https://paste.fedoraproject.org/520135/48361109
- Thomas
selinux@lists.fedoraproject.org
-
Martin Gansser -
Thomas Mueller