selinux versus chcon

Daniel J Walsh dwalsh at redhat.com
Tue Sep 20 15:05:26 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/19/2011 04:01 PM, Fulko Hew wrote:
> On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris <eparis at redhat.com>
> wrote:
>> On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote:
>> 
>>> If so... why use chcon versus the semanage/restorecon
>>> technique? or if my assesement is wrong... can someone point me
>>> to a better explanation/tutorial?
> 
> ... snip ...
> 
>> So semanage+restorecon == will last, chcon == will likely get
>> blown away and make you angry later.
> 
> Thanks for confirming that for me.
> 
> Now my next issue is 'apparently' unknown contexts.
> 
> My original RPM spec file added the 'httpd_sys_rw_content_t'
> context to a directory.  Which was great for the versions of Fedora
> I was testing on, but now in RHEL 5.6 semanage complains with:
> "type 'httpd_sys_rw_content_t' not defined."
> 
> So it seems that my %post section of my RPM file has to either
> 'know' what distribution or version of selinux support is installed
> so I can avoid attempting to use types that are not defined, or
> having some way of finding out what 'types' are available 'in this
> OS' so that I issue the 'appropriate commands'.
> 
> How can I find out what 'types' are available'?
> 
> Fulko


Another option would be just to request this labeling in the base
package.  Open a bugzilla.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk54q7YACgkQrlYvE4MpobPFYQCg4Rt/vRLN+cy25ZGdfdhmrNTC
sZEAoNM1/xANhFjKkroRL2+eN5OnC4x4
=sTNx
-----END PGP SIGNATURE-----


More information about the Rpm-list mailing list