On my FC4 system, I created a file
/etc/selinux/targeted/contexts/files/file_contexts.local that contained
the following lines:
/srv/backup(/.*)? system_u:object_r:ftpd_anon_rw_t
/srv/softlib(/.*)? system_u:object_r:ftpd_anon_rw_t
This was to ensure that that files created in these areas got the right
context, and that it would survive a relabel. Having since learned about
customizable types, I probably didn't need to do that in this case, but
the principle applies anyway.
My understanding is that in FC5, the equivalent thing to do for this
would be to use semanage to add additional fcontext objects. Is that
right (I think the semanage manpage could do with an example or two btw,
hint, hint)?
My first question is: if I use semanage, is there a convenient way to
check, on a running system, which objects are there as part of the base
policy and which have been added later, like a file context equivalent
of "semodule -l"?
My second question is: I have lots of log messages like this:
Mar 26 04:24:39 badby kernel: inode_doinit_with_dentry:
context_to_sid(system_u:object_r:ftpd_anon_rw_t) returned 22 for
dev=sdb6 ino=96769
Google suggests that this is a hangover from FC4 that shouldn't be
there, and I suspect is has to do with the presence of my
/etc/selinux/targeted/contexts/files/file_contexts.local file. I'm
thinking of changing this to:
/srv/backup(/.*)? system_u:object_r:public_content_rw_t:s0
/srv/softlib(/.*)? system_u:object_r:public_content_rw_t:s0
or even deleting it entirely and doing the equivalent with semanage.
When I do one of these things, when will it take effect? Will I need to
reboot, or rebuild policy somehow?
Paul.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
