On Wednesday 26 September 2007 22:57:43 Lamont Peterson wrote: > > AFAIK, selinux only knows about a couple servers, like apache, having > > data in /srv. If SE Linux is going to protect the data, a standard > > mapping between /srv and /var for everything should be worked out so > > that policy can be adapted. > > SELinux doesn't care about file paths. If the directories have the right > context labels, it doesn't matter where they are. You need more than the directories to be right. Sometimes the files inside the same directory have different labels. For each type being used, selinux needs the path. Here's a typical example from sendmail's policy: /var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0) /var is hardcoded. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
