Using Bugzilla with SELinux
David Miller
justdave at bugzilla.org
Fri Sep 16 06:43:56 UTC 2005
SELinux seems to be growing in popularity... and because of the
security it provides, there's a growing number of people that really
want to leave it enabled. However, it sometimes interferes with the
operation of Bugzilla with the default SELinux setups (access to
sendmail, loading perl modules, writing to the data directory?). I
would love it if some enterprising person could research what exactly
needs to be done to make Bugzilla work with SELinux the correct way
(i.e. what contexts or object types need to be declared for what
portions of Bugzilla's directory structure to give Bugzilla the minimum
access it needs to do its job without hitting permission errors).
There is a bug at https://bugzilla.mozilla.org/show_bug.cgi?id=286768
inspired by someone hitting problems with it that turned out to be some
other problem, but it's probably a good place to start anyway.
Maybe we should set SELinux for permissive on landfill and just watch
what shows up in the audit log? :)
--
Dave Miller http://www.justdave.net/
System Administrator, Mozilla Foundation http://www.mozilla.org/
Project Leader, Bugzilla Bug Tracking System http://www.bugzilla.org/
More information about the developers
mailing list