lost+found labeling
Ken YANG
spng.yang at gmail.com
Sat Sep 8 12:02:10 UTC 2007
Stephanos Manos wrote:
> Ken YANG wrote:
>> Stephanos Manos wrote:
>>> Ken YANG wrote:
>>>> Stephanos Manos wrote:
>>>>> Hi
>>>>>
>>>>> I'm in the proses of building a hole server and i was wondering what is
>>>>> the correct way of labeling the lost+found directory of various file
>>>>> systems that will be mounted under the /srv. I have labeled /srv as
>>>>> public_content_rw_t with
>>>>> semanage fcontext -a -t public_content_rw_t '/srv(/.*)?'
>>>>> but that results to lost+found being labeled as public_content_rw_t so i
>>>>> also run
>>>>> semange fcontext -a -f -d -t lost_found_t '/srv/(.*/)lost\+found'
>>>>>
>>>>> my question is:
>>>>> in /etc/selinux/targeted/contexts/files/file_contexts i see two lines
>>>>> for /lost+found
>>>>> a. /lost\+found/.* <<none>>
>>>>> b. /lost\+found -d system_u:object_r:lost_found_t:s0
>>>>>
>>>>> the second is created with the above mentioned command
>>>>> who do i create the first or i don't needed?
>>>> the first one is about the content in lost+found, and the second is
>>>> about the directory lost+found, i think you also find the "-d" item.
>>>>
>>>> the label rules you create through "semanage fcontext" are in:
>>>>
>>>> /etc/selinux/targeted/contexts/files/file_contexts.local
>>>>
>>> Yes i know that. when i issue the above mentioned semange fcontext
>>> command i see the following line created in
>>> /etc/selinux/targeted/contexts/files/file_contexts.local
>>>
>>> /srv/(.*/)lost\+found -d system_u:object_r:lost_found_t:s0
>>>
>>> but how do i create a line that is
>>> /srv/(.*/)lost\+found/.* <<none>>
>>>
>>> in the file_contexts.local
>>>
>>> or i don't need it?
>> the need of this line depends on your purpose. This line means
>> the context of files you created in the dir are labeled according to
>> the creating process and containing directory, if no policy rules
>> about it.
>>
>> i think you should keep this line in your file context file
>
> The question is:
> witch is the correct command that creates the line since direct editing
> of the file is not recommended ?
there is no need to write such line in file_context.local, if there is
not rule for the file, their context will inherit from creating process
and containing dir, unless the file system is pseudo-filesystem
>
> Stephanos
>
>>> Stephanos
>>>
>>>>> Regards
>>>>>
>>>>> Stephanos Manos
>>>>>
>>>>> --
>>>>> fedora-selinux-list mailing list
>>>>> fedora-selinux-list at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>>
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
More information about the fedora-selinux-list
mailing list