semanage / file_contexts.local

[Paul Howarth]

On my FC4 system, I created a file 
/etc/selinux/targeted/contexts/files/file_contexts.local that contained 
the following lines:

/srv/backup(/.*)? system_u:object_r:ftpd_anon_rw_t
/srv/softlib(/.*)? system_u:object_r:ftpd_anon_rw_t

This was to ensure that that files created in these areas got the right 
context, and that it would survive a relabel. Having since learned about 
customizable types, I probably didn't need to do that in this case, but 
the principle applies anyway.

My understanding is that in FC5, the equivalent thing to do for this 
would be to use semanage to add additional fcontext objects. Is that 
right (I think the semanage manpage could do with an example or two btw, 
hint, hint)?

My first question is: if I use semanage, is there a convenient way to 
check, on a running system, which objects are there as part of the base 
policy and which have been added later, like a file context equivalent 
of "semodule -l"?

My second question is: I have lots of log messages like this:

Mar 26 04:24:39 badby kernel: inode_doinit_with_dentry: 
context_to_sid(system_u:object_r:ftpd_anon_rw_t) returned 22 for 
dev=sdb6 ino=96769

Google suggests that this is a hangover from FC4 that shouldn't be 
there, and I suspect is has to do with the presence of my 
/etc/selinux/targeted/contexts/files/file_contexts.local file. I'm 
thinking of changing this to:

/srv/backup(/.*)? system_u:object_r:public_content_rw_t:s0
/srv/softlib(/.*)? system_u:object_r:public_content_rw_t:s0

or even deleting it entirely and doing the equivalent with semanage.
When I do one of these things, when will it take effect? Will I need to 
reboot, or rebuild policy somehow?

Paul.