You are right, these types are listed in /etc/selinux/targeted/contexts/customizable_types: .... httpd_sys_content_t httpd_sys_htaccess_t httpd_sys_script_exec_t httpd_sys_script_ra_t httpd_sys_script_ro_t httpd_sys_script_rw_t httpd_unconfined_script_exec_t .... May I ask, why do they set this way? Sincerely yours, Vadym Chepkov --- On Wed, 7/22/09, Dominick Grift <domg472@xxxxxxxxx> wrote: > From: Dominick Grift <domg472@xxxxxxxxx> > Subject: Re: restorecon question > To: "Vadym Chepkov" <chepkov@xxxxxxxxx> > Cc: "Fedora SELinux" <fedora-selinux-list@xxxxxxxxxx> > Date: Wednesday, July 22, 2009, 2:33 PM > On Wed, 2009-07-22 at 11:06 -0700, > Vadym Chepkov wrote: > > Hi, > > > > Could you explain me, please, the behavior of the > restorecon utility. > > > > I added the following in the local.fc file > > > > # phpbb > > /var/www/phpbb/cache(/.*)? > > gen_context(system_u:object_r:httpd_sys_script_rw_t,s0) > > /var/www/phpbb/files(/.*)? > > gen_context(system_u:object_r:httpd_sys_script_rw_t,s0) > > > > compiled and installed policy, seems to be in place. > > > > # semanage fcontext -l|grep phpbb > > /var/www/phpbb/cache(/.*)? > > all files > system_u:object_r:httpd_sys_script_rw_t:s0 > > /var/www/phpbb/files(/.*)? > > all files > system_u:object_r:httpd_sys_script_rw_t:s0 > > > > But when now I run restorecon -vR /var/www/phpbb/ > > it doesn't do anything. I would expect it to changed > context on two directories and files in them. > > > > Only if I specify -F (force) I relabel everything. > > I can't quite grasp why sometimes I don't have to > supply -F and sometimes I do. > > Not completely sure but i think it may have to do with > customizable > types. Customizable types are types that should not be > relabeled. > > This can be overridden with the -F (force) option. > > Again i am not quite sure if this is the case here because > in my system > the httpd_sys_content_t type is not added to the > customizable_types > files. > > less /etc/selinux/targeted/contexts/custom* > > If i am wrong i hope someone will correct me. > > > Thank you. > > > > Sincerely yours, > > Vadym Chepkov > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
