On 1/8/2012 5:36 AM, Ljubomir Ljubojevic wrote: > On 01/08/2012 02:10 PM, Marko Vojinovic wrote: >>> [root at g6950-21025 ~]# restorecon -v /tmp/hostname_SKYSLICE.INFO >>>> [root at g6950-21025 ~]# ls -lZ /tmp/hostname_SKYSLICE.INFO >>>> -rw-r--r-- apache apache system_u:object_r:file_t >>>> /tmp/hostname_SKYSLICE.INFO >>>> [root at g6950-21025 ~]# >> Well... >> >> With this output I would say that your policy has been customized to have >> file_t as the default label for that file. Have you used audit2allow on that >> machine before the filesystem was properly relabeled? > That file is in the /tpm folder, used by apache. I guess that apache was > not stopped since/during relabeling so it stayed. It's a file created by one of my CGI scripts. (The web server is accessed by several hostnames which are dynamically assigned to it, and I need a quick way of determining all hostnames that were recently used to access the server. So when someone accesses the server using HOSTNAME, the file /tmp/hostname_<hostname> is created. Then another script just pulls the names of all of those files in order to find all recently used hostnames.) > My suggestion: > > stop apache > run relabeling again (if file continues to exists) > start apache > check Well when I was doing the relabeling I was doing: # touch /.autorelabel # reboot So when I'm rebooting apache stops and starts anyway, doesn't it? Doesn't the auto-relabel occur before other services are started up? So I'm not sure what I would actually do differently to follow this suggestion...