SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: Propper labeling of files under /var/www This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Stephen Smalley <sds_at_tycho.nsa.gov> Date: Wed, 19 Dec 2007 10:29:05 -0500 On Wed, 2007-12-19 at 10:05 -0500, Daniel J Walsh wrote: *> -----BEGIN PGP SIGNED MESSAGE-----* > Hash: SHA1 > > Stephen Smalley wrote: > > On Wed, 2007-12-19 at 10:13 +0000, Stefan Schulze Frielinghaus wrote: > >> On Tue, 2007-12-18 at 13:55 -0500, Stephen Smalley wrote: > >> [...] > >>> Try restorecon -FRv /var/www > >> Yeah that solved the problem. The -F option is a little bit tricky ;-) > >> Never expected something like that. > > > > /etc/selinux/targeted/contexts/customizable_types was created to allow > > programs like restorecon to omit files with certain types from being > > relabeled by default, so that admin customizations wouldn't be lost. > > The httpd-related types are a common case of this, where the admin wants > > to manually manage the type under the web root and not have them > > clobbered. As to whether it still makes sense when we have semanage > > fcontext, I'm not sure. > > > Yes I would like to remove it, it is more trouble then it is worth at > this point. semanage is the way things should be customized. We > should remove it from Fedora 9 and going forward. > > Added munin cgi defitions to rawhide, but update does not fix them since > they were already labeled httpd_sys_content_t. So just ship an empty customizable_types file, and restorecon/setfiles will relabel everything (aside from what is excluded via <<none>>). -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Wed 19 Dec 2007 - 10:30:08 EST This message: [ Message body ] Next message: Stephen Smalley: "Re: acpid.socket" Previous message: Karl MacMillan: "Re: Fixes for sepolgen to parse Fedora 9 Policy" In reply to: Daniel J Walsh: "Re: Propper labeling of files under /var/www" Next in thread: Stefan Schulze Frielinghaus: "Re: Propper labeling of files under /var/www" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom