-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2013 03:37 PM, m.roth@xxxxxxxxx wrote: > Daniel J Walsh wrote: >> On 04/18/2013 02:58 PM, m.roth@xxxxxxxxx wrote: >>> Daniel J Walsh wrote: >>>> On 04/18/2013 10:31 AM, m.roth@xxxxxxxxx wrote: >>>>> David Quigley wrote: >>>>>> On 04/18/2013 10:12, m.roth@xxxxxxxxx wrote: >>>>>>> David Quigley wrote: > <snip> >>>>> And the second note - if there's a syntax for semanage that lets >>>>> me >>> change user context, I don't see it - the -s doesn't seem to let me >>> do, for example, -s system_u. >>>>> >>>> Please explain what you are trying to do? Change a logged in user >>>> context? >>> >>> Nahhh.... Working on a new system, to replace an older one, and my >>> manager's copied some stuff, and either on the original system, or the >>> copy, don't know why, but the base of the directory tree we use for >>> websites came out as unconfined_u, and I was changing it to system_u. >>> I've run into that before, though, and want to make a change that will > stick, >>> and result in new files being created with the correct context. > <snip> Directly related to this - we don't use /var/www for web content, > but rather a directory directly on /. What *would* be an appropriate type > for that directory, var_t? Since it's /<ourdirectory>/htdocs/... but there > are other things there, just like /var/www, *and* it's in the root > filesystem, I shouldn't think the whole thing should be > httpd_sys_content_t. > > mark > var_t or usr_t are searchable by all domains. usr_t is readable by most while var_t is only search able. Potentially you could setup equivalence /OUTDIRECTORY/www == /var/www -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlFwT7YACgkQrlYvE4MpobNYUwCfY4nmVQyWm3tDpGqvvKw8enJQ 6ZIAn1q5cT7GudKCKgbjNMReVRVzrzLH =FKpk -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
