[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFC] /var versus /srv



On Wednesday 26 September 2007 22:57:43 Lamont Peterson wrote:
> > AFAIK, selinux only knows about a couple servers, like apache, having
> > data in /srv. If SE Linux is going to protect the data, a standard
> > mapping between /srv and /var for everything should be worked out so
> > that policy can be adapted.
>
> SELinux doesn't care about file paths.  If the directories have the right
> context labels, it doesn't matter where they are.

You need more than the directories to be right. Sometimes the files inside the
same directory have different labels. For each type being used, selinux needs
the path. Here's a typical example from sendmail's policy:

/var/log/mail(/.*)?                gen_context(system_u:object_r:sendmail_log_t,s0)

/var is hardcoded.

-Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]