On 06/23/2011 03:25 PM, Dominick Grift wrote: > On 06/24/2011 12:07 AM, Daniel B. Thurman wrote: > > > Compiling targeted kmotionApache module > > /usr/bin/checkmodule: loading policy configuration from > > tmp/kmotionApache.tmp > > /usr/bin/checkmodule: policy configuration loaded > > /usr/bin/checkmodule: writing binary representation (version 10) to > > tmp/kmotionApache.mod > > Creating targeted kmotionApache.pp policy package > > rm tmp/kmotionApache.mod.fc tmp/kmotionApache.mod > > ======================================= > > These files were created: > > + kmotionApache.if (0 length file) > > + kmotionApache.fc (0 length file) > > + kmotionApache.pp (binary file) > > > So at this point, I do not want to proceed until I am certain > > that I am getting the right results.... I cannot check out > > kmotionApache.pp since it is a binary file... > > This looks ok to me. > > > >> sudo semodule myapache.pp > >> > >> service httpd stop > >> rm -rf /dev/shm/kmotion_ramdisk > >> service httpd start > >> > >> If you would implement that policy then httpd_t would be allowed to > >> create dirs and files in /dev/shm and it would create them with type > >> httpd_tmpfs_t automatically. I decided to forego this step, since I relocated kmotion_ramdisk from /dev/shm to /www/kmotion for a couple of reasons; the /dev/shm space is too small for potentially large collection of kmotion files, and there are too many issues WRT to the fact that rebooting could clear the file structure, and it is difficult to keep up with changing context of which would annoy Selinux. Because SeLinux no longer complains, I removed the ramdisk context entry. So far, everything seems to work. Thank you for your help! -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
