-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/18/2013 09:35 AM, Vidalie Hervé wrote: > This will unfortunately put an unwanted type on some subdirectories (for > example on /WEBS/client/service/conf) and won't set the type > httpd_sys_content_t on my untyped files. > > -----Message d'origine----- De : Dominick Grift > [mailto:dominick.grift@xxxxxxxxx] Envoyé : lundi 18 novembre 2013 15:28 À : > Vidalie Hervé Cc : selinux@xxxxxxxxxxxxxxxxxxxxxxx Objet : Re: priority > between file context rules > > > On Mon, 2013-11-18 at 15:22 +0100, Vidalie Hervé wrote: > >> I would like to set a default type on /WEBS and his subfolders: semanage >> fcontext -a -t httpd_sys_content_t '/WEBS(/.*)?' restorecon -Rv /WEBS* >> However, this command sets the type httpd_sys_content_t recursively on >> everything in /WEBS What is the priority between file context rules? I >> thought more precise rules will prevail on others. > > I can't answer your last question since i was under the same impression > but: > > You can use: > > semanage fcontext -m -t httpd_sys_content_t -f -d '/WEBS(/.*)?' > > To modify the spec to make it apply to directories only (note the -f -d) > > > Ce message et les pièces jointes sont confidentiels et réservés à l'usage > exclusif de ses destinataires. Il peut également être protégé par le secret > professionnel. Si vous recevez ce message par erreur, merci d'en avertir > immédiatement l'expéditeur et de le détruire. L'intégrité du message ne > pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra > être recherchée quant au contenu de ce message. Bien que les meilleurs > efforts soient faits pour maintenir cette transmission exempte de tout > virus, l'expéditeur ne donne aucune garantie à cet égard et sa > responsabilité ne saurait être recherchée pour tout dommage résultant d'un > virus transmis. > > This e-mail and the documents attached are confidential and intended solely > for the addressee; it may also be privileged. If you receive this e-mail in > error, please notify the sender immediately and destroy it. As its > integrity cannot be secured on the Internet, the Worldline liability cannot > be triggered for the message content. Although the sender endeavours to > maintain a computer virus-free network, the sender does not warrant that > this transmission is virus-free and will not be liable for any damages > resulting from any virus transmitted. -- selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Local changes will win. Which is what you are seeing. I think there is an open bug on last change winning, when adding file context. So you want to add your general change first. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKKPDoACgkQrlYvE4MpobM9cwCeIQ+azFOjqWcDxRj21ABx0A+4 F5cAoOps9J/P6TjRdQ3qodLbW46ZOm05 =Lb6R -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux