-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Andy Green wrote: > Somebody in the thread at some point said: > >>> SELinux doesn't care about file paths. If the directories have the right >>> context labels, it doesn't matter where they are. >> You need more than the directories to be right. Sometimes the files inside the > >> /var is hardcoded. > > It doesn't consider file paths when examining what it was you wanted to > touch to see if you can. > > But when you create a file, by cp or whatever, it must use private > knowledge about the specific path's "natural" context or it can't > automagically label new files correctly based on where they were created. > > Maybe it will be possible to adjust the policies to accept both > /var/blah and /srv/blah, or via a bool. > > -Andy > sed 's/var/srv/g' is easy. But I have a feeling sysadmins are going to be much more complex than this. I don't think rpm does a good job of choosing alternate locations for the installed rpms. This seems to be a bigger problem then worrying about whether SELinux can put the proper file context in place. If you set the directory context correctly the files created in the directory will work. So labeling /src/www and /var/www the same means that apps creating files/directories in either will work exactly the same. You need to use semanage fcontext ... To make sure file labeling remains after a relabel. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFG+7gcrlYvE4MpobMRAjP9AJ9qsV/CELf/+OmD+S/SpfRHhDhPRgCgsOQT 7je6K5MrcpC3/rmd814kuno= =cwvB -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
