Skip to content

v41.8

v41.8: Drop publicfile module
@keszybz keszybz tagged this 10 Jul 08:00 
The module was added in a large batch of changes on Tue Jan 17 2006,
according to Changelog.old. public.fc provides mappings for
/usr/bin/ftpd and /usr/bin/httpd, but Fedora doesn't have those files.
In fact, those paths don't make much sense, because on a system with
split-sbin, server daemons would always be in /usr/sbin. Thus, those
mappings didn't have any effect.

1be14f9b5a99a4eec7f9aba7fbb83bf8dde817f4 changed all /usr/sbin paths
to /usr/bin and added aliasing, which means that /usr/sbin/httpd is
now equivalent to /usr/bin/httpd and the previously-dormant rule
became active, overriding the rules in apache.fc. Instead of this, we
want the existing mapping to httpd_exec_t to be used for the new path,
so remove the previously unused module.

Should fix the issue reported in
https://bodhi.fedoraproject.org/updates/FEDORA-2024-64134f8805#comment-3600824:

Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org systemd[1]: Starting httpd.service - The Apache HTTP Server...
Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org ipa-httpd-kdcproxy[9981]: ipa: INFO: KDC proxy enabled
Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org ipa-httpd-kdcproxy[9981]: ipa-httpd-kdcproxy: INFO     KDC proxy enabled
Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org (httpd)[9984]: httpd.service: Referenced but unset environment variable evaluates to an empty string: OPTIONS
Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org httpd[9984]: httpd: Could not open configuration file /etc/httpd/conf/httpd.conf: Permission denied
Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org systemd[1]: httpd.service: Failed with result 'exit-code'.
Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org systemd[1]: Failed to start httpd.service - The Apache HTTP Server.

Jun 29 14:07:33 ipa001.test.openqa.fedoraproject.org audit[9984]: AVC avc:  denied  { search } for  pid=9984 comm="httpd" name="httpd" dev="dm-0" ino=353970 scontext=system_u:system_r:publicfile_t:s0 tcontext=system_u:object_r:httpd_config_t:s0 tclass=dir permissive=0
Assets 2
Loading