On Thu, Aug 16, 2012 at 3:34 PM, <m.roth@xxxxxxxxx> wrote: > Y'know, I know I'm asking for help, but I am so bloody frustrated that I > want to give an example of why most admins I know *loathe* selinux. > Sorry that you're frustrated. > chcon doesn't last through reboots. Why? Or why have it? Setting contexts with chcon does last across reboots. It doesn't last through a full relabel of the filesystem, but that is something that shouldn't be necessary during normal operation. It is only used occasionally to recover when a system is in a strange state. Keeping the file contexts database up-to-date with semanage makes this a relatively safe thing to do. > semanage doesn't offer the most obvious flag: -R, recurse. > The file contexts database - which is what semanage is changing in this situation - is basically recursive already. The tools that use this - like restorecon - do have the recursive flag. Karl > I've just restored a subversion repository from backup, after a drive > failed. Now I'm trying to set the context. I'm trying to follow Dan's > instructions in his blog > <http://danwalsh.livejournal.com/28027.html?thread=197755> > > semanage fcontext -a -t httpd_sys_content_t 'mipav-svn/(*)' > /etc/selinux/targeted/contexts/files/file_contexts.local: line 5 has > invalid regex mipav-svn/(*): Invalid preceding regular expression > > Huh? Ditto without the parens. Nothing's changed. I went back and used > chcon -R, which operates the way I expect a *Nix command to, so that > selinux would shut up. But I want this permanent, so what's the magical > incantation? Do I have the wrong keyboard? Or light a candle? > > mark > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
