On 1/8/2012 7:28 AM, Ljubomir Ljubojevic wrote: > On 01/08/2012 03:15 PM, Bennett Haselton wrote: >> It's a file created by one of my CGI scripts. (The web server is >> accessed by several hostnames which are dynamically assigned to it, and >> I need a quick way of determining all hostnames that were recently used >> to access the server. So when someone accesses the server using >> HOSTNAME, the file /tmp/hostname_<hostname> is created. Then another >> script just pulls the names of all of those files in order to find all >> recently used hostnames.) >>> My suggestion: >>> >>> stop apache >>> run relabeling again (if file continues to exists) >>> start apache >>> check >> Well when I was doing the relabeling I was doing: >> # touch /.autorelabel >> # reboot >> >> So when I'm rebooting apache stops and starts anyway, doesn't it? >> Doesn't the auto-relabel occur before other services are started up? So >> I'm not sure what I would actually do differently to follow this >> suggestion... > Ah, you are write, sorry. Well you might need to apply proper (httpd_) > SELinux label for that file. At the time of creation? \ > Maybe move it to another location where it will get automatic label for > what you want? Well the warning messages say that file_t files should *never* get created if the filesystem is labeled properly. So I didn't think it was just a matter of creating files where the default filetype would be different, because the default filetype should not be file_t anywhere. I could create a world-writeable directory somewhere else and have all the scripts write to that but it would be a pain to re-write and re-test everything as a workaround for this one bug... Well, one other theory: /tmp is a different partition, right? So maybe when I do # touch /.autorelabel # reboot it's only re-labeling the / partition and not the /tmp one? Unfortunately in that case I don't know how to make it re-label the /tmp filesystem as well. I tried creating /tmp/.autorelabel and rebooting, but that didn't work; /tmp/hostname_SKYSLICE.INFO and other files still had type file_t. Bennett