FileLabelRecipe

From SELinux Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 15:05, 27 October 2009 (edit)
ChrisPeBenito (Talk | contribs)

← Previous diff
Revision as of 18:37, 19 November 2009 (edit) (undo)
JoshuaBrindle (Talk | contribs)

Next diff →
Line 1: Line 1:
-If you want to change the context of a file the ''chcon'' program. However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the /.autorelabel file and rebooting. The ''semanage'' program is used to make customizations to the SELinux policy configuration.+If you want to change the context of a file the ''chcon'' program can do this. However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the ''/.autorelabel'' file and rebooting. The ''semanage'' program is used to make customizations to the SELinux policy configuration.
For example, if you want to set the file '''/path/to/myfile''' to have the type '''myfile_t''', the following semanage command can be run: For example, if you want to set the file '''/path/to/myfile''' to have the type '''myfile_t''', the following semanage command can be run:
Line 5: Line 5:
# semanage fcontext -a -t myfile_t /path/to/myfile # semanage fcontext -a -t myfile_t /path/to/myfile
-You must be the root Linux user and in a role allowed to run semanage, such as sysadm_r or unconfined_r.+You must be the root Linux user and in a role allowed to run semanage, such as ''sysadm_r'' or ''unconfined_r''.
This will add an entry in the system file contexts. This entry will be persistent, even when the distribution policy is updated. However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy. This can be tested by running the ''restorecon'' command and examining the file's context afterward: This will add an entry in the system file contexts. This entry will be persistent, even when the distribution policy is updated. However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy. This can be tested by running the ''restorecon'' command and examining the file's context afterward:

Revision as of 18:37, 19 November 2009

If you want to change the context of a file the chcon program can do this. However, changes made this way will not preserved if the file is relabeled by using restorecon or using the /.autorelabel file and rebooting. The semanage program is used to make customizations to the SELinux policy configuration.

For example, if you want to set the file /path/to/myfile to have the type myfile_t, the following semanage command can be run:

# semanage fcontext -a -t myfile_t /path/to/myfile

You must be the root Linux user and in a role allowed to run semanage, such as sysadm_r or unconfined_r.

This will add an entry in the system file contexts. This entry will be persistent, even when the distribution policy is updated. However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy. This can be tested by running the restorecon command and examining the file's context afterward:

# restorecon /path/to/myfile
# ls -Z /path/to/myfile
system_u:object_r:myfile_t /path/to/myfile
Personal tools