On Tuesday, 03 January 2017 at 13:18, Ralf Corsepius wrote: > On 01/03/2017 11:53 AM, Martin Gansser wrote: > > i am the package maintainer of boomaga and users told me that > > there is a problem with access rights, when writing to ~/.cache > > directory. > > A selinux package already exists for testing in: https://martinkg.fedorapeople.org/Review/test/boomaga/ > > And a bugzilla bug report also exists: https://bugzilla.redhat.com/show_bug.cgi?id=1409115 > > Bugreport on the boomaga developer site: https://github.com/Boomaga/boomaga/issues/43 > > > > Can someone help to write the correct selinux rules ? > Well, rpms are not suppose to touch anything below $HOME at all. > > I.e. $HOME rsp. ~/ is out of rpm's (and SELinux's) business While the above is correct for rpm, SELinux does have business in protecting $HOME. Just run ls -lZ in your home directory and see for yourself. For example, ~/public_html has httpd_user_content_t context, ~/bin has home_bin_t, ~/.config has config_home_t, etc. In this particular case, ~/.cache has cache_home_t context, so the application needs a policy update to have write access to that context. You should be able to create a policy semi-automatically using audit2allow when running in permissive mode. Regards, Dominik -- Fedora http://fedoraproject.org/wiki/User:Rathann RPMFusion http://rpmfusion.org "Faith manages." -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations" _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
