On Sat, 2008-02-02 at 17:02 +0900, Shintaro Fujiwara wrote:
> Hi, I read man semanage and found that semanage fcontext -a uses
> restorecon.
>
> Does that mean I don't have to restorecon after I semanage fcontext
> -a ?
semanage fcontext -a adds entries to the local file contexts
configuration. It doesn't directly relabel any files. Then, after
you've run semanage fcontext -a to add the entry, you can run restorecon
or other relabeling programs to actually relabel the files to the
context you've specified in the entry.
OK, I understand.
So, I have to relabel by restorecon after I semanage fcontext -a path, right ?
I already re-written my program (segatex) to restorecon after semanage fcontext -a -m.
Thank you very much.
> I just did restorecon fcontext -a and relabeled the system and found
> that file context survived.
Yes, the relabeling programs (setfiles, restorecon, fixfiles) all
consult the file contexts configuration, and semanage fcontext -a is how
you add local entries to that configuration. The other way to add
entries is by inserting a loadable policy module with its own .fc file.
--
Stephen Smalley
National Security Agency
--
http://intrajp.no-ip.com/ Home Page
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
