On 8/29/05, <b class="gmail_sendername">Stephen Smalley</b> <<a href="mailto:sds@tycho.nsa.gov">sds@tycho.nsa.gov</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Sat, 2005-08-27 at 12:58 -0700, Tom London wrote:<br>> 'setfiles -v /etc/selinux/targeted/contexts/files/file_contexts /' did<br>> the right thing.<br>><br>> [Its almost as if restorecon is using the 'real' full pathname (with
<br>> leading /mnt), and setfiles is using the 'chroot'ed' pathname (without<br>> the leading /mnt).]<br><br>BTW, I'm not sure what you mean by the above. setfiles does accept a -r<br>option to specify an alternate root path, so you can apply it to a
<br>chroot setup without running it chroot'd itself. But without that<br>option, I wouldn't have expected it to touch /mnt at all, especially as<br>file_contexts marks it <<none>>.</blockquote><div><br>First, thanks for the explanation.
<br><br>My comment regarding 'real' vs. 'chroot-ed' pathnames was just my feeble poke at explaning what was going on. I had noticed the entry for /mnt in file_contexts, and concluded that 1+1=3. ;)<br></div><br></div>Regarding setfiles, thanks for the info regarding '-r' option. Its not in the man page nor in 'setfiles --help', so I did the 'chroot' balancing act. 'setfiles -r' produces 'usage: setfiles -r rootpath' though.
<br><br>tom<br>-- <br>Tom London