On Tue, 2004-11-30 at 13:12, Karsten Wade wrote: > chcon -R -t httpd_log_t /var/www/*/logs/* > service httpd start BTW, if this works, you'll want to do something to make the change permanent. Otherwise, the next running of restorecon will hose your configuration. Two options jump to mind: * Move the logs into a path that will receive httpd_log_t, i.e., /var/logs/httpd/ * Install the policy sources (yum install selinux-policy-targeted-sources), and do the following: 1. Edit /etc/selinux/targeted/src/policy/file_contexts/file_contexts 2. Add this line: /var/www/.*/logs(/.*)? system_u:object_r:httpd_log_t Feel free to correct my regexp, but I think it's right. :) 3. In /etc/selinux/targeted/src/policy rebuild the policy with 'make load'. This will build and load the new policy directly into memory. 4. If you now do restorecon, the /var/www/*/logs directories should get the proper context. Be aware that if you make another change to SELinux, especially using system-config-securitylevel, the file /.autorelabel may get created. That triggers a relabeling on reboot, and may hose any manual customizations not fixed in policy. - Karsten -- Karsten Wade, RHCE, Tech Writer a lemon is just a melon in disguise http://people.redhat.com/kwade/ gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
