Question on semanage fcontext -a
Daniel J Walsh
dwalsh at redhat.com
Mon Mar 17 14:14:54 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ttaylor wrote:
> Does anything special have to be done to cause SELinux to start using newly
> added local filecontexts? What I'm finding is that if I use semanage
> fcontext -a to add a local filecontext definition, it is not used by
> restorecon unless I specify the "-F" option. Without the "-F" option,
> restorecon -vv <file_path> gives the following message:
>
> /sbin/restorecon: <file_path> not reset customized by admin to
> <current_context>
>
> but restorecon -vv -F <file_path> gives this:
>
> /sbin/restorecon reset <file_path> context <current_context>-><new_context>
>
> I've also tried using /usr/sbin/semodule --build to try rebuilding (and
> reloading) the current policy, but that
> didn't change the behavior I'm seeing.
>
> Any suggestions would be greatly appreciated.
>
> - Tim
>
The only time you should need the -F would be if the previous context
was in /etc/selinux/targeted/contexts/customizable_types
I believe. The most common of these are httpd. This file is an
artifact of what we had to do before we had semanage.
If the file context is not listed in this file and you still need the
force, what is the the file context you are changing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfefN4ACgkQrlYvE4MpobPlVgCcDsqC/AOjwJB6gBmW+jYloKpG
JW4AoM0DPHRgUnbnTKSFD1JBVmBrAgbc
=mSu/
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list