Hello --
I recently migrated my home server to Fedora 21 (Fedora Server 1.0 to be
specific) and encountered serious shortcomings with the mpd package
available from rpmfusion.
The first and most important shortcoming I noticed was the inflexibility of
the SELinux policy for mpd.
By default mpd can only read music located in `/var/lib/mpd/music` as that
is the only directory given the proper `mpd_t` context. A boolean is
available to allow mpd to read music located in user home directories, but
nowhere can I find an option to allow mpd to read from arbitrary
directories. My music library is stored outside of those two locations.
To overcome this problem was, I changed the default file/directory label
for my music library to `mpd_t` using `semanage fcontext`. While this
allows mpd to access the music, it conflicts with SELinux context
requirements for Samba shares.
Samba requires directories/files it shares to have the `samba_share_t`
context. I share my music library on my LAN via Samba, so having it labeled
with the `mpd_t` context means I have to set the boolean allowing Samba
global read/write access to the system. Ideally I'd like to keep Samba's
read/write access confined to only the files in directories being shared.
Could an option be added to the SELinux policy for mpd that would allow it
global read-only access to the system? This'd allow tight control over what
files Samba can access yet still allow mpd to play music located in a
directory of my choosing.
The second shortcoming concerns firewalld. No firewalld service description
file is included with the package. While it isn't a great challenge to
create one, it's an annoying extra step.
I saw some traffic on the Fedora bugzilla about this:
https://bugzilla.redhat.com/show_bug.cgi?id=1121448 but didn't end up
finding an mpd service file installed with the package. Is there still a
plan to incorporate this?
Jon Polom