On Tue, 5 Jul 2011 10:38:44 -0400, wrote: > Feel free to point me to a link that discusses this, but how *does* > selinux decide on roles when I'm using restorecon? Does it use the > context > of the directory above it, or that it's in, or is there something > else? > > mark > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux My understanding is that restorecon uses the file contexts defined in policy and if you look at these /etc/selinux/policyname/contexts/files/file_contexts you will see it defines a full context including role not just type. So the role from restorecon and matchpathcon come from those files. Dave -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
