
<html>

  <head>

    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">On 07/27/2013 07:04 AM, Shintaro

      Fujiwara wrote:<br>

    </div>

    <blockquote

cite="mid:CAPhFHN8FQP_pJaGRsGgLrpnO6=A-wsHj7kXsc6LNJE4pnFEB6w@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div>

          <div>

            <div>

              <div>

                <div>

                  <div>Hi !<br>

                    <br>

                  </div>

                  I fixed geeklog (php CMS) source and put some shell

                  script with geeklog SELinux module and made them a

                  tar-ball.<br>

                  <br>

                </div>

                There are logs directory in geeklog and php fopen wants

                to write its log.<br>

                <br>

              </div>

              I don't want to allow httpd_t write to httpd_log_t so, I

              wrote geeklog.fc and made a module only to allow write the

              very directory.<br>

              <br>

            </div>

            I set httpd_sys_rw_content_t to geeklog's logs directory,

            backups and data directories.<br>

            <br>

          </div>

          Maybe I should set httpd_sys_rw_content images directory, too.<br>

          <br>

        </div>

        Those informations will be seen at<br>

        <div>

          <div>

            <div><br>

              <a moz-do-not-send="true"

                href="https://sourceforge.net/projects/webon/files/geeklog_for_SELinux/"

                target="_blank">http://sourceforge.net/projects/webon/files/geeklog_for_SELinux/</a><br>

            </div>

          </div>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">--

selinux mailing list

<a class="moz-txt-link-abbreviated" href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a>

<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/selinux">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></pre>

    </blockquote>

    Yes, the httpd_sys_rw_content_t labeling is correct for the

    /var/www/geeklog-2.0.0_fedora19_SELinux/logs(/.*)? directory in this

    case. <br>

    <br>

    Basically you can follow<br>

    <br>

<a class="moz-txt-link-freetext" href="https://git.fedorahosted.org/cgit/selinux-policy.git/tree/apache.fc?h=master_contrib">https://git.fedorahosted.org/cgit/selinux-policy.git/tree/apache.fc?h=master_contrib</a><br>

    <br>

    for examples.<br>

    <br>

    Regards,<br>

    Miroslav<br>

  </body>

</html>