It depends on what you want things to be able to do with files in that directory. If they're only being used by normal users to do normal user things, you might not need to give them a file context at all.
As I said, you want to manage it with `semanage fcontext`.
On Wed, Jun 07, 2023 at 01:55:27PM -0700, Henry Zhang wrote:
Robin,
The "/run/media/mmcblk0p2" is not listed in the file file_contexts.
- Should I update file_contexts?
- Where does the file_contexts come from and intialized?
---henry
On Wed, Jun 7, 2023 at 11:26 AM Robin Lee Powell < rlpowell@digitalkingdom.org> wrote:
Exactly what it says; the system stores a list of what files should have which labels, and it doesn't know about that path. You can see the raw data on what's currently defined at /etc/selinux/targeted/contexts/files/file_contexts and /etc/selinux/targeted/contexts/files/file_contexts.local , although you really should managed them with `semanage fcontext`.
On Wed, Jun 07, 2023 at 09:33:21AM -0700, Henry Zhang wrote:
Vit,
When I do relabel with setfiles and see: "Warning no default label for /run/media/mmcblk0p2"
What is wrong?
---henry
On Wed, Jun 7, 2023 at 4:59 AM Vit Mojzis vmojzis@redhat.com wrote:
On 6/6/23 23:13, Henry Zhang wrote:
Zdenek,
fixfiles are used for relabeling. Relabel hints the system was labeled before. But when the system is labeled initially?
After selinux-policy-targeted (or minimum/mls) is installed. These packages contain distribution policy modules (including file context definitions).
In which cases
- semodule should be called?
"semodule" is for managing policy modules (install, remove, list, enable, disable), so for example when you want to add a custom policy module, or list which modules are present in your system.
- fixfiles should be executed?
After a policy change (new policy module is installed/removed, or new file context definition is added using "semanage fcontext"), or after mounting a new filesystem. Note that relabeling can be done using "fixfiles", "setfiles", or "restorecon", all of which use the same underlying code (each is just aimed at different use-case).
Hope this helps. Vit
Thanks.
----henry
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to
selinux-leave@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
Do not reply to spam, report it: