|
Hello All, Using ‘semanage fcontext’ two entries have been added into the file_context.local file. The first entry sets ‘/var/me/logs/webServer(/.*)?’ to httpd_log_t and the second sets ‘/var/me/logs(/.*)?’ to var_log_t. This can be seen below. cat /etc/selinux/targeted/contexts/files/file_contexts.local /var/me/logs/webServer(/.*)? system_u:object_r:httpd_log_t:s0 [snip] /var/me/logs(/.*)? system_u:object_r:var_log_t:s0 How I must be misunderstanding what the order of precedence with respect to the lookups is. I had thought that the most specific match would have been used, so given the config above, I would expect the lookup below to yield httpd_log_t,
and not var_log_t for /var/me/logs/webServer/x. UAT [root@test webServer]$ matchpathcon /var/me/logs/webServer/x /var/me/logs/webServer/x system_u:object_r:var_log_t If I were to manually re-order this file and place /var/me/logs above /var/me/logs/webserver then I get the desired result. However this requires me to know the order of all the entries up front, and if something less specific gets added
later, it would seem this would also take precedence as well. What is the correct way to ensure that lookups work as I would expect, namely that regardless of the order in which the rules are added, /var/me/logs/webserver -> httpd_log_t and /var/me/logs -> var_log_t. Many thanks, Will. |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
