[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: How to label top level non default dirs

From: Dominick Grift <domg472 gmail com>
To: Tony Molloy <tony molloy ul ie>
Cc: fedora-selinux-list redhat com
Subject: Re: How to label top level non default dirs
Date: Tue, 21 Apr 2009 13:58:15 +0200

On Tue, 2009-04-21 at 12:31 +0100, Tony Molloy wrote:
> Hi,
> 
> If I have a top level non default directory say for argument called /data. 
> This directory contains various scripts and text files which should be 
> available to everyone. Now when I do an install it gets the default selinux 
> context file_t. But this generates lots of AVC's if I set selinux to 
> enforcing. What should I label this directory as.
> 
> Regards,
> 
> Tony
> 

Depends on what you want to use it for. For example you can label it
root_t if you want to put in folders that resemble /var or /etc
or /home/user etc.

You can also label /data var_t if that it what you will use it for.

Or you can for example label /data user_home_t if you want to store
user_content there.

It just depends on how you will use /data.

-/data(root_t)---/user_content(user_home_t)
               \-/var(var_t)
               \-/etc(etc_t)
               \-/custom(some_custom_type_t)
	       \- etcetc

for example: if you want to store web content in /data you would label
it httpd_sys_content_t (just like /var/www is labeled that type)

References:
- How to label top level non default dirs
  - From: Tony Molloy

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]