[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Overriding default file contexts?

From: Stephen Smalley <sds tycho nsa gov>
To: Ian Pilcher <i pilcher comcast net>
Cc: fedora-selinux-list redhat com
Subject: Re: Overriding default file contexts?
Date: Mon, 03 Apr 2006 11:28:49 -0400

On Mon, 2006-04-03 at 10:11 -0500, Ian Pilcher wrote:
> So 'semanage fcontext ...' is simply an interface to modify the policy
> contexts/files/file_contexts?  This is going to result in an rpmnew
> file whenever the policy is updated, right?

No.  That file is no longer provided by the policy package directly; it
is generated by libsemanage each time upon updates, and even policy
updates go through libsemanage now.  libsemanage merges local additions
(stored separately in the file_contexts.local file in the
modules/active/ subdirectory) with the policy-provided file into the
final file before installing it.

> It's just my opinion, but I think it would be very convenient for system
> administrators and packagers to have a simple mechanism to override the
> policy for specific files.

Yes, that's what semanage fcontext -a is for.  Or under FC4, you could
manually create and edit
a /etc/selinux/targeted/contexts/file/file_contexts.local file.

-- 
Stephen Smalley
National Security Agency

References:
- Overriding default file contexts?
  - From: Ian Pilcher
- Re: Overriding default file contexts?
  - From: Paul Howarth
- Re: Overriding default file contexts?
  - From: Ian Pilcher
- Re: Overriding default file contexts?
  - From: Stephen Smalley

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]