restorecon question
Stephen Smalley
sds at tycho.nsa.gov
Wed Jul 22 20:05:07 UTC 2009
On Wed, 2009-07-22 at 12:57 -0700, Vadym Chepkov wrote:
> You are right, these types are listed in /etc/selinux/targeted/contexts/customizable_types:
>
> ....
> httpd_sys_content_t
> httpd_sys_htaccess_t
> httpd_sys_script_exec_t
> httpd_sys_script_ra_t
> httpd_sys_script_ro_t
> httpd_sys_script_rw_t
> httpd_unconfined_script_exec_t
> ....
>
> May I ask, why do they set this way?
Because users may choose to customize the labeling of their web
hierarchy and we didn't want restorecon to clobber it. These days that
isn't so necessary because users can use semanage fcontext -a to add
entries for their customizations, and that is why customizable_types in
F11 doesn't include those types.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list