-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/06/2011 01:44 PM, Robin Lee Powell wrote: > On Tue, Sep 06, 2011 at 01:41:27PM -0400, Daniel J Walsh wrote: >> >> I am going to write a blog on this. > > Oh that would be lovely! > >> Your other option is to use semanage rather then a module. >> Search order on matching is >> >> semanage fcontext MODULECONTAINING HOMEDIR MODULE containing file >> context. > > The problem there is that semanage has no concept of "I want this > to go here in the ordering"; it's last-come-first-served, which > makes it really hard to deal with from Puppet, which is how I roll. > If there was a way to say "insert this fcontext before this other > one", that would fix it, but I don't see a way to do that. > > The nice thing about having it in a module is that I can specify > the order. > > I suppose I could put things in > /etc/selinux/targeted/contexts/files/file_contexts.local > directly?, to handle the ordering, but it says not to. > > -Robin > As long as this is between you and me :^). You could put your changes in /etc/selinux/targeted/modules/active/file_contexts.local and /etc/selinux/targeted/contexts/files/file_contexts.local Then you would be fine and a selinux-policy update would not destroy your local changes. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5mXiUACgkQrlYvE4MpobMYfACgugAgvuK6p/TCYzO9wjWAWiMs op4Anj1Ea6agR7lMEEq/pMEQAnACFZ3g =g7Us -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
