On Mon, Nov 18, 2013 at 15:22:08 +0100,
Vidalie Hervé <herve.vidalie(a)worldline.com> wrote:
I would like to set a default type on /WEBS and his subfolders:
semanage fcontext -a -t httpd_sys_content_t '/WEBS(/.*)?'
restorecon -Rv /WEBS*
However, this command sets the type httpd_sys_content_t recursively on everything in
/WEBS
What is the priority between file context rules? I thought more precise rules will prevail
on others.
Note that the context files really just work when doing relabelling with
restorecon or fixfiles. What gets applied when a new file is created
is going to be governed by policy. (Though inheriting from the directory
the file is being created in is the common default.) You can have rules
based on the creating process' label, the label of the directory the file
is being created in and in recent kernels (I am not sure if this is in
RHEL6, but is in current Fedora) the name (no wildcards) of the file.