On Tue, Sep 06, 2011 at 01:41:27PM -0400, Daniel J Walsh wrote: > > I am going to write a blog on this. Oh that would be lovely! > Your other option is to use semanage rather then a module. Search > order on matching is > > semanage fcontext > MODULECONTAINING HOMEDIR > MODULE containing file context. The problem there is that semanage has no concept of "I want this to go here in the ordering"; it's last-come-first-served, which makes it really hard to deal with from Puppet, which is how I roll. If there was a way to say "insert this fcontext before this other one", that would fix it, but I don't see a way to do that. The nice thing about having it in a module is that I can specify the order. I suppose I could put things in /etc/selinux/targeted/contexts/files/file_contexts.local directly?, to handle the ordering, but it says not to. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
