hi
I did not know, but it seems that "order" matters.
Would there be a doc, howto or maybe a man page that
explains importance of the order in which rules(maybe only
local) appear, are processed?
if I have something like:
$ semanage fcontext -lC
....
/__.aLocalStorages/0/0-SUBVERSIONs(/.*)?/db(/.*)? all
files system_u:object_r:httpd_sys_rw_content_t:s0
/__.aLocalStorages/0/0-SUBVERSIONs(/.*)?/locks(/.*)? all
files system_u:object_r:httpd_sys_rw_content_t:s0
/__.aLocalStorages/0/0-SUBVERSIONs(/.*)? all
files system_u:object_r:httpd_sys_content_t:s0
then:
$ /__.aLocalStorages/0/0-SUBVERSIONs/myRepo/locks will not
get "httpd_sys_rw_content_t"
but I put/add them so they would be:
/__.aLocalStorages/0/0-SUBVERSIONs(/.*)? all
files system_u:object_r:httpd_sys_content_t:s0
/__.aLocalStorages/0/0-SUBVERSIONs(/.*)?/db(/.*)? all
files system_u:object_r:httpd_sys_rw_content_t:s0
/__.aLocalStorages/0/0-SUBVERSIONs(/.*)?/locks(/.*)? all
files system_u:object_r:httpd_sys_rw_content_t:s0
then yes, /__.aLocalStorages/0/0-SUBVERSIONs/myRepo/locks
will get "httpd_sys_rw_content_t"
I'd expect such a crucial fact would be in *bold* in man
pages, but I cannot find it @centos 7.x.
.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
