On Thursday 27 September 2007 07:03:08 Andy Green wrote: > But when you create a file, by cp or whatever, it must use private > knowledge about the specific path's "natural" context or it can't > automagically label new files correctly based on where they were created. Correct. Cp has been coded to look at the originating context and apply that to the destination context when the --preserve option is supplied. It does not change the policy and the first time a relabel occurs, the context may be reset. > Maybe it will be possible to adjust the policies to accept both > /var/blah and /srv/blah, or via a bool. It looks like a couple daemons were done like this. However, its not all daemons and you have to move the files exactly where selinux policy says or you are fighting selinux. Looking at policy, I see /srv/* set to var_t, /srv/gallery2 set to httpd_sys_content_t, /srv/*/rsync/* set to public_content_t, and /srv/*/www/ set to httpd_sys_content_t. The easiest way to see this is to click on system | administration | SELinux Management menu item. Then select the File Labeling button and sort by File name by clicking on the left-most column. You can scroll down and see it. -Steve -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
