Locally defined file contexts

Gene Czarcinski gene at czarc.net
Thu Apr 15 22:43:09 UTC 2004


Before I go and submit an RFE, I thought I would put this message out to see 
if what I am asking for is reasonable and/or I am missing something and it is 
already available.

I have a need/want to be able to define some file contexts for directories and 
possibly separately mounted partitions which will have different attributes 
from what is currently defined.

For example, I may want to mount one or more partitions under /home/ or 
/usr/local/ or even / which are to be shared read-only to anyone but writable 
only by root and one user. An example in my current situation on a FC1 system 
is where I have a very large partition for vmware in /home/vmware/ and I want 
this r/w by one user running as staff_r or user_r.

As I currently understand things, only the tunable.te and users files are 
intended for modification by the user or local installation.  The rest or the 
files are for policy-sources and will be updated when the package is updated.  
I want some place to put rules similar to those in file_contexts or types.fc 
which will be used to build the master files_contexts but not be replaced 
when policy-sources is updated.

I am hoping that this capability already exists and I just do not understand 
that it is there.

Gene




More information about the fedora-selinux-list mailing list