On 11/01/10 01:27, Hasan Rezaul-CHR010 wrote: > Hi All, > > My Linux system has a few product-specific directories like /data, > /inactive, /repl > > The default selinux policy would obviously not know how to label these > directories the way I want, because these are not standard linux > directories. If I want to label these directories a certain way... For > example, suppose I want to label all the above directories as var_t, > can I simply add a few lines to the below two files, and then perform > relabel ? > > /etc/selinux/strict/contexts/files/file_contexts > /etc/selinux/strict/modules/active/file_contexts > > - Is it okay to directly edit those files, or are the above two files > auto-generated ? > - If editing the files is okay, then is it okay to stick lines in > anywhere, or must I follow some kind of convention ? > - or is there a more recommended way to control how those > product-specific directories get labeled ? > > - I have actually stuck some lines manually in the middle of the above > two files, and for the most part it seems to work. But every once in a > while, I see other directories not getting labeled correctly. Is it > because the contents of these files have to be in a certain order ? These files are generated from the file contexts in the modules and the local file contexts. You should add your file contexts to a custom policy module or use 'semanage fcontext' to add file contexts to the local configuration. Then when these files are regenerated, your file contexts will be included. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
