On 06/23/2011 03:25 PM, Dominick Grift wrote:
On 06/24/2011 12:07 AM, Daniel B. Thurman wrote:
Compiling targeted kmotionApache module /usr/bin/checkmodule: loading policy configuration from tmp/kmotionApache.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/kmotionApache.mod Creating targeted kmotionApache.pp policy package rm tmp/kmotionApache.mod.fc tmp/kmotionApache.mod ======================================= These files were created:
- kmotionApache.if (0 length file)
- kmotionApache.fc (0 length file)
- kmotionApache.pp (binary file)
So at this point, I do not want to proceed until I am certain that I am getting the right results.... I cannot check out kmotionApache.pp since it is a binary file...
This looks ok to me.
sudo semodule myapache.pp
service httpd stop rm -rf /dev/shm/kmotion_ramdisk service httpd start
If you would implement that policy then httpd_t would be allowed to create dirs and files in /dev/shm and it would create them with type httpd_tmpfs_t automatically.
I decided to forego this step, since I relocated kmotion_ramdisk from /dev/shm to /www/kmotion for a couple of reasons; the /dev/shm space is too small for potentially large collection of kmotion files, and there are too many issues WRT to the fact that rebooting could clear the file structure, and it is difficult to keep up with changing context of which would annoy Selinux. Because SeLinux no longer complains, I removed the ramdisk context entry.
So far, everything seems to work.
Thank you for your help!