I'm trying to understand why, on an updated F8 machine with selinux-policy-3.0.8-101.fc8.noarch and selinux-policy-targeted-3.0.8-101.fc8.noarch, /var/www/blah/cgi-bin doesn't end up as httpd_sys_script_exec_t. semanage fcontext -l says (among many other lines, of course): /var/www/[^/]*/cgi-bin(/.*)? all files system_u:object_r:httpd_sys_script_exec_t:s0 and yet: > sudo restorecon -R -v /var/www > ls -lZ /var/www/blah drwxr-xr-x root root unconfined_u:object_r:httpd_sys_content_t:s0 cgi-bin/ Am I misinterpreting the semanage output above? Is it possible that the following line, which appears earlier in the semanage output, is overriding? /var/www(/.*)? all files system_u:object_r:httpd_sys_content_t:s0 - J< -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
