Bug 661

Summary: Mythweb cannot write to /usr/share/mythweb/data in enforcing mode
Product: Fedora Reporter: Josh <joshborke+rpmfusion>
Component: mythtvAssignee: Jarod Wilson <jarod>
Status: RESOLVED EXPIRED    
Severity: normal CC: lists, pembo13, tdfischer
Priority: P5    
Version: 11   
Hardware: All   
OS: GNU/Linux   
namespace:

Description Josh 2009-06-15 19:01:12 CEST 
Mythweb complains that it cannot write to the "data" directory after resolving bug 652.  
# semanage fcontext -a -t httpd_sys_content_t "/usr/share/mythweb/data(/.*)?" resolves it but I don't know if it is the ideal solution.

Additionally setenforce 0 resolves it...

PS: setsebool -P httpd_can_network_connect=1 is needed to allow mythweb to connect to mythbackend.
Comment 1 Josh 2009-06-16 14:15:21 CEST 
Perhaps the better solution would be to move the data directory to /var/www/mythweb per comment #3 of bug 652 and then modify /etc/httpd/conf.d/mythweb.conf.

That way it doesn't require selinux modifications
Comment 2 Jarod Wilson 2009-06-16 15:40:42 CEST 
The mythweb data dir was explicitly moved into /usr/share/ because packages putting stuff into /var/www/html explicitly violates the Fedora packaging guidelines. In other words, not going to move it back. Many other web apps do similar, just need to take the time to figure out how they handle these sort of issues...
Comment 3 Jarod Wilson 2009-06-16 15:42:59 CEST 
Too many explicits... But yeah:

https://fedoraproject.org/wiki/Packaging/Guidelines#Web_Applications
Comment 4 Josh 2009-06-16 16:25:13 CEST 
I would recommend putting /usr/share/mythweb/data into /var/lib/mythweb and labeling it httpd_sys_content_rw_t

dwalsh has agreed to place rules into the selinux-policy if we are able to specify where we are going to place the r/o content, r/w content and cgi scripts.

So, my thoughts are:

/var/lib/mythweb -> r/w content
/usr/share/mythweb -> r/o content
no cgi scripts?

I'm not sure what the purpose of /usr/share/mythweb/php_sessions is, if it needs to be writable by mythweb in order to function better or if it is not needed at all.

I'd like to help in whatever way possible.
Comment 5 Jarod Wilson 2009-08-09 03:46:26 CEST 
Chris, I'd like your thoughts on this, since mythweb is your baby...
Comment 6 Trever Fischer 2010-01-16 22:21:53 CET 
No response yet? This bug is still around of course.
Comment 7 Emmanuel Seyman 2012-04-15 18:25:51 CEST 
RPMFusion is no longer releasing updates for this version of Fedora. This bug
will be set to RESOLVED:EXPIRED next week to reflect this.

If the problem persists after upgrading to the latest version of Fedora, please
update the version field of this bug (and re-open it if it has been closed).
Comment 8 Emmanuel Seyman 2012-04-22 22:47:11 CEST 
Setting to RESOLVED:EXPIRED since RPMFusion is no longer releasing updates for
this version of Fedora.