[RFC] /var versus /srv
Steve Grubb
sgrubb at redhat.com
Thu Sep 27 10:36:14 UTC 2007
On Wednesday 26 September 2007 22:57:43 Lamont Peterson wrote:
> > AFAIK, selinux only knows about a couple servers, like apache, having
> > data in /srv. If SE Linux is going to protect the data, a standard
> > mapping between /srv and /var for everything should be worked out so
> > that policy can be adapted.
>
> SELinux doesn't care about file paths. If the directories have the right
> context labels, it doesn't matter where they are.
You need more than the directories to be right. Sometimes the files inside the
same directory have different labels. For each type being used, selinux needs
the path. Here's a typical example from sendmail's policy:
/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0)
/var is hardcoded.
-Steve
More information about the fedora-devel-list
mailing list