[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: restorecon question

From: Stephen Smalley <sds tycho nsa gov>
To: Vadym Chepkov <chepkov yahoo com>
Cc: Fedora SELinux <fedora-selinux-list redhat com>
Subject: Re: restorecon question
Date: Wed, 22 Jul 2009 16:05:07 -0400

On Wed, 2009-07-22 at 12:57 -0700, Vadym Chepkov wrote:
> You are right, these types are listed in /etc/selinux/targeted/contexts/customizable_types:
> 
> ....
> httpd_sys_content_t
> httpd_sys_htaccess_t
> httpd_sys_script_exec_t
> httpd_sys_script_ra_t
> httpd_sys_script_ro_t
> httpd_sys_script_rw_t
> httpd_unconfined_script_exec_t
> ....
> 
> May I ask, why do they set this way?

Because users may choose to customize the labeling of their web
hierarchy and we didn't want restorecon to clobber it.  These days that
isn't so necessary because users can use semanage fcontext -a to add
entries for their customizations, and that is why customizable_types in
F11 doesn't include those types.

-- 
Stephen Smalley
National Security Agency

Follow-Ups:
- Re: restorecon question
  - From: Dominick Grift

References:
- Re: restorecon question
  - From: Vadym Chepkov

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]