diff --git a/.github/workflows/validate_selinux_compile.yml b/.github/workflows/validate_selinux_compile.yml
index b5248bc..bbd179e 100644
--- a/.github/workflows/validate_selinux_compile.yml
+++ b/.github/workflows/validate_selinux_compile.yml
@@ -34,7 +34,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@centos7
+      - uses: lhqg/selinux_compile@centos7
 
   compile_centos8:
     name: Validate SELinux code (CentOS 8)
@@ -42,7 +42,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@centos8
+      - uses: lhqg/selinux_compile@centos8
 
   compile_centos9:
     name: Validate SELinux code (CentOS 9)
@@ -51,7 +51,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@centos9
+      - uses: lhqg/selinux_compile@centos9
 
   compile_fedora36:
     name: Validate SELinux code (Fedora 36)
@@ -59,7 +59,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@fedora36
+      - uses: lhqg/selinux_compile@fedora36
 
   compile_fedora37:
     name: Validate SELinux code (Fedora 37)
@@ -67,7 +67,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@fedora37
+      - uses: lhqg/selinux_compile@fedora37
 
   compile_fedora38:
     name: Validate SELinux code (Fedora 38)
@@ -75,7 +75,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@fedora38
+      - uses: lhqg/selinux_compile@fedora38
 
   compile_fedora39:
     name: Validate SELinux code (Fedora 39)
@@ -83,7 +83,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@fedora39
+      - uses: lhqg/selinux_compile@fedora39
 
   compile_fedora40:
     name: Validate SELinux code (Fedora 40)
@@ -91,7 +91,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v3
-      - uses: hubertqc/selinux_compile@fedora40
+      - uses: lhqg/selinux_compile@fedora40
 
   semodule_info:
     name: Get SELinux module informations
diff --git a/README.md b/README.md
index 2d361dd..092dc1e 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,11 @@
+![GitHub Release (latest SemVer)](https://img.shields.io/github/v/release/hubertqc/selinux_springboot)
+[![License](https://img.shields.io/badge/License-GPLv2-blue.svg)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
+[![GitHub Issues](https://img.shields.io/github/issues/hubertqc/selinux_springboot)](https://github.com/hubertqc/selinux_springboot/issues)
+[![GitHub PR](https://img.shields.io/github/issues-pr/hubertqc/selinux_springboot)](https://github.com/hubertqc/selinux_springboot/pulls)
+[![GitHub commit activity](https://img.shields.io/github/commit-activity/y/hubertqc/selinux_springboot)](https://github.com/hubertqc/selinux_springboot/commits/main)
+[![GitHub Last commit](https://img.shields.io/github/last-commit/hubertqc/selinux_springboot)](https://github.com/hubertqc/selinux_springboot/commits/main)
+![GitHub Downloads](https://img.shields.io/github/downloads/hubertqc/selinux_springboot/total)
+
 # SELinux policy module for Springboot applications
 
 <https://github.com/hubertqc/selinux_springboot>
@@ -156,13 +164,19 @@ Springboot application to offload arbitrary code and use it.
 
 #### allow_springboot_purge_logs  (default: `false`)
 
-When switched to `true`n, this boolean allows the Springboot application to delete its log
-files. It can be useful for log file rotation, but it can also be useful for attackers who
-would like to clean after themselves and remove traces of their actions...
+When switched to `true`, this boolean allows the Springboot application to delete its log
+files. It can be useful for "in Java app" logging framework initiated log file rotation.
+But it can also be useful for attackers who would like to clean after themselves and remove traces of their actions...
+
+#### allow_springboot_rewrite_logs  (default: `false`)
+
+When switched to `true`, this boolean allows the Springboot application to rewrite its own
+log files. It can prove useful when the logging framework cannot work in "append only" mode".
+But it can also be useful for attackers who would like to clean after themselves and remove traces of their actions...
 
 #### allow_webadm_read_springboot_files  (default: `false`)
 
-Users running with the `webadm_r`SELinux role and`webadm_t`domain are granted the
+Users running with the `webadm_r` SELinux role and`webadm_t` domain are granted the
 permissions to browse the directories of the Springboot application and the permission to
 stop and start the Springboot application **systemd** services, as well as querying their
 status.
@@ -264,6 +278,13 @@ is also supported.
 
