On Thu, Feb 6, 2014 at 11:37 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
You need to tell SELinux about the labels.
On 02/06/2014 02:39 PM, Richard Shaw wrote:
> On Thu, Feb 6, 2014 at 2:49 AM, Miroslav Suchý <msuchy@xxxxxxxxxx> wrote:
>
>> On 02/05/2014 08:24 PM, Richard Shaw wrote:
>>
>>> Are there official guidelines on how to handle selinux contexts in
>>> packaging? I can still only find the draft which seems way more
>>> complicated than necessary for my needs.
>>>
>>> I'm working on a package that uses mongodb internally (runs it's own
>>> instance). Selinux is complaining because it has mongodb creating the
>>> database (and logs) outside of the normal locations
semanage fcontext -e /var/lib/mysql PATHTO/mysql
restorecon -R -v PATHTO/mysql
Is probably what you want.
Ok, I ended up getting to the same place using "-a mongod_var_lib_t"... Now how to turn that into a policy I can package?
I ended up with this as the requirements to create a functional package:
/var/lib/unifi/logs(/.*)? system_u:object_r:mongod_var_lib_t:s0
/var/lib/unifi/data(/.*)? system_u:object_r:mongod_var_lib_t:s0
portcon tcp 27117 system_u:object_r:mongod_port_t:s0
Thanks,
Ricahrd
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
