Question on semanage fcontext -a
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 17 14:27:20 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephen Smalley wrote:
> On Mon, 2008-03-17 at 11:31 +0000, Paul Howarth wrote:
>> ttaylor wrote:
>>> Does anything special have to be done to cause SELinux to start using newly
>>> added local filecontexts? What I'm finding is that if I use semanage
>>> fcontext -a to add a local filecontext definition, it is not used by
>>> restorecon unless I specify the "-F" option. Without the "-F" option,
>>> restorecon -vv <file_path> gives the following message:
>>>
>>> /sbin/restorecon: <file_path> not reset customized by admin to
>>> <current_context>
>>>
>>> but restorecon -vv -F <file_path> gives this:
>>>
>>> /sbin/restorecon reset <file_path> context <current_context>-><new_context>
>> This is probably because <current_context> is a customizable type like
>> httpd_sys_content_t; objects with these types don't get reset by
>> restorecon unless you use -F. I'm not sure how to find out which types
>> are customizable off the top of my head though.
>
> cat /etc/selinux/$SELINUXTYPE/contexts/customizable_types
>
> Dan - I thought we had discussed reducing that set significantly since
> it was originally to avoid clobbering locally-set types upon a
> filesystem relabel prior to the introduction of semanage, but with users
> now able to add local file contexts easily via semanage fcontext -a, it
> isn't as necessary.
>
Yes I have in Rawhide, but if you are using an Older OS, those files are
still there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfef8gACgkQrlYvE4MpobMIUgCeLkLGmqeGizf4Tgb/yy3wPhWM
RPEAn2Ol8SrzueD2p3w7g0M7gcjLUc9E
=bmbT
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list