Question on semanage fcontext -a
Shintaro Fujiwara
shintaro.fujiwara at gmail.com
Mon Feb 4 14:51:38 UTC 2008
2008/2/4, Stephen Smalley <sds at tycho.nsa.gov>:
>
>
> On Sat, 2008-02-02 at 17:02 +0900, Shintaro Fujiwara wrote:
> > Hi, I read man semanage and found that semanage fcontext -a uses
> > restorecon.
> >
> > Does that mean I don't have to restorecon after I semanage fcontext
> > -a ?
>
> semanage fcontext -a adds entries to the local file contexts
> configuration. It doesn't directly relabel any files. Then, after
> you've run semanage fcontext -a to add the entry, you can run restorecon
> or other relabeling programs to actually relabel the files to the
> context you've specified in the entry.
OK, I understand.
So, I have to relabel by restorecon after I semanage fcontext -a path, right
?
I already re-written my program (segatex) to restorecon after semanage
fcontext -a -m.
Thank you very much.
> I just did restorecon fcontext -a and relabeled the system and found
> > that file context survived.
>
> Yes, the relabeling programs (setfiles, restorecon, fixfiles) all
> consult the file contexts configuration, and semanage fcontext -a is how
> you add local entries to that configuration. The other way to add
> entries is by inserting a loadable policy module with its own .fc file.
>
> --
> Stephen Smalley
> National Security Agency
>
>
--
http://intrajp.no-ip.com/ Home Page
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20080204/ca462765/attachment.htm>
More information about the fedora-selinux-list
mailing list