On Tue, Feb 22, 2011 at 9:00 AM, Daniel J Walsh <span dir="ltr"><<a href="mailto:dwalsh@redhat.com">dwalsh@redhat.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">On 02/21/2011 10:19 PM, Scott Gifford wrote:</div></blockquote><div>[ ... ] </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im"></div>
<div class="im">
> Yeah, true, but I'm not sure how to cause them to have no category<br>
> either, apart from using setxattr.<br>
><br>
</div>I think if you do the file context correctly you can run restorecon -F<br>
to fix the label. If your CGI were in Code or python, you could use<br>
setfscreatecon, to set the label automatically.<br></blockquote><div><br></div><div>My code is in Perl, so I just printed the NULL-terminated context name to:</div><div><br></div></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div class="gmail_quote"><div><font class="Apple-style-span" face="'courier new', monospace">/proc/$$/attr/fscreate</font></div></div></blockquote><div class="gmail_quote"><div><br></div><div> It required that I give the process context setfscreate permission, like this:</div>
<div><br></div></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="gmail_quote"><div><div><font class="Apple-style-span" face="'courier new', monospace">allow httpd_ppi_portal_app_t self:process setfscreate;</font></div>
</div></div></blockquote><div class="gmail_quote"><div><br></div><div>Now it is working great, thanks!</div><div><br></div><div>-----Scott.</div><div><br></div></div>