[RFC] /var versus /srv
sgrubb at redhat.com
Thu Sep 27 12:55:17 UTC 2007
On Thursday 27 September 2007 07:03:08 Andy Green wrote:
> But when you create a file, by cp or whatever, it must use private
> knowledge about the specific path's "natural" context or it can't
> automagically label new files correctly based on where they were created.
Correct. Cp has been coded to look at the originating context and apply that
to the destination context when the --preserve option is supplied. It does
not change the policy and the first time a relabel occurs, the context may be
> Maybe it will be possible to adjust the policies to accept both
> /var/blah and /srv/blah, or via a bool.
It looks like a couple daemons were done like this. However, its not all
daemons and you have to move the files exactly where selinux policy says or
you are fighting selinux.
Looking at policy, I see /srv/* set to var_t, /srv/gallery2 set to
httpd_sys_content_t, /srv/*/rsync/* set to public_content_t, and /srv/*/www/
set to httpd_sys_content_t.
The easiest way to see this is to click on system | administration | SELinux
Management menu item. Then select the File Labeling button and sort by File
name by clicking on the left-most column. You can scroll down and see it.
More information about the fedora-devel-list