-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephen Smalley wrote: > On Mon, 2008-03-17 at 11:31 +0000, Paul Howarth wrote: >> ttaylor wrote: >>> Does anything special have to be done to cause SELinux to start using newly >>> added local filecontexts? What I'm finding is that if I use semanage >>> fcontext -a to add a local filecontext definition, it is not used by >>> restorecon unless I specify the "-F" option. Without the "-F" option, >>> restorecon -vv <file_path> gives the following message: >>> >>> /sbin/restorecon: <file_path> not reset customized by admin to >>> <current_context> >>> >>> but restorecon -vv -F <file_path> gives this: >>> >>> /sbin/restorecon reset <file_path> context <current_context>-><new_context> >> This is probably because <current_context> is a customizable type like >> httpd_sys_content_t; objects with these types don't get reset by >> restorecon unless you use -F. I'm not sure how to find out which types >> are customizable off the top of my head though. > > cat /etc/selinux/$SELINUXTYPE/contexts/customizable_types > > Dan - I thought we had discussed reducing that set significantly since > it was originally to avoid clobbering locally-set types upon a > filesystem relabel prior to the introduction of semanage, but with users > now able to add local file contexts easily via semanage fcontext -a, it > isn't as necessary. > Yes I have in Rawhide, but if you are using an Older OS, those files are still there. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfef8gACgkQrlYvE4MpobMIUgCeLkLGmqeGizf4Tgb/yy3wPhWM RPEAn2Ol8SrzueD2p3w7g0M7gcjLUc9E =bmbT -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
