restorecon question

[Dominick Grift]

On Wed, 2009-07-22 at 11:06 -0700, Vadym Chepkov wrote:
> Hi,
> 
> Could you explain me, please, the behavior of the restorecon utility.
> 
> I added the following in the local.fc file
> 
> # phpbb
> /var/www/phpbb/cache(/.*)?				gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
> /var/www/phpbb/files(/.*)?				gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
> 
> compiled and installed policy, seems to be in place.
> 
> # semanage fcontext -l|grep phpbb
> /var/www/phpbb/cache(/.*)?                         all files          system_u:object_r:httpd_sys_script_rw_t:s0 
> /var/www/phpbb/files(/.*)?                         all files          system_u:object_r:httpd_sys_script_rw_t:s0 
> 
> But when now I run restorecon -vR /var/www/phpbb/
> it doesn't do anything. I would expect it to changed context on two directories and files in them.
> 
> Only if I specify -F (force) I relabel everything.
> I can't quite grasp why sometimes I don't have to supply -F and sometimes I do.

Not completely sure but i think it may have to do with customizable
types. Customizable types are types that should not be relabeled.

This can be overridden with the -F (force) option.

Again i am not quite sure if this is the case here because in my system
the httpd_sys_content_t type is not added to the customizable_types
files.

less /etc/selinux/targeted/contexts/custom*

If i am wrong i hope someone will correct me.

> Thank you.
> 
> Sincerely yours,
>   Vadym Chepkov
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090722/2467a69c/attachment.sig>