Question on semanage fcontext -a
Paul Howarth
paul at city-fan.org
Mon Mar 17 11:31:05 UTC 2008
ttaylor wrote:
> Does anything special have to be done to cause SELinux to start using newly
> added local filecontexts? What I'm finding is that if I use semanage
> fcontext -a to add a local filecontext definition, it is not used by
> restorecon unless I specify the "-F" option. Without the "-F" option,
> restorecon -vv <file_path> gives the following message:
>
> /sbin/restorecon: <file_path> not reset customized by admin to
> <current_context>
>
> but restorecon -vv -F <file_path> gives this:
>
> /sbin/restorecon reset <file_path> context <current_context>-><new_context>
This is probably because <current_context> is a customizable type like
httpd_sys_content_t; objects with these types don't get reset by
restorecon unless you use -F. I'm not sure how to find out which types
are customizable off the top of my head though.
Paul.
More information about the fedora-selinux-list
mailing list