On Mon, Oct 27, 2008 at 14:34:40 -0700, Timothy Renner <timothy.renner@xxxxxxxxx> wrote: > > Any thoughts on this? Can someone explain how the file context is > derived from the rules? Is it as simple as whichever matches first? > And does anyone know a way around this labeling problem, assuming I > cannot remove the /sbin/.* rule, but can only add rules through a policy > module. The patterns are only used when relabelling. When files are created there is a default context based on the domain of the process and the context of the directory the file is being created in. Applications can also create files with specific contexts. I don't remember the relabelling priority. It is probably either the first matching rule or the last matching rule as deciding which is more specific is hard in general and that route probably wasn't chosen. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
