Is there a way to get a list of the current fcontext "equivalence" customizations? Those don't appear in "semanage -o" output, though "semanage fcontext -D" does dutifully delete them.
Hi Robert,
fcontext equivalence settings are placed at the end of "semanage fcontext -l" output.
# semanage fcontext -l | tail -n 18 SELinux Distribution fcontext Equivalence
/usr/local/lib64 = /usr/lib /etc/systemd/system = /usr/lib/systemd/system /run/systemd/system = /usr/lib/systemd/system /run/systemd/generator = /usr/lib/systemd/system /var/home = /home /var/roothome = /root /usr/lib64 = /usr/lib /var/lib/xguest/home = /home /var/named/chroot/lib64 = /usr/lib /var/named/chroot/usr/lib64 = /usr/lib /run = /var/run /usr/local/lib32 = /usr/lib /lib64 = /usr/lib /lib = /usr/lib /run/lock = /var/lock #
Maybe there is more elegant way how to display just those.
Milos Malik
----- Original Message -----
Is there a way to get a list of the current fcontext "equivalence" customizations? Those don't appear in "semanage -o" output, though "semanage fcontext -D" does dutifully delete them.
-- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
On 01/08/2015 06:06 AM, Milos Malik wrote:
Hi Robert,
fcontext equivalence settings are placed at the end of "semanage fcontext -l" output.
# semanage fcontext -l | tail -n 18 SELinux Distribution fcontext Equivalence
/usr/local/lib64 = /usr/lib /etc/systemd/system = /usr/lib/systemd/system /run/systemd/system = /usr/lib/systemd/system /run/systemd/generator = /usr/lib/systemd/system /var/home = /home /var/roothome = /root /usr/lib64 = /usr/lib /var/lib/xguest/home = /home /var/named/chroot/lib64 = /usr/lib /var/named/chroot/usr/lib64 = /usr/lib /run = /var/run /usr/local/lib32 = /usr/lib /lib64 = /usr/lib /lib = /usr/lib /run/lock = /var/lock #
Maybe there is more elegant way how to display just those.
As Dan kindly pointed out in private email "semanage fcontext -l -C" works. I just hadn't found it. Thanks.
selinux@lists.fedoraproject.org