Incorrect permissons in the RPM package and boomaga requires the SELinux security policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

a user opened a bugzilla ticket [1] with this selinux problem, but i don't know how to resolve this:

This issue is still present on Fedora 36. After installing the `boomaga-selinux` package I still get the following SELinux errors:
```
SELinux is preventing boomaga from setattr access on the directory /var/cache/boomaga/chris.

*****  Plugin catchall_labels (83.8 confidence) suggests   *******************

If you want to allow boomaga to have setattr access on the chris directory
Then you need to change the label on /var/cache/boomaga/chris
Do
# semanage fcontext -a -t FILE_TYPE '/var/cache/boomaga/chris'
where FILE_TYPE is one of the following: cupsd_etc_t, cupsd_log_t, cupsd_rw_etc_t, cupsd_tmp_t, cupsd_var_run_t, fonts_cache_t, print_spool_t.
Then execute:
restorecon -v '/var/cache/boomaga/chris'


*****  Plugin catchall (17.1 confidence) suggests   **************************

If you believe that boomaga should be allowed setattr access on the chris directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'boomaga' --raw | audit2allow -M my-boomaga
# semodule -X 300 -i my-boomaga.pp

Additional Information:
Source Context                system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context                system_u:object_r:var_t:s0
Target Objects                /var/cache/boomaga/chris [ dir ]
Source                        boomaga
Source Path                   boomaga
Port                          <Unknown>
Host                          fedora
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-targeted-36.8-2.fc36.noarch
Local Policy RPM              selinux-policy-targeted-36.8-2.fc36.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     fedora
Platform                      Linux fedora 5.17.7-300.fc36.x86_64 #1 SMP PREEMPT
                              Thu May 12 14:56:44 UTC 2022 x86_64 x86_64
Alert Count                   1
First Seen                    2022-05-18 09:25:42 CEST
Last Seen                     2022-05-18 09:25:42 CEST
Local ID                      fcf9d05e-bd5b-4ef6-8a1f-a9a1f94705ff

Raw Audit Messages
type=AVC msg=audit(1652858742.233:473): avc:  denied  { setattr } for  pid=16952 comm="boomaga" name="chris" dev="nvme0n1p7" ino=2129750 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_t:s0 tclass=dir permissive=0


Hash: boomaga,cupsd_t,var_t,dir,setattr
```
Hope somebody can help here.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1409115

Regards
Martin
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux