Am 05.01.2017 um 10:31 schrieb Martin Gansser: > Hi, > > i am the package maintainer of boomaga and users told me that there is a problem with access rights, when writing to ~/.cache directory. > I created already a selinux package for testing: https://martinkg.fedorapeople.org/Review/test/boomaga/ however, I have only little knowledge regarding selinux. A bugzilla bug report also exists: https://bugzilla.redhat.com/show_bug.cgi?id=1409115 > > Can someone test the package and if necessary, help with changes? almost always - if it is no simple task - the proposed fix of audit2allow is just wrong. The output of aureport --avc would be a good start ( while your policy isn't loaded ). The backend will be run in cupsd_t and not in the users (most probably unconfined_t) context. A good start would maybe be the interfaces of the cups policy: https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cups.if . the very first interface cups_backend seems to be the one to start with. Example of this interface: https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cups.te#L64-L66 Example of the file context definition: https://github.com/fedora-selinux/selinux-policy/blob/rawhide-contrib/cups.fc#L32 Example start policy for your problem: boomaga.te: https://paste.fedoraproject.org/520132/83610964 boomaga.fc: https://paste.fedoraproject.org/520135/48361109 - Thomas _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
