priority between file context rules
Dominick Grift
dominick.grift at gmail.com
Wed Dec 4 15:21:40 UTC 2013
On Wed, 2013-12-04 at 09:37 -0500, Daniel J Walsh wrote:
>
> The only reason to label content httpd_log_t versus httpd_sys_ra_content_t is
> if the log files need to be used by log applications like logrotate.
Yes, afaik these log files are usually not automatically rotated, and i
am also looking at this from a confined user perspective
I would rather give a user permission to manage httpd_sys_ra_content_t
files than httpd_log_t.
These are virtual hosts, so i assume that the customer needs to be able
to manage content off the vhost they own.
Depending on the properties of the setup i might have used a different
config altogether.
More information about the selinux
mailing list