Stephanos Manos wrote: > Ken YANG wrote: >> Stephanos Manos wrote: >>> Hi >>> >>> I'm in the proses of building a hole server and i was wondering what is >>> the correct way of labeling the lost+found directory of various file >>> systems that will be mounted under the /srv. I have labeled /srv as >>> public_content_rw_t with >>> semanage fcontext -a -t public_content_rw_t '/srv(/.*)?' >>> but that results to lost+found being labeled as public_content_rw_t so i >>> also run >>> semange fcontext -a -f -d -t lost_found_t '/srv/(.*/)lost\+found' >>> >>> my question is: >>> in /etc/selinux/targeted/contexts/files/file_contexts i see two lines >>> for /lost+found >>> a. /lost\+found/.* <<none>> >>> b. /lost\+found -d system_u:object_r:lost_found_t:s0 >>> >>> the second is created with the above mentioned command >>> who do i create the first or i don't needed? >> the first one is about the content in lost+found, and the second is >> about the directory lost+found, i think you also find the "-d" item. >> >> the label rules you create through "semanage fcontext" are in: >> >> /etc/selinux/targeted/contexts/files/file_contexts.local >> > Yes i know that. when i issue the above mentioned semange fcontext > command i see the following line created in > /etc/selinux/targeted/contexts/files/file_contexts.local > > /srv/(.*/)lost\+found -d system_u:object_r:lost_found_t:s0 > > but how do i create a line that is > /srv/(.*/)lost\+found/.* <<none>> > > in the file_contexts.local > > or i don't need it? the need of this line depends on your purpose. This line means the context of files you created in the dir are labeled according to the creating process and containing directory, if no policy rules about it. i think you should keep this line in your file context file > > Stephanos > >>> Regards >>> >>> Stephanos Manos >>> >>> -- >>> fedora-selinux-list mailing list >>> fedora-selinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >>> > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
