I have a .fc file that contains: /home/dir(/.*)? system_u:object_r:tmp_t:s0 When I create the directory, it gets user_home_dir_t and files in the directory get user_home_t. After I load the module, restorecon will not change the permissions on the directory or files. So, what is special about those types? I thought at first that they may be customizable types, but they aren't listed in the file. semanage fcontext doesn't show them either. Any clues?

On Fri, 2007-04-27 at 08:39 -0600, Forrest Taylor wrote: > On Thu, 2007-04-26 at 16:30 -0600, Forrest Taylor wrote: > > I have a .fc file that contains: > > /home/dir(/.*)? system_u:object_r:tmp_t:s0 > > > > When I create the directory, it gets user_home_dir_t and files in the > > directory get user_home_t. After I load the module, restorecon will not > > change the permissions on the directory or files. So, what is special > > about those types? I thought at first that they may be customizable > > types, but they aren't listed in the file. semanage fcontext doesn't > > show them either. Any clues? > > I forgot to mention that I am using RHEL 5.0.0. There is an ordering/precedence among the different kinds of file contexts configurations, with the base file_contexts generated from the module .fc files at the lowest priority, the file_context.homedirs file generated by genhomedircon as the next priority, and the file_contexts.local file as the highest priority. So a module .fc file can be overridden by the genhomedircon-generated entries or by the local file contexts added via semanage fcontext -a. Sounds like you should be using semanage fcontext -a for this instead of a module.