From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 13 Jun 2014 08:45:40 -0400
Subject: [refpolicy] [PATCH v2] apache.te: Add labelling support for
	/var/log/mlogc
In-Reply-To: <CAKoOVcfxHWJYXSov1n0oQdBWLACLP+=X6mNL3xBHk6n_1AxTyA@mail.gmail.com>
References: <1402413767-23181-1-git-send-email-andronicus.spiros@gmail.com>	<53986418.5020501@tresys.com>
	<CAKoOVcfxHWJYXSov1n0oQdBWLACLP+=X6mNL3xBHk6n_1AxTyA@mail.gmail.com>
Message-ID: <539AF274.1000806@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/11/2014 10:55 AM, Elia Pinto wrote:
> 
> Il 11/giu/2014 16:12 "Christopher J. PeBenito" <cpebenito at tresys.com <mailto:cpebenito@tresys.com>> ha scritto:
>>
>> On 06/10/2014 11:22 AM, Elia Pinto wrote:
>> > Add the right labelling support for the
>> > ModSecurity Audit Log Collector(mlogc).
>> > mlogc is started by apache and run with the
>> > same selinux security context.
>> >
>> > Signed-off-by: Elia Pinto <andronicus.spiros at gmail.com <mailto:andronicus.spiros@gmail.com>>
>> > ---
>> > This is the second revision. httpd_log_t context was not
>> > sufficient for mlogc
>>
>> Why was httpd_log_t insufficient for mlogc?
> In particular Because mlogc create new directory in /var/log/mlogc also.

Which domain is this running in? Is it httpd_t?  That domain has permissions to create dirs inside httpd_log_t.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com