 ### Running multiple Springboot applications on the same host
 
+#### Without isolation
+
+Nothing special needs to be done.
+Care must be taken to name each Springboot apps properly and to properly use systemd/systemctl to manage each one.
+
+#### With isolation between the Springboot apps
+
 TO DO
 
 ## Related projects
diff --git a/se_module/springboot.te b/se_module/springboot.te
index e2d192a..a78c2cd 100644
--- a/se_module/springboot.te
+++ b/se_module/springboot.te
@@ -24,7 +24,7 @@
 #
 ############################################################################
 
-policy_module(springboot, 1.3.1)
+policy_module(springboot, 1.3.2)
 
 ########################################
 #
@@ -114,6 +114,7 @@ bool	allow_springboot_connectto_mongodb	false;
 
 bool	allow_springboot_dynamic_libs				false;
 bool	allow_springboot_purge_logs					false;
+bool	allow_springboot_rewrite_logs				false;
 bool	allow_webadm_read_springboot_files			false;
 bool	allow_sysadm_write_springboot_files			false;
 bool	allow_sysadm_manage_springboot_auth_files	false;
@@ -277,6 +278,7 @@ if (allow_springboot_connectto_http) {
 
 if (allow_springboot_connectto_self) {
 	allow	springboot_t	springboot_port_t:tcp_socket	name_connect;
+	allow	springboot_t	springboot_t:peer				recv;
 }
 
 if (allow_springboot_connectto_ldap) {
@@ -292,7 +294,6 @@ if (allow_springboot_connectto_smtp) {
 	allow	springboot_t	sendmail_t:peer					recv;
 }
 
-
 if (allow_springboot_connectto_oracle) {
 	allow	springboot_t	oracle_port_t:tcp_socket	name_connect;
 }
@@ -341,9 +342,9 @@ allow	springboot_t	springboot_bin_t:file						exec_file_perms;
 allow	springboot_t	springboot_lib_t:file						map;
 
 if	(allow_springboot_dynamic_libs)	{
-	allow	springboot_t	springboot_dynlib_t:dir		{ create_dir_perms rw_dir_perms };
-	allow	springboot_t	springboot_dynlib_t:file	manage_file_perms;
-	allow	springboot_t	springboot_dynlib_t:file	exec_file_perms;
+	allow	springboot_t	springboot_dynlib_t:dir			{ create_dir_perms rw_dir_perms };
+	allow	springboot_t	springboot_dynlib_t:file		manage_file_perms;
+	allow	springboot_t	springboot_dynlib_t:file		exec_file_perms;
 	allow	springboot_t	springboot_dynlib_t:lnk_file	manage_lnk_file_perms;
 
 	filetrans_add_pattern(springboot_t,	springboot_dynlib_t,	springboot_dynlib_t,	{ dir file lnk_file } )
@@ -385,21 +386,25 @@ allow	springboot_t	springboot_log_t:file		{ create_file_perms append_file_perms
 logging_log_filetrans(springboot_t,	springboot_log_t,	{ file	dir }	)
 
 if	(allow_springboot_purge_logs)	{
-	allow	springboot_t	springboot_log_t:dir	rw_dir_perms;
+	allow	springboot_t	springboot_log_t:dir	del_entry_dir_perms;
 	allow	springboot_t	springboot_log_t:file	delete_file_perms;
 }
 
+if	(allow_springboot_rewrite_logs)	{
+	allow	springboot_t	springboot_log_t:file	write_file_perms;
+}
+
+
 dontaudit	springboot_t	domain:dir	getattr;
 dontaudit	springboot_t	domain:file	getattr;
 
-
 #
 ##	Permissions for Sys admins (sysadm_t)
 #
 
-allow	sysadm_t	springboot_file_type:dir			list_dir_perms;
+allow	sysadm_t	springboot_file_type:dir					list_dir_perms;
 allow	sysadm_t	springboot_file_type:notdevfile_class_set	getattr;
-allow	sysadm_t	springboot_file_type:lnk_file			read_lnk_file_perms;
+allow	sysadm_t	springboot_file_type:lnk_file				read_lnk_file_perms;
 
 allow	sysadm_t	springboot_bin_t:file		exec_file_perms;
 
@@ -437,11 +442,11 @@ if	(allow_sysadm_manage_springboot_auth_files)	{
 ##	Permissions for Web admins (webadm_t)
 #
 
-allow	webadm_t	springboot_file_type:dir			list_dir_perms;
+allow	webadm_t	springboot_file_type:dir					list_dir_perms;
 allow	webadm_t	springboot_file_type:notdevfile_class_set	getattr;
-allow	webadm_t	springboot_file_type:lnk_file			read_lnk_file_perms;
+allow	webadm_t	springboot_file_type:lnk_file				read_lnk_file_perms;
 
-allow	webadm_t	springboot_unit_file_t:file	read_file_perms;
+allow	webadm_t	springboot_unit_file_t:file		read_file_perms;
 allow	webadm_t	springboot_unit_file_t:service	{ stop start status };
 
 if	(allow_webadm_read_springboot_files)	{