On Thu, Feb 6, 2014 at 11:37 AM, Daniel J Walsh <dwa...@redhat.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/06/2014 02:39 PM, Richard Shaw wrote: > > On Thu, Feb 6, 2014 at 2:49 AM, Miroslav Suchý <msu...@redhat.com> > wrote: > > > >> On 02/05/2014 08:24 PM, Richard Shaw wrote: > >> > >>> Are there official guidelines on how to handle selinux contexts in > >>> packaging? I can still only find the draft which seems way more > >>> complicated than necessary for my needs. > >>> > >>> I'm working on a package that uses mongodb internally (runs it's own > >>> instance). Selinux is complaining because it has mongodb creating the > >>> database (and logs) outside of the normal locations > You need to tell SELinux about the labels. > > semanage fcontext -e /var/lib/mysql PATHTO/mysql > restorecon -R -v PATHTO/mysql > > Is probably what you want. Ok, I ended up getting to the same place using "-a mongod_var_lib_t"... Now how to turn that into a policy I can package? I ended up with this as the requirements to create a functional package: /var/lib/unifi/logs(/.*)? system_u:object_r:mongod_var_lib_t:s0 /var/lib/unifi/data(/.*)? system_u:object_r:mongod_var_lib_t:s0 portcon tcp 27117 system_u:object_r:mongod_port_t:s0 Thanks, Ricahrd
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
