selinux versus chcon
eparis at redhat.com
Mon Sep 19 19:32:36 UTC 2011
On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote:
> If so... why use chcon versus the semanage/restorecon technique?
> or if my assesement is wrong... can someone point me to a better
chcon is almost never the right way to go. It changes the file on the
FS, but it is likely to get changed back the next time a file is
installed in that location.
semanage fcontext -a will tell the userspace policy what the right label
for the file should be. restorecon then queries the 'right' label from
the policy and does the same underlying thing chcon does to set that
So semanage+restorecon == will last, chcon == will likely get blown away
and make you angry later.
More information about the Rpm-list