restorecon question
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 23 20:05:02 UTC 2009
On 07/22/2009 03:50 PM, Vadym Chepkov wrote:
> No, it was httpd_sys_content_t
>
> Sincerely yours,
> Vadym Chepkov
>
>
> --- On Wed, 7/22/09, Eric Paris <eparis at redhat.com> wrote:
>
>> From: Eric Paris <eparis at redhat.com>
>> Subject: Re: restorecon question
>> To: "Vadym Chepkov" <chepkov at yahoo.com>
>> Cc: "Fedora SELinux" <fedora-selinux-list at redhat.com>
>> Date: Wednesday, July 22, 2009, 3:12 PM
>> On Wed, 2009-07-22 at 11:06 -0700,
>> Vadym Chepkov wrote:
>>> Hi,
>>>
>>> Could you explain me, please, the behavior of the
>> restorecon utility.
>>> I added the following in the local.fc file
>>>
>>> # phpbb
>>> /var/www/phpbb/cache(/.*)?
>>
>> gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
>>> /var/www/phpbb/files(/.*)?
>>
>> gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
>>> compiled and installed policy, seems to be in place.
>>>
>>> # semanage fcontext -l|grep phpbb
>>> /var/www/phpbb/cache(/.*)?
>>
>> all files
>> system_u:object_r:httpd_sys_script_rw_t:s0
>>> /var/www/phpbb/files(/.*)?
>>
>> all files
>> system_u:object_r:httpd_sys_script_rw_t:s0
>>> But when now I run restorecon -vR /var/www/phpbb/
>>> it doesn't do anything. I would expect it to changed
>> context on two directories and files in them.
>>
>> What was the context before? Was the only difference
>> the 'user'
>> portion? I don't think restorecon bothers to reset
>> the context if the
>> only thing 'wrong' is the user, since the user is not
>> relevant to any
>> security operations....
>>
>>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
customizable_types was the problem. You need to use the -F to override customizable_types.
More information about the fedora-selinux-list
mailing list