Locally defined file contexts
Gene Czarcinski
gene at czarc.net
Thu Apr 15 22:43:09 UTC 2004
Before I go and submit an RFE, I thought I would put this message out to see
if what I am asking for is reasonable and/or I am missing something and it is
already available.
I have a need/want to be able to define some file contexts for directories and
possibly separately mounted partitions which will have different attributes
from what is currently defined.
For example, I may want to mount one or more partitions under /home/ or
/usr/local/ or even / which are to be shared read-only to anyone but writable
only by root and one user. An example in my current situation on a FC1 system
is where I have a very large partition for vmware in /home/vmware/ and I want
this r/w by one user running as staff_r or user_r.
As I currently understand things, only the tunable.te and users files are
intended for modification by the user or local installation. The rest or the
files are for policy-sources and will be updated when the package is updated.
I want some place to put rules similar to those in file_contexts or types.fc
which will be used to build the master files_contexts but not be replaced
when policy-sources is updated.
I am hoping that this capability already exists and I just do not understand
that it is there.
Gene
More information about the selinux
mailing list