restorecon question

Eric Paris eparis at redhat.com
Wed Jul 22 19:12:39 UTC 2009


On Wed, 2009-07-22 at 11:06 -0700, Vadym Chepkov wrote:
> Hi,
> 
> Could you explain me, please, the behavior of the restorecon utility.
> 
> I added the following in the local.fc file
> 
> # phpbb
> /var/www/phpbb/cache(/.*)?				gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
> /var/www/phpbb/files(/.*)?				gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
> 
> compiled and installed policy, seems to be in place.
> 
> # semanage fcontext -l|grep phpbb
> /var/www/phpbb/cache(/.*)?                         all files          system_u:object_r:httpd_sys_script_rw_t:s0 
> /var/www/phpbb/files(/.*)?                         all files          system_u:object_r:httpd_sys_script_rw_t:s0 
> 
> But when now I run restorecon -vR /var/www/phpbb/
> it doesn't do anything. I would expect it to changed context on two directories and files in them.

What was the context before?  Was the only difference the 'user'
portion?  I don't think restorecon bothers to reset the context if the
only thing 'wrong' is the user, since the user is not relevant to any
security operations....




More information about the fedora-selinux-list mailing list