SElinux policy and write permissions in /www

[gokihar]

I have a website where adding pictures works as :
- upload to special FTP
- from admin site I "Add pics to special% catalog"
(it moves pics from upload catalog , resize it and should upload it to specified folder in 3 subfolders with watermark added)
It looks like this :
/www/
/www/pics/
/www/pics/upload/
/www/pics/folder1/mini
/www/pics/folder1/normal
/www/pics/folder1/zoom
/www/pics/folder2/mini
etc.

I tryed :
semanage fcontext -a -t httpd_sys_rw_content_t "/path/to/www/pics(/.*)?"
restorecon -Rv /path/to/pics/

Unfortunally it does not work. Disable selinux makes it work.

[TrevorH]

Stick it in permissive mode, recreate the problem, use the audit logs to see what is being denied and why.

Useful resources for SELinux: http://wiki.centos.org/HowTos/SELinux | http://wiki.centos.org/TipsAndTricks/SelinuxBooleans | http://docs.fedoraproject.org/en-US/Fed ... ced_Linux/ | http://www.youtube.com/watch?v=bQqX3RWn0Yw | http://opensource.com/business/13/11/se ... licy-guide | http://freecomputerbooks.com/The-SELinu ... tions.html

[gokihar]

Thanks for response : looks like its working anyway.
Not sure why only reason I see is turn off/on selinux but it shouldn't change anything ?

[TrevorH]

If you literally "turned it off" as in disabled it, then yes, it probably does make a difference. I suspect that when you re-enable it after being disabled then it will run a full filesystem relabel which would correct any mislabled files that were present. OTOH, if you meant "turned it off" as in setenforce 0 and going permissive, then no, it should make no difference.