On 01/03/2017 01:33 PM, Dominik 'Rathann' Mierzejewski wrote:

On Tuesday, 03 January 2017 at 13:18, Ralf Corsepius wrote:

On 01/03/2017 11:53 AM, Martin Gansser wrote:

i am the package maintainer of boomaga and users told me that
there is a problem with access rights, when writing to ~/.cache
directory.
A selinux package already exists for testing in: https://martinkg.fedorapeople.org/Review/test/boomaga/
And a bugzilla bug report also exists: https://bugzilla.redhat.com/show_bug.cgi?id=1409115
Bugreport on the boomaga developer site: https://github.com/Boomaga/boomaga/issues/43

Can someone help to write the correct selinux rules ?

Well, rpms are not suppose to touch anything below $HOME at all.

I.e. $HOME rsp. ~/ is out of rpm's (and SELinux's) business

While the above is correct for rpm, SELinux does have business in
protecting $HOME. Just run ls -lZ in your home directory and see
for yourself. For example, ~/public_html has httpd_user_content_t
context, ~/bin has home_bin_t, ~/.config has config_home_t, etc.

Jikes, what a messy design!

People seem to have forgotten that homes are completely out of a distro's control. They are not guaranteed to be on a local filesystem or on an SELinux-enabled filesystem and are not standardized by any standard ....