On Tue, Feb 22, 2011 at 9:00 AM, Daniel J Walsh <span dir="ltr">&lt;<a href="mailto:dwalsh@redhat.com">dwalsh@redhat.com</a>&gt;</span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">

<div class="im">On 02/21/2011 10:19 PM, Scott Gifford wrote:</div></blockquote><div>[ ... ] </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im"></div>

<div class="im">
&gt; Yeah, true, but I&#39;m not sure how to cause them to have no category<br>
&gt; either, apart from using setxattr.<br>
&gt;<br>
</div>I think if you do the file context correctly you can run restorecon -F<br>
to fix the label.  If your CGI were in Code or python, you could use<br>
setfscreatecon, to set the label automatically.<br></blockquote><div><br></div><div>My code is in Perl, so I just printed the NULL-terminated context name to:</div><div><br></div></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">

<div class="gmail_quote"><div><font class="Apple-style-span" face="&#39;courier new&#39;, monospace">/proc/$$/attr/fscreate</font></div></div></blockquote><div class="gmail_quote"><div><br></div><div> It required that I give the process context setfscreate permission, like this:</div>

<div><br></div></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;"><div class="gmail_quote"><div><div><font class="Apple-style-span" face="&#39;courier new&#39;, monospace">allow httpd_ppi_portal_app_t self:process setfscreate;</font></div>

</div></div></blockquote><div class="gmail_quote"><div><br></div><div>Now it is working great, thanks!</div><div><br></div><div>-----Scott.</div><div><br></div></div>