On Sat, 2008-02-02 at 17:02 +0900, Shintaro Fujiwara wrote: > Hi, I read man semanage and found that semanage fcontext -a uses > restorecon. > > Does that mean I don't have to restorecon after I semanage fcontext > -a ? semanage fcontext -a adds entries to the local file contexts configuration. It doesn't directly relabel any files. Then, after you've run semanage fcontext -a to add the entry, you can run restorecon or other relabeling programs to actually relabel the files to the context you've specified in the entry. > I just did restorecon fcontext -a and relabeled the system and found > that file context survived. Yes, the relabeling programs (setfiles, restorecon, fixfiles) all consult the file contexts configuration, and semanage fcontext -a is how you add local entries to that configuration. The other way to add entries is by inserting a loadable policy module with its own .fc file. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
