On 06/02/14 18:50, Stephen Smalley wrote:
On 06/02/2014 05:57 AM, dE wrote:
On 06/02/14 12:12, Sven Vermeulen wrote:
Policies do contain paths. They contain path expressions to be more
precise.
During policy load, the path expressions together with the target
contexts are extracted and placed in
/etc/selinux/mcs/contexts/files/file_contexts, which is where tools
like matchpathcon get their information from.
Wkr,
Sven Vermeulen
On Jun 1, 2014 5:48 PM, "dE" <de.techno@xxxxxxxxx
<mailto:de.techno@xxxxxxxxx>> wrote:
As we know, policies don't contain paths. So the working of
matchpathcon/setfiles must be based on common sense.
It looks like it knows certain special folders and it's
appropriate security context, for e.g. home folder contents should
have files with user_home_t and suggests the correct SELinux user
for the files/directories based on which user's home folder is it.
Other directories/files should have the same security context as
the parent directory, like with /opt.
Is this correct?
Do the paths have any other purpose other than defining the default
security context?
No, and they are not part of the kernel policy, only used by userspace
programs like setfiles, udev, package managers like rpm/dpkg, etc.
Yes, the file belongs to selinux-policy-targeted
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
