From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 13 Jun 2014 08:45:40 -0400 Subject: [refpolicy] [PATCH v2] apache.te: Add labelling support for /var/log/mlogc In-Reply-To: References: <1402413767-23181-1-git-send-email-andronicus.spiros@gmail.com> <53986418.5020501@tresys.com> Message-ID: <539AF274.1000806@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/11/2014 10:55 AM, Elia Pinto wrote: > > Il 11/giu/2014 16:12 "Christopher J. PeBenito" > ha scritto: >> >> On 06/10/2014 11:22 AM, Elia Pinto wrote: >> > Add the right labelling support for the >> > ModSecurity Audit Log Collector(mlogc). >> > mlogc is started by apache and run with the >> > same selinux security context. >> > >> > Signed-off-by: Elia Pinto > >> > --- >> > This is the second revision. httpd_log_t context was not >> > sufficient for mlogc >> >> Why was httpd_log_t insufficient for mlogc? > In particular Because mlogc create new directory in /var/log/mlogc also. Which domain is this running in? Is it httpd_t? That domain has permissions to create dirs inside httpd_log_t. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com