Fixfiles path...

Stephen Smalley sds at
Thu Jun 16 19:30:17 UTC 2005

On Thu, 2005-06-16 at 15:19 -0400, Security News wrote:
> I have just put my custom policy on a text box with the sources
> included. I put the sources under /etc/selinux/dan_policy/
> I still have the strict source files in the /etc/selinux directory,
> but I have updated /etc/selinux/config to load the "dan_policy"
> Now my problem is that when I update the source files and try to "make
> relabel" or "fixfiles" both programs run the file contexts from the
> STRICT directory.
> How do I get these programs to run my own file_context files under
> /etc/selinux/dan_policy/...?

You shouldn't need sources to relabel; relabeling is based on the
installed /etc/selinux/$SELINUXTYPE/contexts/files/file_contexts* files.
And SELINUXTYPE is read from /etc/selinux/config.  I'm a little confused
by your description above; /etc/selinux/dan_policy should be a complete
policy tree, i.e. /etc/selinux/dan_policy/policy/policy.NN would be the
installed binary policy
file, /etc/selinux/dan_policy/contexts/files/file_contexts would be the
file contexts configuration, and if you happen to install sources (which
aren't needed), they would go under /etc/selinux/dan_policy/src/policy.
Just like the strict or targeted policies.

Stephen Smalley
National Security Agency

More information about the fedora-selinux-list mailing list