selinux versus chcon

Eric Paris eparis at redhat.com
Mon Sep 19 19:32:36 UTC 2011


On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote:

> If so... why use chcon versus the semanage/restorecon technique?
> or if my assesement is wrong... can someone point me to a better
> explanation/tutorial?

chcon is almost never the right way to go.  It changes the file on the
FS, but it is likely to get changed back the next time a file is
installed in that location.

semanage fcontext -a will tell the userspace policy what the right label
for the file should be.  restorecon then queries the 'right' label from
the policy and does the same underlying thing chcon does to set that
label.

So semanage+restorecon == will last, chcon == will likely get blown away
and make you angry later.

-Eric



More information about the Rpm-list mailing list