-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/18/2013 08:20 AM, Tris Hoar wrote: > > On 16/11/2013 21:46, Andrew Holway wrote: >> [root at ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot >> directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* >> all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd >> regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in\.tftpd >> regular file system_u:object_r:tftpd_exec_t:s0 /var/lib/tftpboot(/.*)? >> all files system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/etc(/.*)? >> all files system_u:object_r:cobbler_var_lib_t:s0 >> /var/lib/tftpboot/grub(/.*)? all files >> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/images(/.*)? >> all files system_u:object_r:cobbler_var_lib_t:s0 >> /var/lib/tftpboot/memdisk regular file >> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/menu\.c32 >> regular file system_u:object_r:cobbler_var_lib_t:s0 >> /var/lib/tftpboot/ppc(/.*)? all files >> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux\.0 >> regular file system_u:object_r:cobbler_var_lib_t:s0 >> /var/lib/tftpboot/pxelinux\.cfg(/.*)? all files >> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/s390x(/.*)? >> all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/yaboot >> regular file system_u:object_r:cobbler_var_lib_t:s0 >> >> Could someone tell me why: >> >> /var/lib/tftpboot(/.*)? - is using (/.*)? > > This covers /var/lib/tftpboot and all files under it and gives them the > label tftpdir_rw_t > >> >> /tftpboot/.* - is using .* > > This covers all files under /tftpboot/ giving them the label tftpdir_t. > There is a separate entry for the directory: /tftpboot > directory system_u:object_r:tftpdir_t:s0 As to why the difference I've no > idea as looking at other root dirs with semanage fcontext -l I can see most > of them use (/.*)? which makes sense. > >> >> Thanks, >> >> Andrew _______________________________________________ CentOS mailing >> list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos >> > > Regards, > > Tris > > ************************************************************* This email > and any files transmitted with it are confidential and intended solely for > the use of the individual or entity to whom they are addressed. If you have > received this email in error please notify postmaster at bgfl.org > > The views expressed within this email are those of the individual, and not > necessarily those of the organisation > ************************************************************* > > _______________________________________________ CentOS mailing list > CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos > There was some fixes used for udev that allowed labeling to run faster if the top level directory had this type of labeling as I recall. Probably not as important with all of the improvements to labeling algorithms over the years. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlKKHgMACgkQrlYvE4MpobN0/ACg03Y8BO3IuEOL3bbWC6GiVI3n 2yoAniUXbjQFZ5XHexHIbkGsuAJGBFmq =pvuM -----END PGP SIGNATURE-----