Additionally, I'd mount /mnt/store0 with the mount option context=system_u:object_r:my_app_content_t and only grant your application access on that, instead of file_t. If you don't need the separation proposed by Dominick Grift (e.g. because the video files are public anyway), you could even just do a "mount -o context=system_u:object_r:httpd_sys_content_t ?? /mnt/store0" without having to create a custom policy. Regards, Luis Ressel -- Luis Ressel <aranea@xxxxxxxx> GPG fpr: F08D 2AF6 655E 25DE 52BC E53D 08F5 7F90 3029 B5BD
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
