lost+found labeling

Ken YANG spng.yang at gmail.com
Sat Sep 8 08:55:10 UTC 2007 

Stephanos Manos wrote:
> Ken YANG wrote:
>> Stephanos Manos wrote:
>>> Hi
>>>
>>> I'm in the proses of building a hole server and i was wondering what is
>>> the correct way of labeling the lost+found directory of various file
>>> systems that will be mounted under the /srv. I have labeled /srv as
>>> public_content_rw_t with
>>> semanage fcontext -a -t public_content_rw_t '/srv(/.*)?'
>>> but that results to lost+found being labeled as public_content_rw_t so i
>>> also run
>>> semange fcontext -a -f -d  -t lost_found_t '/srv/(.*/)lost\+found'
>>>
>>> my question is:
>>> in /etc/selinux/targeted/contexts/files/file_contexts i see two lines
>>> for /lost+found
>>> a. /lost\+found/.* <<none>>
>>> b. /lost\+found    -d      system_u:object_r:lost_found_t:s0
>>>
>>> the second is created with the above mentioned command
>>> who do i create the first or i don't needed?
>> the first one is about the content in lost+found, and the second is
>> about the directory lost+found, i think you also find the "-d" item.
>>
>> the label rules you create through "semanage fcontext" are in:
>>
>> /etc/selinux/targeted/contexts/files/file_contexts.local
>>
> Yes i know that. when i issue the above mentioned semange fcontext
> command i see the following line created in
> /etc/selinux/targeted/contexts/files/file_contexts.local
> 
> /srv/(.*/)lost\+found    -d      system_u:object_r:lost_found_t:s0
> 
> but how do i create a line that is
> /srv/(.*/)lost\+found/.* <<none>>
> 
> in the file_contexts.local
> 
> or i don't need it?

the need of this line depends on your purpose. This line means
the context of files you created in the dir are labeled according to
the creating process and containing directory, if no policy rules
about it.

i think you should keep this line in your file context file

> 
> Stephanos
> 
>>> Regards
>>>
>>> Stephanos Manos
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

More information about the fedora-selinux-list mailing list