Farkas Levente wrote:
Currently there is none. You could do it in a post install script, something likeDaniel J Walsh wrote:
Farkas Levente wrote:
hi,
is anyone try to use gosa with selinux?
since gosa try to write into /var/spool/gosa directory which has var_spool_t type and by default it can write into this directory. what is the prefered why to enable write for gosa into this directory? should i simple change /var/spool/gosa to httpd_sys_script_rw_t? it's working but i don't know what is the right solution.
another question how can i add this attrib to the gosa rpm for /var/spool/gosa?
yours.
Yes that is a good solution.
chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
If you are using rawhide you can just add
/var/spool/gosa(/.*)? system_u:object_r:httpd_sys_script_rw_t to /etc/selinux/targeted/contexts/files/file_contexts.local
And then RPM will pick it up on install. We have not back ported this to FC3/RHEL4 yet.
and how can i add this attrin to the rpm? in the rpm there is an empty /var/spool/gosa directory. should i do a
chcon -R -t httpd_sys_script_rw_t /var/spool/gosa
during the rpm build section and the rpm automaticaly will include the attribs? or what is the prefered way to include file attribs in the rpm packages?
thanks in advance.
yours.
[ -x /usr/sbin/selinuxenabled] && /usr/sbin/selinux/enabled && chcon -t httpd_sys_script_rw_t /var/spool/gosa
Or you could ask the guy doing the policy for Fedora to add a line to default policy to do this automagically. Oh right that is me. :^) I will add this line to policy and submit it for upstream acceptance.
Dan
--
