On Wed, 2013-12-04 at 09:37 -0500, Daniel J Walsh wrote: > > The only reason to label content httpd_log_t versus httpd_sys_ra_content_t is > if the log files need to be used by log applications like logrotate. Yes, afaik these log files are usually not automatically rotated, and i am also looking at this from a confined user perspective I would rather give a user permission to manage httpd_sys_ra_content_t files than httpd_log_t. These are virtual hosts, so i assume that the customer needs to be able to manage content off the vhost they own. Depending on the properties of the setup i might have used a different config altogether. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
