differences between setfiles and restorecon? repeat of old thread?

Tom London selinux at gmail.com
Mon Aug 29 13:57:01 UTC 2005


On 8/29/05, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> 
> On Sat, 2005-08-27 at 12:58 -0700, Tom London wrote:
> > 'setfiles -v /etc/selinux/targeted/contexts/files/file_contexts /' did
> > the right thing.
> >
> > [Its almost as if restorecon is using the 'real' full pathname (with
> > leading /mnt), and setfiles is using the 'chroot'ed' pathname (without
> > the leading /mnt).]
> 
> BTW, I'm not sure what you mean by the above. setfiles does accept a -r
> option to specify an alternate root path, so you can apply it to a
> chroot setup without running it chroot'd itself. But without that
> option, I wouldn't have expected it to touch /mnt at all, especially as
> file_contexts marks it <<none>>.


First, thanks for the explanation.

My comment regarding 'real' vs. 'chroot-ed' pathnames was just my feeble 
poke at explaning what was going on. I had noticed the entry for /mnt in 
file_contexts, and concluded that 1+1=3. ;)

Regarding setfiles, thanks for the info regarding '-r' option. Its not in 
the man page nor in 'setfiles --help', so I did the 'chroot' balancing act. 
'setfiles -r' produces 'usage: setfiles -r rootpath' though. 

tom
-- 
Tom London
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050829/2c6a2771/attachment.htm>


More information about the fedora-selinux-list mailing list