Karsten Wade wrote:
On Tue, 2005-02-15 at 02:04 -0600, Joe Cooper wrote:
>Joe Cooper wrote:
>also noticed that I'm actually getting slightly different labels than
>/var/spool/squid:
>
>[root@localhost /]# ls -lZ /var/spool/squid
>drwxr-xr-x squid squid root:object_r:squid_cache_t 00
>[root@localhost /]# ls -lZ /cache0
>drwxr-xr-x squid squid system_u:object_r:squid_cache_t 00
>
>So I've got root:object_r:squid_cache_t for /var/spool/squid (the one
>that works) and system_u:object_r:squid_cache_t for the one that
>doesn't,
That different field is for the SELinux identity, which doesn't come
much into play for the targeted policy.
You get 'system_u:object_r' when something has been created by a system
process, you get 'root:object_r' when something has been created by the
root user. There is an actual SELinux user 'root' that corresponds to
the Linux user 'root'.
Thanks for that explanation, Karsten. Some of these things are starting
to make a bit of sense now. ;-)