[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Question on semanage fcontext -a

From: Stephen Smalley <sds tycho nsa gov>
To: Shintaro Fujiwara <shintaro fujiwara gmail com>
Cc: fedora-selinux-list redhat com
Subject: Re: Question on semanage fcontext -a
Date: Mon, 04 Feb 2008 08:26:39 -0500

On Sat, 2008-02-02 at 17:02 +0900, Shintaro Fujiwara wrote:
> Hi, I read man semanage and found that semanage fcontext -a uses
> restorecon.
> 
> Does that mean I don't have to restorecon after I semanage fcontext
> -a ?

semanage fcontext -a adds entries to the local file contexts
configuration.  It doesn't directly relabel any files.  Then, after
you've run semanage fcontext -a to add the entry, you can run restorecon
or other relabeling programs to actually relabel the files to the
context you've specified in the entry.

> I just did restorecon fcontext -a and relabeled the system and found
> that file context survived.

Yes, the relabeling programs (setfiles, restorecon, fixfiles) all
consult the file contexts configuration, and semanage fcontext -a is how
you add local entries to that configuration.  The other way to add
entries is by inserting a loadable policy module with its own .fc file.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: Question on semanage fcontext -a
  - From: Shintaro Fujiwara

References:
- Question on semanage fcontext -a
  - From: Shintaro Fujiwara

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]