On 08/17/2015 07:42 PM, Bond Masuda wrote: > We want to add some custom file contexts for certain directories, in > particular we have /audit as a separate partition and run this: > > chroot /mnt/root semanage fcontext -a -t auditd_log_t "/audit(/.*)?" > > To make sure auditd works. This is run with chroot because the system > we're modifying is not running and mounted at /mnt/root. This creates > the file_contexts.local file with this content: > > # This file is auto-generated by libsemanage > # Do not edit directly. > > /audit(/.*)? system_u:object_r:auditd_log_t:s0 > > Later on, when we boot that system that was in /mnt/root, the > file_contexts.local remains the same. However, if I run semanage to add > another record, for example (this time, not in chroot): > > semanage fcontext -a -t httpd_sys_content_t "/data/www(/.*)?" > > It creates the content for httpd_sys_content_t in file_contexts.local, > but overwrites the previous entry for auditd_log_t. > > If I add the auditd_log_t entry once again, _both_ entries are now > present in file_contexts.local. So, it seems that the 1st time I run > semanage fcontext -a _while_ the system is running, it is not aware of > the content that was added when I ran semanage fcontext -a when the > system was offline and mounted in /mnt/root. > > Does semanage maintain state somewhere other than in the > file_contexts.local file? How can I make sure it is aware of the content > in file_contexts.local that was created by semanage when it was run in > chroot? This sounds like a bug to me. What version of libsemanage and policycoreutils are you using, as this may be version-specific? _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
