Re: Format of file_contexts file

["Christopher J. PeBenito" <cpebenito@tresys.com>]

On 11/01/10 01:27, Hasan Rezaul-CHR010 wrote:
> Hi All,
> 
> My Linux system has a few product-specific directories like  /data,
> /inactive,  /repl
> 
> The default selinux policy would obviously not know how to label these
> directories the way I want, because these are not standard linux
> directories. If I want to label these directories a certain way... For
> example, suppose I want to label all the above directories as var_t,
> can I simply add a few lines to the below two files, and then perform
> relabel ? 
> 
> /etc/selinux/strict/contexts/files/file_contexts
> /etc/selinux/strict/modules/active/file_contexts
> 
> - Is it okay to directly edit those files, or are the above two files
> auto-generated ?
> - If editing the files is okay, then is it okay to stick lines in
> anywhere, or must I follow some kind of convention ?
> - or is there a more recommended way to control how those
> product-specific directories get labeled ?
> 
> - I have actually stuck some lines manually in the middle of the above
> two files, and for the most part it seems to work. But every once in a
> while, I see other directories not getting labeled correctly. Is it
> because the contents of these files have to be in a certain order ? 

These files are generated from the file contexts in the modules and the
local file contexts.  You should add your file contexts to a custom
policy module or use 'semanage fcontext' to add file contexts to the
local configuration.  Then when these files are regenerated, your file
contexts will be included.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.