priority between file context rules
Bruno Wolff III
bruno at wolff.to
Mon Nov 18 17:44:54 UTC 2013
On Mon, Nov 18, 2013 at 15:22:08 +0100,
Vidalie Hervé <herve.vidalie at worldline.com> wrote:
>
>I would like to set a default type on /WEBS and his subfolders:
>semanage fcontext -a -t httpd_sys_content_t '/WEBS(/.*)?'
>restorecon -Rv /WEBS*
>However, this command sets the type httpd_sys_content_t recursively on everything in /WEBS
>What is the priority between file context rules? I thought more precise rules will prevail on others.
Note that the context files really just work when doing relabelling with
restorecon or fixfiles. What gets applied when a new file is created
is going to be governed by policy. (Though inheriting from the directory
the file is being created in is the common default.) You can have rules
based on the creating process' label, the label of the directory the file
is being created in and in recent kernels (I am not sure if this is in
RHEL6, but is in current Fedora) the name (no wildcards) of the file.
More information about the selinux
mailing list