[selinux] Re: Ordering of file context choices?
Robin Lee Powell
rlpowell at digitalkingdom.org
Tue Sep 6 17:44:44 UTC 2011
On Tue, Sep 06, 2011 at 01:41:27PM -0400, Daniel J Walsh wrote:
>
> I am going to write a blog on this.
Oh that would be lovely!
> Your other option is to use semanage rather then a module. Search
> order on matching is
>
> semanage fcontext
> MODULECONTAINING HOMEDIR
> MODULE containing file context.
The problem there is that semanage has no concept of "I want this to
go here in the ordering"; it's last-come-first-served, which makes
it really hard to deal with from Puppet, which is how I roll. If
there was a way to say "insert this fcontext before this other one",
that would fix it, but I don't see a way to do that.
The nice thing about having it in a module is that I can specify the
order.
I suppose I could put things in
/etc/selinux/targeted/contexts/files/file_contexts.local directly?,
to handle the ordering, but it says not to.
-Robin
--
http://singinst.org/ : Our last, best hope for a fantastic future.
Lojban (http://www.lojban.org/): The language in which "this parrot
is dead" is "ti poi spitaki cu morsi", but "this sentence is false"
is "na nei". My personal page: http://www.digitalkingdom.org/rlp/
More information about the selinux
mailing list