Justin,

I worked on the example Apache policy for Selinux.

The files you reference seem to be semaphore files. Apache is using these files to globally synchronize two or more of it's processes. The behavior you describe seems legitimate, therefor it is ok to create these types and give Apache permisison to them. The same will be done for the example Apache policy in Selinux.

I am not sure what changed in the Apache environment, where the policy is running, to make Apache want to globally synchronzie it's proceses.

Jen

> After running for more than a week on a fixed policy, httpd suddenly
> wants more privileges and refuses to serve web pages without them:
>
> It, and cgi scripts it runs, are trying to access files in /var/cache
> and /var/run
>
> /var/cache/ssl_gcache_data.sem
>
> and
>
> /var/run/httpd.mm.995.sem
>
> I made up a new file type for the /var/run file, 'httpd_var_run_sem_t'
> and could do that for the ssl_gcache_data.sem file but wonder why this
> apparent change of behavior after so long.
>
> I apologize if this is off-topic.
>
> --
>
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.