On Mon, Nov 18, 2013 at 15:22:08 +0100, Vidalie Hervé <herve.vidalie@xxxxxxxxxxxxx> wrote:
I would like to set a default type on /WEBS and his subfolders: semanage fcontext -a -t httpd_sys_content_t '/WEBS(/.*)?' restorecon -Rv /WEBS* However, this command sets the type httpd_sys_content_t recursively on everything in /WEBS What is the priority between file context rules? I thought more precise rules will prevail on others.
Note that the context files really just work when doing relabelling with restorecon or fixfiles. What gets applied when a new file is created is going to be governed by policy. (Though inheriting from the directory the file is being created in is the common default.) You can have rules based on the creating process' label, the label of the directory the file is being created in and in recent kernels (I am not sure if this is in RHEL6, but is in current Fedora) the name (no wildcards) of the file.
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
