On 06/02/2014 05:57 AM, dE wrote: > On 06/02/14 12:12, Sven Vermeulen wrote: >> >> Policies do contain paths. They contain path expressions to be more >> precise. >> >> During policy load, the path expressions together with the target >> contexts are extracted and placed in >> /etc/selinux/mcs/contexts/files/file_contexts, which is where tools >> like matchpathcon get their information from. >> >> Wkr, >> Sven Vermeulen >> >> On Jun 1, 2014 5:48 PM, "dE" <de.techno@xxxxxxxxx >> <mailto:de.techno@xxxxxxxxx>> wrote: >> >> As we know, policies don't contain paths. So the working of >> matchpathcon/setfiles must be based on common sense. >> >> It looks like it knows certain special folders and it's >> appropriate security context, for e.g. home folder contents should >> have files with user_home_t and suggests the correct SELinux user >> for the files/directories based on which user's home folder is it. >> >> Other directories/files should have the same security context as >> the parent directory, like with /opt. >> >> Is this correct? >> > > Do the paths have any other purpose other than defining the default > security context? No, and they are not part of the kernel policy, only used by userspace programs like setfiles, udev, package managers like rpm/dpkg, etc. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
