On Tue, 2004-11-30 at 13:12, Karsten Wade wrote:
chcon -R -t httpd_log_t /var/www/*/logs/*
service httpd start
BTW, if this works, you'll want to do something to make the change
permanent. Otherwise, the next running of restorecon will hose your
configuration.
Two options jump to mind:
* Move the logs into a path that will receive httpd_log_t, i.e.,
/var/logs/httpd/
* Install the policy sources (yum install
selinux-policy-targeted-sources), and do the following:
1. Edit /etc/selinux/targeted/src/policy/file_contexts/file_contexts
2. Add this line:
/var/www/.*/logs(/.*)? system_u:object_r:httpd_log_t
Feel free to correct my regexp, but I think it's right. :)
3. In /etc/selinux/targeted/src/policy rebuild the policy with 'make
load'. This will build and load the new policy directly into memory.
4. If you now do restorecon, the /var/www/*/logs directories should get
the proper context.
Be aware that if you make another change to SELinux, especially using
system-config-securitylevel, the file /.autorelabel may get created.
That triggers a relabeling on reboot, and may hose any manual
customizations not fixed in policy.
- Karsten
--
Karsten Wade, RHCE, Tech Writer
a lemon is just a melon in disguise
http://people.redhat.com/kwade/
gpg fingerprint: 2680 DBFD D968 3141 0115 5F1B D992 0E06 AD0E 0C41
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
