On Oct 19, 2010, at 3:17 AM, Miroslav Grepl wrote: > On 10/18/2010 04:46 PM, Vadym Chepkov wrote: >> Hi, >> >> I have an issue I would like to fix properly. >> >> I have a policy for mediawiki defined this way: >> >> apache_content_template(mediawiki) >> apache_search_sys_content(httpd_mediawiki_script_t) >> >> /var/www/mediawiki/bin(/.*)? >> gen_context(system_u:object_r:httpd_mediawiki_script_exec_t,s0) >> /var/www/mediawiki/images(/.*)? >> gen_context(system_u:object_r:httpd_mediawiki_script_rw_t,s0) >> /var/www/mediawiki/cache(/.*)? >> gen_context(system_u:object_r:httpd_mediawiki_script_rw_t,s0) > Vadym, > we shipped the mediawiki policy in Fedora 13+. Any chance you have some of these Fedora release? > This package is usually very behind. mediawiki 1.15.5 and 1.16.0 were released back in July and they are security releases no less, but Fedora still has 1.15.4 Anyway, I always install directly from mediawiki subversion tag. I don't need multi-site feature and other then that I don't see any other patches that would prevent the problem I have. I tried to check what selinux policy does Fedora provide and I found just one line in selinux-policy-3.7.19-62.fc13.src.rpm : /var/cache/mediawiki(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) And I can assure you it's not enough. I suspect whoever uses mediawiki on Fedora either just turns SELinux off or has httpd_unified on. Vadym -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
