selinux versus chcon

Fulko Hew fulko.hew at gmail.com
Mon Sep 19 20:01:21 UTC 2011


On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris <eparis at redhat.com> wrote:
> On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote:
>
>> If so... why use chcon versus the semanage/restorecon technique?
>> or if my assesement is wrong... can someone point me to a better
>> explanation/tutorial?

... snip ...

> So semanage+restorecon == will last, chcon == will likely get blown away
> and make you angry later.

Thanks for confirming that for me.

Now my next issue is 'apparently' unknown contexts.

My original RPM spec file added the 'httpd_sys_rw_content_t' context
to a directory.  Which was great for the versions of Fedora I was testing
on, but now in RHEL 5.6 semanage complains with: "type
'httpd_sys_rw_content_t' not defined."

So it seems that my %post section of my RPM file has to either 'know'
what distribution or version of selinux support is installed so I can avoid
attempting to use types that are not defined, or having some way of finding
out what 'types' are available 'in this OS' so that I issue the 'appropriate
commands'.

How can I find out what 'types' are available'?

Fulko


More information about the devel mailing list