-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/23/2010 04:26 PM, Lennart Poettering wrote: > On Tue, 23.11.10 21:19, Paul Howarth (paul@xxxxxxxxxxxx) wrote: > >> >> On Tue, 23 Nov 2010 21:48:30 +0100 >> Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: >>> - In some cases daemons might want to create more than one file/dir >>> below /var/run which are supposed to be labelled differently. In >>> this case the daemon can either be modified to fix its labels up >>> itself, or a drop-in file in /etc/tmpfiles.d/ might help (see below). >> >> Given that the tmpfiles.d format doesn't mention SELinux contexts, I >> assume that the files/directories will be set up to have whatever their >> default context would be under the running policy, as restorecon would >> set it? > > Yes, SELinux contexts are exclusively configured in the policy, we do > not spread that around in other ocnfiguration files. > > The tmpfiles stuff includes an implicit restorecon, basically. > > Lennart > And we do not want these labels leaking out into config files. Since there are multiple policies. For example. /var/run/BLAH might have different labels in MLS policy versus Targeted. And some of our partners ship their own policies. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsNPYACgkQrlYvE4MpobNnawCfSGBUNfTq0ayy+RMdajBwDBuD YpgAn1gRJvhHdOmtXvbTh461p6M/rNd3 =4FmN -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel