Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   A question about roles (http://www.linux-archive.org/fedora-selinux-support/548431-question-about-roles.html)

07-05-2011 02:38 PM
A question about roles
 
Feel free to point me to a link that discusses this, but how *does*
selinux decide on roles when I'm using restorecon? Does it use the context
of the directory above it, or that it's in, or is there something else?

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

David Quigley 07-05-2011 03:52 PM
A question about roles
 
On Tue, 5 Jul 2011 10:38:44 -0400, wrote:
> Feel free to point me to a link that discusses this, but how *does*
> selinux decide on roles when I'm using restorecon? Does it use the
> context
> of the directory above it, or that it's in, or is there something
> else?
>
> mark
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux

My understanding is that restorecon uses the file contexts defined in
policy and if you look at these
/etc/selinux/policyname/contexts/files/file_contexts you will see it
defines a full context including role not just type. So the role from
restorecon and matchpathcon come from those files.

Dave
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 07:04 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.