To learn about selinux, I am trying to create a policy that would assign the file /etc/xyz the type tuned_log_t. I have: ===begin xyz.te========================================================= policy_module(xyz, 1.0.0) ===end xyz.te=========================================================== ===begin xyz.fc========================================================= /etc/xyz -- gen_context(system_u:object_r:tuned_log_t,s0) ===end xyz.fc=========================================================== Then I execute: # rm -f /etc/xyz # make -f /usr/share/selinux/devel/Makefile xyz.pp Compiling targeted xyz module /usr/bin/checkmodule: loading policy configuration from tmp/xyz.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/xyz.mod Creating targeted xyz.pp policy package rm tmp/xyz.mod.fc tmp/xyz.mod # semodule -i xyz.pp # touch /etc/xyz # ls -Z /etc/xyz -rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/xyz # restorecon /etc/xyz # ls -Z /etc/xyz -rw-r--r--. root root unconfined_u:object_r:tuned_log_t:s0 /etc/xyz Why is /etc/xyz not getting the correct type immediately as the policy would dictate? Marko -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
