Description of problem: I need to let cgi scripts write to nfs volumes. I was seeing: avc: denied {write } for pid=26689 comm="processEvent.cg" name="badEvents.txt" dev=0:1a ino=8610036 scontext=system_u:system_r:httpd_suexec_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file avc: denied {append } for pid=26874 comm="processEvent.cg" name="badEvents.txt" dev=0:1a ino=8610036 scontext=system_u:system_r:httpd_suexec_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file Tried turning on httpd_use_nfs but still saw the append error (write may still be an issue, but append may have been the only operation attempted at this point). Using my own policy module to work around for now. Version-Release number of selected component (if applicable): selinux-policy-3.3.1-107.fc9.noarch
Orion, I have tried to reproduce this problem and if I turn on httpd_use_nfs: # setsebool -P httpd_use_nfs 1 I can write to nfs_t with httpd_suexec_t type. Version-Release number of selected component: selinux-policy-3.3.1-111.fc9.noarch libselinux-2.0.61-1.fc9.i386 selinux-policy-devel-3.3.1-111.fc9.noarch selinux-policy-targeted-3.3.1-111.fc9.noarch
Indeed, seems fixed.