Karsten Wade wrote:
On Tue, 2004-11-30 at 13:12, Karsten Wade wrote:
> chcon -R -t httpd_log_t /var/www/*/logs/*
> service httpd start
>
>
BTW, if this works, you'll want to do something to make the change
permanent. Otherwise, the next running of restorecon will hose your
configuration.
Two options jump to mind:
* Move the logs into a path that will receive httpd_log_t, i.e.,
/var/logs/httpd/
* Install the policy sources (yum install
selinux-policy-targeted-sources), and do the following:
1. Edit /etc/selinux/targeted/src/policy/file_contexts/file_contexts
2. Add this line:
/var/www/.*/logs(/.*)? system_u:object_r:httpd_log_t
Feel free to correct my regexp, but I think it's right. :)
3. In /etc/selinux/targeted/src/policy rebuild the policy with 'make
load'. This will build and load the new policy directly into memory.
4. If you now do restorecon, the /var/www/*/logs directories should get
the proper context.
Be aware that if you make another change to SELinux, especially using
system-config-securitylevel, the file /.autorelabel may get created.
That triggers a relabeling on reboot, and may hose any manual
customizations not fixed in policy.
- Karsten
/.autorelabel will only get created when switching from one type of
policy to another (strict <--> targeted)
Looking back on this chain, it seems that if he had httpd_unified set it
should have been able to write to the log files anyways,
This might be a bug in policy?