-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/18/2010 11:07 AM, Vadym Chepkov wrote: > On Mon, Oct 18, 2010 at 10:52 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> Can you find the code that is doing the mv and add a restorecon, or >> change it to a cp followed by a rm. > > And grant mediawiki permissions to run restorecon, gee, I am not sure of this. > So the only way is to change the code? > Will try to open ticket with mediawiki then. > > Thanks, > Vadym > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux Letting code run restorecon without a transition means does not give the code added priv. You can specify the labels that mediawiki can relabel between. I would prefer mediawiki to not use /tmp at all, but to use a directory that is not usable by users. Say create a subdir of the final dir or create the files with an extension before renaming. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAky8ZmsACgkQrlYvE4MpobNP1QCg4dXRGdCXfajjpOssCNMjkTSL l7cAn0Fa2IVSeYD4jA9kzZGoci50SsKP =LuHc -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
