Ken YANG wrote: > Stephanos Manos wrote: >> Ken YANG wrote: >>> Stephanos Manos wrote: >>>> Hi >>>> >>>> I'm in the proses of building a hole server and i was wondering what is >>>> the correct way of labeling the lost+found directory of various file >>>> systems that will be mounted under the /srv. I have labeled /srv as >>>> public_content_rw_t with >>>> semanage fcontext -a -t public_content_rw_t '/srv(/.*)?' >>>> but that results to lost+found being labeled as public_content_rw_t so i >>>> also run >>>> semange fcontext -a -f -d -t lost_found_t '/srv/(.*/)lost\+found' >>>> >>>> my question is: >>>> in /etc/selinux/targeted/contexts/files/file_contexts i see two lines >>>> for /lost+found >>>> a. /lost\+found/.* <<none>> >>>> b. /lost\+found -d system_u:object_r:lost_found_t:s0 >>>> >>>> the second is created with the above mentioned command >>>> who do i create the first or i don't needed? >>> the first one is about the content in lost+found, and the second is >>> about the directory lost+found, i think you also find the "-d" item. >>> >>> the label rules you create through "semanage fcontext" are in: >>> >>> /etc/selinux/targeted/contexts/files/file_contexts.local >>> >> Yes i know that. when i issue the above mentioned semange fcontext >> command i see the following line created in >> /etc/selinux/targeted/contexts/files/file_contexts.local >> >> /srv/(.*/)lost\+found -d system_u:object_r:lost_found_t:s0 >> >> but how do i create a line that is >> /srv/(.*/)lost\+found/.* <<none>> >> >> in the file_contexts.local >> >> or i don't need it? > > the need of this line depends on your purpose. This line means > the context of files you created in the dir are labeled according to > the creating process and containing directory, if no policy rules > about it. > > i think you should keep this line in your file context file The question is: witch is the correct command that creates the line since direct editing of the file is not recommended ? Stephanos > >> Stephanos >> >>>> Regards >>>> >>>> Stephanos Manos >>>> >>>> -- >>>> fedora-selinux-list mailing list >>>> fedora-selinux-list@xxxxxxxxxx >>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >>>> >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list >> > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
