[CentOS] Re: Digest Subcriber needs help with SELinux file context setting
James B. Byrne
byrnejb at harte-lyne.ca
Tue Dec 18 21:17:47 UTC 2007
Filipe Brandenburger filbranden at gmail.com at Tue Dec 18 19:06:50 UTC
2007 wrote:
> Hi,
>
> I'm no SELinux expert, but I think the issue is that under SELinux's
> targeted policy, Apache will refuse to write to a directory with etc_t
> type. It can, however, write to a directory with the httpd_log_t
> type, such as /var/log/httpd. Couldn't you just write the logs to
> /var/log/httpd instead? As these seem to be logs, writing them under
> the /var/log directory tree seems to be more appropriate.
True, very true, but these are rewrite logs and I only have the logging
turned on when I am developing and testing new rules (or debugging old
ones). So I find it convenient to have the log and the configuration file
in the same directory.
> Alternatively, you can change the type of the directory you're writing
> to by using "chcon -t httpd_log_t /etc/httpd/virtual.d", but if you
> have other files (other than these log files) on this directory you may
> have other unexpected collateral effects.
I will examine this aspect of policies further now that I have a starting
point. I was very unclear as to what was going on here and this has
helped.
> Please note that I'm no SELinux expert though.
Never met one myself although I suppose that they exist in the wild.
Thanks for the help.
Regards,
Jim
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS
mailing list