Policies do contain paths. They contain path expressions to be more precise.
During policy load, the path expressions together with the target contexts are extracted and placed in /etc/selinux/mcs/contexts/files/file_contexts, which is where tools like matchpathcon get their information from.
Wkr,
Sven Vermeulen
On Jun 1, 2014 5:48 PM, "dE" <de.techno@xxxxxxxxx> wrote:
As we know, policies don't contain paths. So the working of matchpathcon/setfiles must be based on common sense.
It looks like it knows certain special folders and it's appropriate security context, for e.g. home folder contents should have files with user_home_t and suggests the correct SELinux user for the files/directories based on which user's home folder is it.
Other directories/files should have the same security context as the parent directory, like with /opt.
Is this correct?
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
