Re: selinux versus chcon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sorry for the top posting. No, chcon is not necessary in your example.
Perhaps the advice message is wrong, or it is something historical.
Hth

2011/9/19, Fulko Hew <fulko.hew@xxxxxxxxx>:
> I've reviewing my buildRPM spec file so that it works in newer distributions
> (currently playing with RHEL 5.6), but my question is applicable to
> Fedora xxx as well.
>
> During the development of my package, I had encountered issues with my
> build and install procedures during the slow migration/acceptance of
> SELinux.
>
> In my %post part of my spec file I had added both chcon commands and
> semanage commands and restorecon commands.  As time goes by I've
> forgotten why I used chcon versus semanage, and why I needed the
> restorecon command at all.  :-(
>
> (Today's issue is setroubleshoot browser is recommending I use a chcon
> command to add httpd_sys_content_t to /var/cache/fontconfig/*)
>
> My spec file currently contains this:
>
> %{_bindir}/chcon -t httpd_sys_script_exec_t
> /var/www/html/nia/scripts/* 2>/dev/null
> semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/nia/tmp'
> 2>/dev/null
> restorecon -v '/var/www/html/nia/tmp' 2>/dev/null
>
> >From what I can remember:
> 1/ I added the 'chcon' so that my scripts are executable by apache.
> 2/ I used semanage to make my temp directory writable by my scripts
> 3/ I needed the 'restorecon' to 'make the semanage stuff 'sticky'.
>
> >From what I've been able to read:
>
> chcon affects the filesystem, whereas
> semanage affects 'policy' and
> restorecon  is used to 're-affect the filesystem according to policy'
> (set by semanage (and others)).
>
> Is this a valid interpretation?
>
> If so... why use chcon versus the semanage/restorecon technique?
> or if my assesement is wrong... can someone point me to a better
> explanation/tutorial?
>
> TIA
> Fulko
> --
> devel mailing list
> devel@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/devel
>

-- 
Inviato dal mio dispositivo mobile
_______________________________________________
Rpm-list mailing list
Rpm-list@xxxxxxxxxxxxx
http://lists.rpm.org/mailman/listinfo/rpm-list
[Index of Archives]     [RPM Ecosystem]     [Linux Kernel]     [Red Hat Install]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Red Hat]     [Gimp]     [Yosemite News]     [IETF Discussion]

  Powered by Linux