From: "Filipe Brandenburger", Thursday, September 03, 2009 1:27 PM >Hi, > >On Thu, Sep 3, 2009 at 15:13, Ed Heron<Ed at heron-ent.com> wrote: >>> [1] I am not sure what will happen after a full relabeling of the >>> system, since the new directory does not exist in the selinux database >>> (I mean /etc/selinux/targeted/contexts/files/file_contexts, part of >>> selinux-policy) >> >> I added a disclaimer. Does it cover it? > >The right way to fix it is to use "semanage fcontext" (see "man >semanage") to make that change permanent even after a relabel. > >I believe it should be something like: ># semanage fcontext -a -t httpd_config_t "/etc/httpd/vconf\.d(/.*)?" > >After that, you can use "restorecon" instead of "chcon": ># restorecon -R /etc/httpd/vconf.d > >I did not test those above, so if you want to add them to the Wiki >page you should test them before you do. Interestingly... # semanage fcontext -l | grep http returns, among other things, /etc/httpd(/.*)? all files system_u:object_r:httpd_config_t:s0 so, the newly created directory is covered... I also found... /etc/vhosts regular file system_u:object_r:httpd_config_t:s0 Not entirely sure what that is there for, except to cover people doing wierded things than I'm proposing... When I: # mkdir /etc/httpd/yadda # ls -lZ /etc/httpd I get: drwxr-xr-x root root system_u:object_r:httpd_config_t conf drwxr-xr-x root root root:object_r:httpd_config_t yadda next: # restorecon -R /etc/httpd and # ls -lZ I get the same thing. So, it isn't changing the SELinux user.. I'm guessing we should... # chcon --user=system_u yadda but it would be optional? >But I still agree that just using "conf.d" achieves exactly the same >results with a lot less work, so it would still be my advice... I now agree that the same results are achieved with virtual host files in conf.d I have updated the page. Have I acceptably promoted the 'preferred' method?