-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ttaylor wrote: > Does anything special have to be done to cause SELinux to start using newly > added local filecontexts? What I'm finding is that if I use semanage > fcontext -a to add a local filecontext definition, it is not used by > restorecon unless I specify the "-F" option. Without the "-F" option, > restorecon -vv <file_path> gives the following message: > > /sbin/restorecon: <file_path> not reset customized by admin to > <current_context> > > but restorecon -vv -F <file_path> gives this: > > /sbin/restorecon reset <file_path> context <current_context>-><new_context> > > I've also tried using /usr/sbin/semodule --build to try rebuilding (and > reloading) the current policy, but that > didn't change the behavior I'm seeing. > > Any suggestions would be greatly appreciated. > > - Tim > The only time you should need the -F would be if the previous context was in /etc/selinux/targeted/contexts/customizable_types I believe. The most common of these are httpd. This file is an artifact of what we had to do before we had semanage. If the file context is not listed in this file and you still need the force, what is the the file context you are changing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfefN4ACgkQrlYvE4MpobPlVgCcDsqC/AOjwJB6gBmW+jYloKpG JW4AoM0DPHRgUnbnTKSFD1JBVmBrAgbc =mSu/ -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
