when to use restorecon -F [was Re: SELinux blocking Samba share mounting?]
Paul Howarth
paul at city-fan.org
Sat Feb 14 13:16:42 UTC 2009
On Sat, 14 Feb 2009 12:34:10 +1000
Murray McAllister <mmcallis at redhat.com> wrote:
> Paul Howarth wrote:
> > Steven Stromer wrote:
> >>> What's the output of:
> >>>
> >>> # audit2allow < /var/log/audit/audit.log
> >>>
> >>> Paul.
> >>>
> >>
> >>
> >> Paul,
> >>
> >> Thanks for the time! I understand what you are saying. I have set:
> >>
> >> chcon -R -h -t home_root_t /home
> >>
> >> so that the entire path's heirarchy will be consistent,
> >
> > No no, this is wrong. home_root_t is for directories that *contain*
> > home directories, not the home directories and their contents
> > themselves.
> >
> > I'd do a "restorecon -RF /home" to fix that, then put back the
> > contexts on your share areas as you wanted them (e.g. samba_share_t
> > or public_content_rw_t etc.).
>
> When should restorecon -F be used? I read the man page but can't
> figure out how it is different to just running restorecon without -F.
Using -F also fixes up the user part of the context and restores the
contexts of files that have been changed to customizable types e.g.
some of the httpd_* types, so it's sometimes necessary to use -F to fix
those.
Paul.
More information about the fedora-selinux-list
mailing list