On Tue, 2008-10-14 at 11:32 +0200, Dominik 'Rathann' Mierzejewski wrote: > SELinux is another subject for a good rant. Example: I created /var/log/dovecot, > chowned it to dovecot user and configured it to put its logs there. Bang! > SELinux denial. There's no easy way to fix it permanently either and SELinux > tools documentation is akin to arcane knowledge. Unless you're familiar with > all the terminology, you won't understand it. > [snip] Permanent fix which survives relabels. /usr/sbin/semanage fcontext -a -t dovecot_var_log_t /var/log/dovecot /sbin/restorecon -v /var/log/dovecot SELinux documentation has been lacking in the past but Red Hat has hired someone to write proper documentation for SELinux and it is getting better every day. In an article on LWN I answered this question[1]. In addition to this someone also linked the page below which contains quite a bit of information that this person gathered when learning about SELinux[2]. If you are willing to take the time to go through some of his stuff you will realize SELinux really isn't as difficult as people make it out to be, it's just that its not what they are use to. You already know to set one set of permissions on the file when you create it you just have to realize there is a type that needs to be set as well. [1]http://lwn.net/Articles/290168/ [2]http://equivocation.org/selinux -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
