Hi,
I am trying to set contexts on httpd files on a server running CentOS release 6.4 (Final).
The server has several httpd running serving different hosts.
The directory tree is :
/WEBS/client_name/service_name/ contains configuration files, documents to serve, …
/WEBLOGS/client_name/service_name/ contains httpd logs
/WEBDATA/client_name/service_name/ contains datas
Here are the rules I wrote :
[root@odbfi007v ~]# semanage fcontext -l | grep WEB
/WEBDATA/lost\+found(/.*)? all files system_u:object_r:lost_found_t:s0
/WEBLOGS(/.*) all files system_u:object_r:httpd_log_t:s0
/WEBLOGS/lost\+found(/.*)? all files system_u:object_r:lost_found_t:s0
/WEBS/[^/]+/[^/]+/conf(/.*)? all files system_u:object_r:httpd_config_t:s0
/WEBS/[^/]+/[^/]+/docs(/.*)? all files system_u:object_r:httpd_sys_content_t:s0
/WEBS/[^/]+/[^/]+/logs all files system_u:object_r:httpd_log_t:s0
/WEBS/lost\+found(/.*)? all files system_u:object_r:lost_found_t:s0
I would like to set a default type on /WEBS and his subfolders:
semanage fcontext -a -t httpd_sys_content_t '/WEBS(/.*)?'
restorecon -Rv /WEBS*
However, this command sets the type httpd_sys_content_t recursively on everything in /WEBS
What is the priority between file context rules? I thought more precise rules will prevail on others.
Regards,
Hervé