On Tue, 2005-12-20 at 11:28 +0100, Aurelien Bompard wrote: > Tarek W. wrote: > > A quick hack would be: > > chcon -R --reference=/var/www/html /var/lib/cacti > > But that would be lost on relabel, right ? > What is the best way to integrate this into the distro ? Push /var/lib/cacti > as http_sys_content_t in the official policy ? Can we add file-context bits > into some kind of file-contexts.d directory ? What is your target here? FC4 or FC5? In FC4, you'd have to push up the change into the policy sources, possibly as a new .fc file (but I'm not clear on whether you want /var/lib/cacti to be completely equivalent to /var/www/html as above or if you want a new type here so that you can still distinguish them for other purposes). In FC5, you will be able create a separate policy module package (via checkmodule and semodule_package) with a pre-compiled policy module and your own file_contexts info and ship it either as part of your package or as a separate xxx-policy package on which your package depends, and have it installed via semodule run from %post. Keeping it as a separate xxx-policy package is nice if you want to be able to update the policy for it later separate from updating the base package itself. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
