ius-coredev team mailing list archive

Thread
Date

[Bug 987816] Re: php53u-eaccelerator selinux avcs on rhel5.x86_64

To: ius-coredev@xxxxxxxxxxxxxxxxxxx
From: Jeffrey Ness <987816@xxxxxxxxxxxxxxxxxx>
Date: Wed, 25 Apr 2012 23:33:12 -0000
Reply-to: Bug 987816 <987816@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Tagged as testing-candidate, should be able to do some testing on it
tomorrow.

-- 
You received this bug notification because you are a member of IUS Core
Development, which is subscribed to IUS Community Project.
https://bugs.launchpad.net/bugs/987816

Title:
  php53u-eaccelerator selinux avcs on rhel5.x86_64

Status in IUS Community Project:
  New

Bug description:
  after doing a bunch of upgrades to php53u-* packages on my
  rhel5.x86_64 systems I'm getting selinux avcs like so:

   1 Time(s): type=1400 audit(1335205832.420:380): avc:  denied  { write
  } for  pid=15889 comm="httpd" name="4" dev=sda3 ino=30310859
  scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:var_t:s0
  tclass=dir

  I've narrowed these down to the eaccelerator cache directory, and in
  comparing the php53u-eaccelerator rpm to the EPEL php-eaccelerator rpm
  I noted the following differences:

  1) php53u-eaccelerator rpm cache directory (/var/cache/php-
  eaccelerator) is mode 0755 and owned by root:root, the php-
  eaccelerator package from EPEL has that directory mode 0750 and owned
  by apache:apache.

  2) the EPEL php-eaccelerator package has an selinux context of
  user_u:object_r:httpd_cache_t for /var/cache/php-eaccelerator whereas
  php53u-eaccelerator has an selinux context of user_u:object_r:var_t
  (which is what the avcs above are about)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ius/+bug/987816/+subscriptions

References

[Bug 987816] [NEW] php53u-eaccelerator selinux avcs on rhel5.x86_64
From: Jason Corley, 2012-04-24