restorecon question

[Daniel J Walsh]

On 07/22/2009 03:50 PM, Vadym Chepkov wrote:
> No, it was httpd_sys_content_t
> 
> Sincerely yours,
>   Vadym Chepkov
> 
> 
> --- On Wed, 7/22/09, Eric Paris <eparis at redhat.com> wrote:
> 
>> From: Eric Paris <eparis at redhat.com>
>> Subject: Re: restorecon question
>> To: "Vadym Chepkov" <chepkov at yahoo.com>
>> Cc: "Fedora SELinux" <fedora-selinux-list at redhat.com>
>> Date: Wednesday, July 22, 2009, 3:12 PM
>> On Wed, 2009-07-22 at 11:06 -0700,
>> Vadym Chepkov wrote:
>>> Hi,
>>>
>>> Could you explain me, please, the behavior of the
>> restorecon utility.
>>> I added the following in the local.fc file
>>>
>>> # phpbb
>>> /var/www/phpbb/cache(/.*)?   
>>            
>> gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
>>> /var/www/phpbb/files(/.*)?   
>>            
>> gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
>>> compiled and installed policy, seems to be in place.
>>>
>>> # semanage fcontext -l|grep phpbb
>>> /var/www/phpbb/cache(/.*)?       
>>              
>>    all files       
>>   system_u:object_r:httpd_sys_script_rw_t:s0 
>>> /var/www/phpbb/files(/.*)?       
>>              
>>    all files       
>>   system_u:object_r:httpd_sys_script_rw_t:s0 
>>> But when now I run restorecon -vR /var/www/phpbb/
>>> it doesn't do anything. I would expect it to changed
>> context on two directories and files in them.
>>
>> What was the context before?  Was the only difference
>> the 'user'
>> portion?  I don't think restorecon bothers to reset
>> the context if the
>> only thing 'wrong' is the user, since the user is not
>> relevant to any
>> security operations....
>>
>>
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
customizable_types was the problem.  You need to use the -F to override customizable_types.