FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 02-14-2009, 01:34 AM
Murray McAllister
 
Default when to use restorecon -F

Paul Howarth wrote:

Steven Stromer wrote:

What's the output of:

# audit2allow < /var/log/audit/audit.log

Paul.




Paul,

Thanks for the time! I understand what you are saying. I have set:

chcon -R -h -t home_root_t /home

so that the entire path's heirarchy will be consistent,


No no, this is wrong. home_root_t is for directories that *contain* home
directories, not the home directories and their contents themselves.


I'd do a "restorecon -RF /home" to fix that, then put back the contexts
on your share areas as you wanted them (e.g. samba_share_t or
public_content_rw_t etc.).


When should restorecon -F be used? I read the man page but can't figure
out how it is different to just running restorecon without -F.


Cheers.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 02-14-2009, 12:16 PM
Paul Howarth
 
Default when to use restorecon -F

On Sat, 14 Feb 2009 12:34:10 +1000
Murray McAllister <mmcallis@redhat.com> wrote:

> Paul Howarth wrote:
> > Steven Stromer wrote:
> >>> What's the output of:
> >>>
> >>> # audit2allow < /var/log/audit/audit.log
> >>>
> >>> Paul.
> >>>
> >>
> >>
> >> Paul,
> >>
> >> Thanks for the time! I understand what you are saying. I have set:
> >>
> >> chcon -R -h -t home_root_t /home
> >>
> >> so that the entire path's heirarchy will be consistent,
> >
> > No no, this is wrong. home_root_t is for directories that *contain*
> > home directories, not the home directories and their contents
> > themselves.
> >
> > I'd do a "restorecon -RF /home" to fix that, then put back the
> > contexts on your share areas as you wanted them (e.g. samba_share_t
> > or public_content_rw_t etc.).
>
> When should restorecon -F be used? I read the man page but can't
> figure out how it is different to just running restorecon without -F.

Using -F also fixes up the user part of the context and restores the
contexts of files that have been changed to customizable types e.g.
some of the httpd_* types, so it's sometimes necessary to use -F to fix
those.

Paul.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 09:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org