Are there any plans for generic contexts?

Paul Howarth paul at
Sun Dec 28 13:20:14 UTC 2008

On Sat, 27 Dec 2008 22:35:33 -0600
"Arthur Pemberton" <pemboa at> wrote:

> Are there any plans for generic contexts? If not consider this a
> suggestion.
> It would be useful if there were more generic contexts, for example
> 'shared_content_t'. Which all targeted daemons that share files (such
> as httpd, smbd, vsftpd) would all have access to these files. I am
> aware that I can probably write my own policy to allow this, but it
> seems like a fairly common use case.
> Just tonight I wanted to make some web code I was working on available
> via a samba share so I could work a bit more fluidly form my laptop.
> But the files are already labeled for sharing under httpd.
> On another machine, I give access to samba to one dir, and would also
> like to have access form httpd. For certain situations, even vsftpd.

public_content_t and public_content_rw_t have been available for a long
time to support this between ftp, http, samba, nfs, tftp, and rsync

public_content_t is read-only to all daemons.

public_content_rw_t is read-only to all daemons but writable by any
daemon that has the appropriate boolean set:


Setting these booleans allows the associated daemon to write to


More information about the selinux mailing list