restorecon question
Eric Paris
eparis at redhat.com
Wed Jul 22 19:12:39 UTC 2009
On Wed, 2009-07-22 at 11:06 -0700, Vadym Chepkov wrote:
> Hi,
>
> Could you explain me, please, the behavior of the restorecon utility.
>
> I added the following in the local.fc file
>
> # phpbb
> /var/www/phpbb/cache(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
> /var/www/phpbb/files(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0)
>
> compiled and installed policy, seems to be in place.
>
> # semanage fcontext -l|grep phpbb
> /var/www/phpbb/cache(/.*)? all files system_u:object_r:httpd_sys_script_rw_t:s0
> /var/www/phpbb/files(/.*)? all files system_u:object_r:httpd_sys_script_rw_t:s0
>
> But when now I run restorecon -vR /var/www/phpbb/
> it doesn't do anything. I would expect it to changed context on two directories and files in them.
What was the context before? Was the only difference the 'user'
portion? I don't think restorecon bothers to reset the context if the
only thing 'wrong' is the user, since the user is not relevant to any
security operations....
More information about the selinux
mailing list