SElinux
Robert Nichols
rnicholsNOSPAM at comcast.net
Sun Apr 9 01:32:49 UTC 2006
Paul Howarth wrote:
> On Sat, 2006-04-08 at 12:18 -0500, Bruno Wolff III wrote:
> Don't know much about writing custom policy modules from scratch, but
> the context management should be easy enough using semanage.
>
> For instance, to make /srv/softlib and everything underneath it have a
> default context type of public_content_rw_t:
>
> # semanage fcontext -a -t public_content_rw_t '/srv/softlib(/.*)?'
>
> Allow Apache to listen on port 81:
>
> # semanage port -a -t http_port_t -p tcp 81
>
> It's currently possible to see the local changes you've made in this way
> by looking at /etc/selinux/targeted/contexts/files/file_contexts.local
> etc.
>
> semanage doesn't change the contexts of existing files, it changes the
> underlying policy. This means that changes made using semanage will be
> effected if you use "restorecon" or do a full relabel.
I rather thought that's how semanage should work, but one would be
hard pressed to deduce that from the manpage, for which the
description begins with the extraordinary insight:
"This manual page describes the semanage program."
and says little else about what the program actually does. I haven't
seen writing of that calibre since the third grade,"
"My Vacation," by Amy Heppelwhite
"Here's what I did on my vacation. ..."
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
More information about the fedora-list
mailing list