File contexts again
Paul Howarth
paul at city-fan.org
Wed May 31 15:07:43 UTC 2006
Having trouble with default file contexts again.
I have a policy module with the following .fc file:
/home/pgsql -d
gen_context(system_u:object_r:var_lib_t,s0)
/home/pgsql/data -d
gen_context(system_u:object_r:postgresql_db_t,s0)
/home/pgsql/data/.* -d
gen_context(system_u:object_r:postgresql_db_t,s0)
/home/pgsql/data/.* --
gen_context(system_u:object_r:postgresql_db_t,s0)
/home/pgsql/pgstartup\.log --
gen_context(system_u:object_r:postgresql_log_t,s0)
The entries that are not regexes work OK, but as soon as I use a regex,
the type I'm specifying gets overridden by user_home_t when I do a
restorecon.
For instance, if I have a file /home/pgsql/data/test.db, restorecon
labels it user_home_t rather than postgresql_db_t.
/home/pgsql is not the home directory of any user.
Why is this happening?
It appears that some further tweaking to the file contexts sort order
that I put on the wiki
(http://fedoraproject.org/wiki/SELinux/ManagingFileContext) after the
last discussion is needed.
Paul.
More information about the fedora-selinux-list
mailing list