selinux and per-user web directories
Bruno Wolff III
bruno at wolff.to
Tue Apr 21 13:37:41 UTC 2009
On Mon, Apr 20, 2009 at 17:40:50 -0500,
anonymous <bitskrieg at gmail.com> wrote:
>
> You really want to use semanage or the next relabel will undo your changes
>
> I'm not sure what you mean by relabel. Is that done automatically?
If you do something that might have run with selinux disabled (such as
using your system is rescue mode) or possibly after a major selinux
policy change you should relabel your system. Each file's context is
checked against a set of patterns and reset if it isn't the proper one.
restorecon also checks file's contexts against thos patterns but is
generally used for minor changes where only a small part of your file
system is known to need changes.
The patterns are not used when creating new files. There the context is
either set by the application creating it to something specific or it
gets a default based on the context of the application and the context
of the directory it is being created in. The most common default is
that the context of the file is the same as the context as the directory
it is being created in, but that isn't universal.
More information about the fedora-list
mailing list