Hello everyone,
If create a folder called "whatever" under /var, the context is:
root:object_r:var_t /var/whatever/
That's expected as it is under /var. If I then change its type:
chcont -t httpd_sys_content_t /var/whatever
The context looks like:
root:object_r:httpd_sys_content_t /var/whatever/
My question is...Shouldn't a relabeling of the filesystem change the type of this directory back to var_t? I just performed a relabel (/.autorelabel) and the directory stayed with httpd_sys_content_t. I thought that the only way this could happen was if I used "semanage fcontext -a ...." so that a new line would be appended in: /etc/selinux//etc/selinux/targeted/contexts/files/file_contexts.local.
Not only that, If I perform "matchpathcon /var/whatever" I still get var_t as its default type. Then again, why it kept the httpd_sys_content_t after the relabel?
Thansk in advance, Jorge
On Wednesday 09 September 2009 08:08:27 am Jorge Fábregas wrote:
If I perform "matchpathcon /var/whatever" I still get var_t as its default type. Then again, why it kept the httpd_sys_content_t after the relabel?
I did the same test on Fedora 10 (which of course is way newer than Centos) and it behaves different (the way I had in mind): after a relabel thru ./autorelabel, all the files & directories I create under /var return to var_t (if there's no override in file_contexts.local).
In CentOS 5.3, If I manually change from var_t to something else, when I relabel the filesystem, the file keeps the type I specified (and not the default it should have based on its location). Please if anyone knows why this happens i'd be glad to know.
Thanks, Jorge
If I perform "matchpathcon /var/whatever" I still get var_t as its default type. Then again, why it kept the httpd_sys_content_t after the relabel?
I did the same test on Fedora 10 (which of course is way newer than Centos) and it behaves different (the way I had in mind): after a relabel thru ./autorelabel, all the files & directories I create under /var return to var_t (if there's no override in file_contexts.local).
In CentOS 5.3, If I manually change from var_t to something else, when I relabel the filesystem, the file keeps the type I specified (and not the default it should have based on its location). Please if anyone knows why this happens i'd be glad to know.
Read this thread: https://www.redhat.com/archives/fedora-selinux-list/2009-July/msg00141.html
HTH Sasha
On Saturday 12 September 2009 03:31:25 pm A. Kirillov wrote:
Read this thread: https://www.redhat.com/archives/fedora-selinux-list/2009-July/msg00141.html
Arrrrrrrrrrrrrrrrrrrrrrgh Sasha right on!!! Thanks so much! I had no idea about "Customizable Types" and indeed httpd_sys_content_t is one of them!!
I've been trying to figure this out for a couple of days and now the search is over! Thanks a milion!
All the best, Jorge
-
A. Kirillov -
Jorge Fábregas