On 07/22/2009 03:50 PM, Vadym Chepkov wrote: > No, it was httpd_sys_content_t > > Sincerely yours, > Vadym Chepkov > > > --- On Wed, 7/22/09, Eric Paris <eparis@xxxxxxxxxx> wrote: > >> From: Eric Paris <eparis@xxxxxxxxxx> >> Subject: Re: restorecon question >> To: "Vadym Chepkov" <chepkov@xxxxxxxxx> >> Cc: "Fedora SELinux" <fedora-selinux-list@xxxxxxxxxx> >> Date: Wednesday, July 22, 2009, 3:12 PM >> On Wed, 2009-07-22 at 11:06 -0700, >> Vadym Chepkov wrote: >>> Hi, >>> >>> Could you explain me, please, the behavior of the >> restorecon utility. >>> I added the following in the local.fc file >>> >>> # phpbb >>> /var/www/phpbb/cache(/.*)? >> >> gen_context(system_u:object_r:httpd_sys_script_rw_t,s0) >>> /var/www/phpbb/files(/.*)? >> >> gen_context(system_u:object_r:httpd_sys_script_rw_t,s0) >>> compiled and installed policy, seems to be in place. >>> >>> # semanage fcontext -l|grep phpbb >>> /var/www/phpbb/cache(/.*)? >> >> all files >> system_u:object_r:httpd_sys_script_rw_t:s0 >>> /var/www/phpbb/files(/.*)? >> >> all files >> system_u:object_r:httpd_sys_script_rw_t:s0 >>> But when now I run restorecon -vR /var/www/phpbb/ >>> it doesn't do anything. I would expect it to changed >> context on two directories and files in them. >> >> What was the context before? Was the only difference >> the 'user' >> portion? I don't think restorecon bothers to reset >> the context if the >> only thing 'wrong' is the user, since the user is not >> relevant to any >> security operations.... >> >> > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list customizable_types was the problem. You need to use the -F to override customizable_types. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
