ius-coredev team mailing list archive

[Jeffrey Ness <987816@xxxxxxxxxxxxxxxxxx>]

This package was ported from Fedora back in Jan 2011:

  * Sun Jan 06 2011 Jeffrey Ness <jeffrey.ness@xxxxxxxxxxxxx> - 0.9.6.1-3.ius
  - Porting from Fedora to IUS
  - Require autoconf < 2.63
  - Removed Provides: php53u-zend_extension

I don't forsee setting the attrs being a issue, as mentioned selinux needs the attrs
set properly to use its security model.

I'll get this change added and provide a package to testing.

** Changed in: ius
     Assignee: (unassigned) => Jeffrey Ness (jeffrey-ness)

-- 
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/987816

Title:
  php53u-eaccelerator selinux avcs on rhel5.x86_64

Status in IUS Community Project:
  New

Bug description:
  after doing a bunch of upgrades to php53u-* packages on my
  rhel5.x86_64 systems I'm getting selinux avcs like so:

   1 Time(s): type=1400 audit(1335205832.420:380): avc:  denied  { write
  } for  pid=15889 comm="httpd" name="4" dev=sda3 ino=30310859
  scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:var_t:s0
  tclass=dir

  I've narrowed these down to the eaccelerator cache directory, and in
  comparing the php53u-eaccelerator rpm to the EPEL php-eaccelerator rpm
  I noted the following differences:

  1) php53u-eaccelerator rpm cache directory (/var/cache/php-
  eaccelerator) is mode 0755 and owned by root:root, the php-
  eaccelerator package from EPEL has that directory mode 0750 and owned
  by apache:apache.

  2) the EPEL php-eaccelerator package has an selinux context of
  user_u:object_r:httpd_cache_t for /var/cache/php-eaccelerator whereas
  php53u-eaccelerator has an selinux context of user_u:object_r:var_t
  (which is what the avcs above are about)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/987816/+subscriptions