You are right, these types are listed in /etc/selinux/targeted/contexts/customizable_types:
.... httpd_sys_content_t httpd_sys_htaccess_t httpd_sys_script_exec_t httpd_sys_script_ra_t httpd_sys_script_ro_t httpd_sys_script_rw_t httpd_unconfined_script_exec_t ....
May I ask, why do they set this way?
Sincerely yours, Vadym Chepkov
--- On Wed, 7/22/09, Dominick Grift domg472@gmail.com wrote:
From: Dominick Grift domg472@gmail.com Subject: Re: restorecon question To: "Vadym Chepkov" chepkov@yahoo.com Cc: "Fedora SELinux" fedora-selinux-list@redhat.com Date: Wednesday, July 22, 2009, 2:33 PM On Wed, 2009-07-22 at 11:06 -0700, Vadym Chepkov wrote:
Hi,
Could you explain me, please, the behavior of the
restorecon utility.
I added the following in the local.fc file
# phpbb /var/www/phpbb/cache(/.*)?
gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
/var/www/phpbb/files(/.*)?
gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
compiled and installed policy, seems to be in place.
# semanage fcontext -l|grep phpbb /var/www/phpbb/cache(/.*)?
all files system_u:object_r:httpd_sys_script_rw_t:s0
/var/www/phpbb/files(/.*)?
all files system_u:object_r:httpd_sys_script_rw_t:s0
But when now I run restorecon -vR /var/www/phpbb/ it doesn't do anything. I would expect it to changed
context on two directories and files in them.
Only if I specify -F (force) I relabel everything. I can't quite grasp why sometimes I don't have to
supply -F and sometimes I do.
Not completely sure but i think it may have to do with customizable types. Customizable types are types that should not be relabeled.
This can be overridden with the -F (force) option.
Again i am not quite sure if this is the case here because in my system the httpd_sys_content_t type is not added to the customizable_types files.
less /etc/selinux/targeted/contexts/custom*
If i am wrong i hope someone will correct me.
Thank you.
Sincerely yours, Vadym Chepkov
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list