On Tue, 2005-10-18 at 08:02 +0100, Paul Howarth wrote:
On Tue, 2005-10-18 at 11:50 +0800, Jeremy Ardley wrote:
> Hi,
>
> I want to customise my site with additional file contexts and rules.
>
> Where is the correct place to create the new files contexts so they are
> specific to my site and not erased by future releases? How do I get them
> included in the Make?
>
> I assume there is some mechanism like domains/misc/local.te but for contexts
Try file_contexts/misc/local.fc
That would work as well, but requires the policy sources and rebuilding
the policy. Better to create
a /etc/selinux/$SELINUXTYPE/contexts/files/file_contexts.local file,
which is consulted at runtime by the matchpathcon(3) libselinux function
used by setfiles, restorecon, etc.
And in the future (FC5), you can build your own policy module and module
package and link it into the distro-provided policy without disturbing
the distro-provided policy at all.
--
Stephen Smalley
National Security Agency