On Tue, 23.11.10 21:19, Paul Howarth (paul@xxxxxxxxxxxx) wrote: > > On Tue, 23 Nov 2010 21:48:30 +0100 > Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > > - In some cases daemons might want to create more than one file/dir > > below /var/run which are supposed to be labelled differently. In > > this case the daemon can either be modified to fix its labels up > > itself, or a drop-in file in /etc/tmpfiles.d/ might help (see below). > > Given that the tmpfiles.d format doesn't mention SELinux contexts, I > assume that the files/directories will be set up to have whatever their > default context would be under the running policy, as restorecon would > set it? Yes, SELinux contexts are exclusively configured in the policy, we do not spread that around in other ocnfiguration files. The tmpfiles stuff includes an implicit restorecon, basically. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
