-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/06/2014 12:44 PM, Richard Shaw wrote: > On Thu, Feb 6, 2014 at 11:37 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx > <mailto:dwalsh@xxxxxxxxxx>> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > > On 02/06/2014 02:39 PM, Richard Shaw wrote: >> On Thu, Feb 6, 2014 at 2:49 AM, Miroslav Suchý <msuchy@xxxxxxxxxx > <mailto:msuchy@xxxxxxxxxx>> wrote: >> >>> On 02/05/2014 08:24 PM, Richard Shaw wrote: >>> >>>> Are there official guidelines on how to handle selinux contexts in >>>> packaging? I can still only find the draft which seems way more >>>> complicated than necessary for my needs. >>>> >>>> I'm working on a package that uses mongodb internally (runs it's own >>>> instance). Selinux is complaining because it has mongodb creating >>>> the database (and logs) outside of the normal locations > You need to tell SELinux about the labels. > > semanage fcontext -e /var/lib/mysql PATHTO/mysql restorecon -R -v > PATHTO/mysql > > Is probably what you want. > > > Ok, I ended up getting to the same place using "-a mongod_var_lib_t"... Now > how to turn that into a policy I can package? > > I ended up with this as the requirements to create a functional package: > > /var/lib/unifi/logs(/.*)? system_u:object_r:mongod_var_lib_t:s0 > /var/lib/unifi/data(/.*)? system_u:object_r:mongod_var_lib_t:s0 portcon > tcp 27117 system_u:object_r:mongod_port_t:s0 > > Thanks, Ricahrd > > Most likely the better solution would have been /var/lib/unifi/logs(/.*)? system_u:object_r:mongod_log_t:s0 SHould these go into Fedora Policy? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL6RRQACgkQrlYvE4MpobMSkACfcjz7Y7o3w+lYXpwL4PB+UJ4t X3oAoM48lMdCw4J6cbAQkejcGt00rXNJ =bgUx -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
