<div dir="ltr"><div><div><div><div><div><br>Thank you for your advice.<br></div><br>I've read several articles on this matter and especially, Dan's<br><br></div>I may not had any mistakes this time and I owe those guru's articles.<br>
<br></div>I had to fix some paths, because I made mistakes for doc and backups directories.<br><br></div>I updated those tar balls.<br><br></div>I just want everybody to set setenforce 1 haha!<br><br><div><div><div><br><div>
<div><br><br><div class="gmail_extra"><br><br><div class="gmail_quote">2013/7/29 Miroslav Grepl <span dir="ltr"><<a href="mailto:mgrepl@redhat.com" target="_blank">mgrepl@redhat.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
<div>On 07/27/2013 07:04 AM, Shintaro
Fujiwara wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>
<div>Hi !<br>
<br>
</div>
I fixed geeklog (php CMS) source and put some shell
script with geeklog SELinux module and made them a
tar-ball.<br>
<br>
</div>
There are logs directory in geeklog and php fopen wants
to write its log.<br>
<br>
</div>
I don't want to allow httpd_t write to httpd_log_t so, I
wrote geeklog.fc and made a module only to allow write the
very directory.<br>
<br>
</div>
I set httpd_sys_rw_content_t to geeklog's logs directory,
backups and data directories.<br>
<br>
</div>
Maybe I should set httpd_sys_rw_content images directory, too.<br>
<br>
</div>
Those informations will be seen at<br>
<div>
<div>
<div><br>
<a href="https://sourceforge.net/projects/webon/files/geeklog_for_SELinux/" target="_blank">http://sourceforge.net/projects/webon/files/geeklog_for_SELinux/</a><br>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>--
selinux mailing list
<a href="mailto:selinux@lists.fedoraproject.org" target="_blank">selinux@lists.fedoraproject.org</a>
<a href="https://admin.fedoraproject.org/mailman/listinfo/selinux" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></pre>
</blockquote>
Yes, the httpd_sys_rw_content_t labeling is correct for the
/var/www/geeklog-2.0.0_fedora19_SELinux/logs(/.*)? directory in this
case. <br>
<br>
Basically you can follow<br>
<br>
<a href="https://git.fedorahosted.org/cgit/selinux-policy.git/tree/apache.fc?h=master_contrib" target="_blank">https://git.fedorahosted.org/cgit/selinux-policy.git/tree/apache.fc?h=master_contrib</a><br>
<br>
for examples.<br>
<br>
Regards,<br>
Miroslav<br>
</div>
</blockquote></div><br><br clear="all"><br>-- <br><a href="http://intrajp.no-ip.com/">http://intrajp.no-ip.com/</a> Home Page
</div></div></div></div></div></div></div>