Hi, Interesting point you've got there. It didn't occur to me. Probably, because lately I saw a lot of ruby apps (sites), storing sockets and pids right in their own directories. And after posting my question I was able to make it work by changing type of the directory, where socket resides, to httpd_var_run_t. And now that I think about it, in terms of effort (say, number of commands) both solutions are identical. One thing that slightly concerns me in your solution is that the directory looks like the place for files, owned by packages. Well, maybe because I didn't see anything other than that there. But lately I see this trend (not sure how widespread it is, probably has to do with emergence of devops thing), where apps (sites) run daemons, not backed by init scripts/service files. Keeping the app in the user's directory, and so on. And following it, storing pids/sockets in the app directory seems like a good idea. But if you think about it, there's probably not much difference. Anyways, thanks for the idea. Regards, Yuri -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
