[imp] Re: Spellcheck and SELinux...
Tom Lisjac
netdxr at gmail.com
Thu Feb 24 11:06:05 PST 2005
On Wed, 23 Feb 2005 09:21:34 -0600, Aleksandar Milivojevic
<amilivojevic at pbl.ca> wrote:
> Tom Lisjac wrote:
> > I've just installed Imp on a Fedora Core 3 system. Everything is
> > working great except for a small problem with spell checking and
> > SELinux.
> Many programs allow you to specify alternate temporary directory in
> TMPDIR environment variable. Actually, this is libc thingie. So if
> aspell is using standard C library API to create temporary files, doing
> something like "TMPDIR=/var/www/tmp; export TMPDIR" prior to starting
> apache (or make wrapper around aspell if you want this only for aspell)
> should work. Of course, you'll might need to create policy rules to
> allow scripts to write into /var/www/tmp.
That was my conclusion as well.
I fixed the problem with the aspell call by adding the following rules:
allow httpd_sys_script_t httpd_tmp_t:file read;
allow httpd_sys_script_t httpd_tmp_t:file getattr;
Per Karsten Wade's excellent writeup on making policy changes with a local.te:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/selg-section-0120.html
Thanks for the reply!
-Tom
More information about the imp
mailing list