On Mon, 2006-04-03 at 10:11 -0500, Ian Pilcher wrote: > So 'semanage fcontext ...' is simply an interface to modify the policy > contexts/files/file_contexts? This is going to result in an rpmnew > file whenever the policy is updated, right? No. That file is no longer provided by the policy package directly; it is generated by libsemanage each time upon updates, and even policy updates go through libsemanage now. libsemanage merges local additions (stored separately in the file_contexts.local file in the modules/active/ subdirectory) with the policy-provided file into the final file before installing it. > It's just my opinion, but I think it would be very convenient for system > administrators and packagers to have a simple mechanism to override the > policy for specific files. Yes, that's what semanage fcontext -a is for. Or under FC4, you could manually create and edit a /etc/selinux/targeted/contexts/file/file_contexts.local file. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
