Hello everyone,

I recently started to work with SELinux and its permissions and have encountered a problem.

I want to open and write the icinga2. cmd file via the httpd process. I put the context on the file and this is the output of the "ls -Z /var/run/icinga2/cmd/icinga2. cmd" command:
prw-rw----. icinga icingacmd system_u:object_r:httpd_user_rw_content_t:s0 /var/run/icinga2/cmd/icinga2.cmd
With these permissions the file could not be edited, so I created a policy for fifo files:
allow httpd_t httpd_user_rw_content_t:fifo_file { getattr open write }
With this policy I was able to edit the file, but the problem is that this way the whole fifo files can be used on the system from httpd and I want to prevent that.

My question now would be, how to realize with the context / label or the policy that only the icinga2. cmd file can be read and written to.

Greetings Patrick