[imp] Re: Spellcheck and SELinux...
Aleksandar Milivojevic
amilivojevic at pbl.ca
Wed Feb 23 07:21:34 PST 2005
Tom Lisjac wrote:
> Hi folks!
>
> I've just installed Imp on a Fedora Core 3 system. Everything is
> working great except for a small problem with spell checking and
> SELinux. The targeted policy prohibits "http scripts" using the /tmp
> directory... so aspell runs but doesn't return any results in the
> $warnings array. If I disable SELinux, it works fine... but since this
> server will be running in a hostile environment, I'd rather not. I
> could also add:
>
> allow httpd_sys_script_t httpd_config_t:dir getattr;
>
> ... to the targeted policy, but I'd prefer not modify it or open this
> directory up to other less trustworthy scripts running on the system.
>
> I was wondering if anyone else had encountered this problem? If so,
> can you recommend a better solution?
Many programs allow you to specify alternate temporary directory in
TMPDIR environment variable. Actually, this is libc thingie. So if
aspell is using standard C library API to create temporary files, doing
something like "TMPDIR=/var/www/tmp; export TMPDIR" prior to starting
apache (or make wrapper around aspell if you want this only for aspell)
should work. Of course, you'll might need to create policy rules to
allow scripts to write into /var/www/tmp.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the imp
mailing list