Re: priority between file context rules
On Wed, 2013-12-04 at 09:37 -0500, Daniel J Walsh wrote:
The only reason to label content httpd_log_t versus httpd_sys_ra_content_t is
if the log files need to be used by log applications like logrotate.
Yes, afaik these log files are usually not automatically rotated, and i
am also looking at this from a confined user perspective
I would rather give a user permission to manage httpd_sys_ra_content_t
files than httpd_log_t.
These are virtual hosts, so i assume that the customer needs to be able
to manage content off the vhost they own.
Depending on the properties of the setup i might have used a different
config altogether.