Re: SELinux update from Sierk Bornemann on 2007-05-02 (public-qa-dev@w3.org from May 2007)

From: Sierk Bornemann <sierkb@gmx.de>
Date: Wed, 2 May 2007 11:34:48 +0200
To: Ville Skyttä <ville.skytta@iki.fi>
Cc: QA-dev Dev <public-qa-dev@w3.org>
Message-Id: <B0443A07-C6E7-4D3D-AA43-74D509AB006A@gmx.de>

Hi Ville,
hi Olivier!


Am 01.05.2007 um 20:44 schrieb Ville Skyttä:

> On Tuesday 01 May 2007, olivier Thereaux wrote:
>
>> I don't recall if there is any documentation that should be updated
>> once the policy gets shipped, are you aware of any?

openSUSE's documentation root:
/usr/share/doc/packages/

openSUSE's validator documentation resists on:
/usr/share/doc/packages/w3c-markup-validator/

> Nope.  But one noteworthy thing is that if the patch gets included  
> as is, the
> needed file contexts are set on files in the /usr/share/w3c-markup- 
> validator
> and /usr/share/w3c-markup-validator/cgi-bin directories, which are  
> different
>> from the validator's shipped defaults, and wouldn't thus affect them.

> I see two things that could be done about this; either change the  
> default
> installation paths of validator to match the above, and/or ask the  
> SELinux
> folks to include the current default /usr/local/validator/[...]  
> paths too
> after the first revision of the patch is in.

SELinux and openSUSE:
openSUSE doesn't ship with SELinux, Novell/SUSE has abandoned it in  
favour of their own AppArmor, which is less restrictive, less  
difficult to setup and configure, lastly more user convenient.
So the changes of Ville's SELinux policy would be a nice but unused  
add-on/feature for openSUSE users, and it doesn't affect them per  
default.

> No strong opinions here, but FWIW, the /usr/share/w3c-markup- 
> validator/[...]
> paths are used by the Fedora, Debian [0], and AFAIK openSUSE validator
> packages, ditto the rpm specfile included in the validator  
> distribution.

Conforming to the recent FHS, openSUSE's Apache Server Root is /srv/ 
www/htdocs/ (see http://www.pathname.com/fhs/pub/ 
fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM)
I package openSUSE's w3c-markup-validator in that way, that the  
validator files mainly resist below /srv/www/htdocs/w3c-markup- 
validator/htdocs/, the check script on /srv/www/htdocs/w3c-markup- 
validator/cgi-bin/,
the validator libs are placed on /usr/share/sgml/w3c-markup-validator/

> [0] Except that in Debian, the "check" script is in /usr/lib/cgi-bin.

Check script on openSUSE as of today:
/srv/www/htdocs/w3c-markup-validator/cgi-bin

One can argue, that I could/should use /srv/www/w3c-markup-validator/  
instead of /srv/www/htdocs/w3c-markup-validator/, but I am a little  
bit unsure in this manner and have chosen the latter pathname so far.


Sierk

-- 
Sierk Bornemann
email:            sierkb@gmx.de
WWW:              http://sierkbornemann.de/

Received on Wednesday, 2 May 2007 09:34:49 UTC