ttaylor wrote:
Does anything special have to be done to cause SELinux to start using newly added local filecontexts? What I'm finding is that if I use semanage fcontext -a to add a local filecontext definition, it is not used by restorecon unless I specify the "-F" option. Without the "-F" option, restorecon -vv <file_path> gives the following message: /sbin/restorecon: <file_path> not reset customized by admin to <current_context> but restorecon -vv -F <file_path> gives this: /sbin/restorecon reset <file_path> context <current_context>-><new_context>
This is probably because <current_context> is a customizable type like httpd_sys_content_t; objects with these types don't get reset by restorecon unless you use -F. I'm not sure how to find out which types are customizable off the top of my head though.
Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
