restorecon question
Eric Paris
eparis at redhat.com
Wed Jul 22 19:12:39 UTC 2009
On Wed, 2009-07-22 at 11:06 -0700, Vadym Chepkov wrote:
> Hi,
>
> Could you explain me, please, the behavior of the restorecon utility.
>
> I added the following in the local.fc file
>
> # phpbb
> /var/www/phpbb/cache(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
> /var/www/phpbb/files(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
>
> compiled and installed policy, seems to be in place.
>
> # semanage fcontext -l|grep phpbb
> /var/www/phpbb/cache(/.*)? all files system_u:object_r:httpd_sys_script_rw_t:s0
> /var/www/phpbb/files(/.*)? all files system_u:object_r:httpd_sys_script_rw_t:s0
>
> But when now I run restorecon -vR /var/www/phpbb/
> it doesn't do anything. I would expect it to changed context on two directories and files in them.
What was the context before? Was the only difference the 'user'
portion? I don't think restorecon bothers to reset the context if the
only thing 'wrong' is the user, since the user is not relevant to any
security operations....
More information about the fedora-selinux-list
mailing list