Re: [RFC] /var versus /srv

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 26 September 2007 22:57:43 Lamont Peterson wrote:
> > AFAIK, selinux only knows about a couple servers, like apache, having
> > data in /srv. If SE Linux is going to protect the data, a standard
> > mapping between /srv and /var for everything should be worked out so
> > that policy can be adapted.
>
> SELinux doesn't care about file paths.  If the directories have the right
> context labels, it doesn't matter where they are.

You need more than the directories to be right. Sometimes the files inside the
same directory have different labels. For each type being used, selinux needs
the path. Here's a typical example from sendmail's policy:

/var/log/mail(/.*)?                gen_context(system_u:object_r:sendmail_log_t,s0)

/var is hardcoded.

-Steve

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux