Stephanos Manos wrote:
Ken YANG wrote:
> Stephanos Manos wrote:
>> Hi
>>
>> I'm in the proses of building a hole server and i was wondering what is
>> the correct way of labeling the lost+found directory of various file
>> systems that will be mounted under the /srv. I have labeled /srv as
>> public_content_rw_t with
>> semanage fcontext -a -t public_content_rw_t '/srv(/.*)?'
>> but that results to lost+found being labeled as public_content_rw_t so i
>> also run
>> semange fcontext -a -f -d -t lost_found_t '/srv/(.*/)lost\+found'
>>
>> my question is:
>> in /etc/selinux/targeted/contexts/files/file_contexts i see two lines
>> for /lost+found
>> a. /lost\+found/.* <<none>>
>> b. /lost\+found -d system_u:object_r:lost_found_t:s0
>>
>> the second is created with the above mentioned command
>> who do i create the first or i don't needed?
> the first one is about the content in lost+found, and the second is
> about the directory lost+found, i think you also find the "-d" item.
>
> the label rules you create through "semanage fcontext" are in:
>
> /etc/selinux/targeted/contexts/files/file_contexts.local
>
Yes i know that. when i issue the above mentioned semange fcontext
command i see the following line created in
/etc/selinux/targeted/contexts/files/file_contexts.local
/srv/(.*/)lost\+found -d system_u:object_r:lost_found_t:s0
but how do i create a line that is
/srv/(.*/)lost\+found/.* <<none>>
in the file_contexts.local
or i don't need it?
the need of this line depends on your purpose. This line means
the context of files you created in the dir are labeled according to
the creating process and containing directory, if no policy rules
about it.
i think you should keep this line in your file context file
Stephanos
>> Regards
>>
>> Stephanos Manos
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list(a)redhat.com
>>
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list