FileLabelRecipe - Revision history http://selinuxproject.org/w/?title=FileLabelRecipe&action=history Revision history for this page on the wiki en MediaWiki 1.23.13 Thu, 28 Mar 2024 11:45:04 GMT Jaxelson: added category http://selinuxproject.org/w/?title=FileLabelRecipe&diff=1002&oldid=prev http://selinuxproject.org/w/?title=FileLabelRecipe&diff=1002&oldid=prev <p>added category</p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 18:28, 31 August 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 10:</td> <td colspan="2" class="diff-lineno">Line 10:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # ls -Z /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # ls -Z /path/to/myfile</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; system_u:object_r:myfile_t /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; system_u:object_r:myfile_t /path/to/myfile</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">[[Category:Recipes]]</ins></div></td></tr> </table> Tue, 31 Aug 2010 18:28:28 GMT Jaxelson http://selinuxproject.org/page/Talk:FileLabelRecipe MurrayMcAllister: text review http://selinuxproject.org/w/?title=FileLabelRecipe&diff=823&oldid=prev http://selinuxproject.org/w/?title=FileLabelRecipe&diff=823&oldid=prev <p>text review</p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 10:19, 25 November 2009</td> </tr><tr><td colspan="2" class="diff-lineno">Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">If you want to </del>change the context of a file <del class="diffchange diffchange-inline">the ''chcon'' program can do this.&#160; However</del>, changes made <del class="diffchange diffchange-inline">this way will </del>not preserved if the file is relabeled <del class="diffchange diffchange-inline">by using ''</del>restorecon<del class="diffchange diffchange-inline">'' </del>or <del class="diffchange diffchange-inline">using </del>the <del class="diffchange diffchange-inline">''</del>/.autorelabel<del class="diffchange diffchange-inline">'' file </del>and rebooting. <del class="diffchange diffchange-inline"> </del>The <del class="diffchange diffchange-inline">''</del>semanage<del class="diffchange diffchange-inline">'' </del>program <del class="diffchange diffchange-inline">is used to </del>make customizations to the SELinux policy configuration.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">The chcon program can </ins>change the context of a file<ins class="diffchange diffchange-inline">; however</ins>, changes made <ins class="diffchange diffchange-inline">with chcon are </ins>not preserved if the file is relabeled <ins class="diffchange diffchange-inline">with </ins>restorecon<ins class="diffchange diffchange-inline">, </ins>or <ins class="diffchange diffchange-inline">if </ins>the <ins class="diffchange diffchange-inline">entire file system is relabeled using &quot;touch </ins>/.autorelabel<ins class="diffchange diffchange-inline">&quot; </ins>and <ins class="diffchange diffchange-inline">then </ins>rebooting. The semanage program <ins class="diffchange diffchange-inline">can </ins>make <ins class="diffchange diffchange-inline">persistent </ins>customizations to the SELinux policy configuration.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">For example</del>, <del class="diffchange diffchange-inline">if </del>you <del class="diffchange diffchange-inline">want </del>to set the <del class="diffchange diffchange-inline">file '''</del>/path/to/myfile<del class="diffchange diffchange-inline">''' to have the type '''myfile_t''', the following semanage command can be run</del>:</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">To run semanage</ins>, you <ins class="diffchange diffchange-inline">must be the Linux root user and in a role allowed to run semanage, such as sysadm_r or unconfined_r. The following example uses semanage </ins>to set the <ins class="diffchange diffchange-inline">myfile_t type for the &quot;</ins>/path/to/myfile<ins class="diffchange diffchange-inline">&quot; file</ins>:</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # semanage fcontext -a -t myfile_t /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # semanage fcontext -a -t myfile_t /path/to/myfile</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">You must be the root Linux user and in a role allowed to run </del>semanage<del class="diffchange diffchange-inline">, such as ''sysadm_r'' or ''unconfined_r''.</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">This </ins>semanage <ins class="diffchange diffchange-inline">command adds </ins>an entry in the system file contexts. This entry will be persistent, even <ins class="diffchange diffchange-inline">after </ins>the distribution policy is updated. <ins class="diffchange diffchange-inline">If </ins>you change policies, <ins class="diffchange diffchange-inline">for example, </ins>from targeted to <ins class="diffchange diffchange-inline">MLS</ins>, you <ins class="diffchange diffchange-inline">must </ins>re-run the above command to add <ins class="diffchange diffchange-inline">the entry </ins>to the new policy. <ins class="diffchange diffchange-inline">Run </ins>the restorecon command <ins class="diffchange diffchange-inline">to apply </ins>the <ins class="diffchange diffchange-inline">changes added via &quot;semanage fcontext&quot;</ins>:</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">This will add </del>an entry in the system file contexts. <del class="diffchange diffchange-inline"> </del>This entry will be persistent, even <del class="diffchange diffchange-inline">when </del>the distribution policy is updated. <del class="diffchange diffchange-inline"> However, if </del>you change policies, <del class="diffchange diffchange-inline">e.g. </del>from targeted to <del class="diffchange diffchange-inline">mls</del>, you <del class="diffchange diffchange-inline">will have to </del>re-run the above command to add <del class="diffchange diffchange-inline">it </del>to the new policy. <del class="diffchange diffchange-inline"> This can be tested by running </del>the <del class="diffchange diffchange-inline">''</del>restorecon<del class="diffchange diffchange-inline">'' </del>command <del class="diffchange diffchange-inline">and examining </del>the <del class="diffchange diffchange-inline">file's context afterward</del>:</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # restorecon /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # restorecon /path/to/myfile</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # ls -Z /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # ls -Z /path/to/myfile</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; system_u:object_r:myfile_t /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; system_u:object_r:myfile_t /path/to/myfile</div></td></tr> </table> Wed, 25 Nov 2009 10:19:35 GMT MurrayMcAllister http://selinuxproject.org/page/Talk:FileLabelRecipe JoshuaBrindle at 18:37, 19 November 2009 http://selinuxproject.org/w/?title=FileLabelRecipe&diff=806&oldid=prev http://selinuxproject.org/w/?title=FileLabelRecipe&diff=806&oldid=prev <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 18:37, 19 November 2009</td> </tr><tr><td colspan="2" class="diff-lineno">Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>If you want to change the context of a file the ''chcon'' program.&#160; However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the /.autorelabel file and rebooting.&#160; The ''semanage'' program is used to make customizations to the SELinux policy configuration.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>If you want to change the context of a file the ''chcon'' program <ins class="diffchange diffchange-inline">can do this</ins>.&#160; However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the <ins class="diffchange diffchange-inline">''</ins>/.autorelabel<ins class="diffchange diffchange-inline">'' </ins>file and rebooting.&#160; The ''semanage'' program is used to make customizations to the SELinux policy configuration.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>For example, if you want to set the file '''/path/to/myfile''' to have the type '''myfile_t''', the following semanage command can be run:</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>For example, if you want to set the file '''/path/to/myfile''' to have the type '''myfile_t''', the following semanage command can be run:</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 5:</td> <td colspan="2" class="diff-lineno">Line 5:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # semanage fcontext -a -t myfile_t /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # semanage fcontext -a -t myfile_t /path/to/myfile</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>You must be the root Linux user and in a role allowed to run semanage, such as sysadm_r or unconfined_r.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>You must be the root Linux user and in a role allowed to run semanage, such as <ins class="diffchange diffchange-inline">''</ins>sysadm_r<ins class="diffchange diffchange-inline">'' </ins>or <ins class="diffchange diffchange-inline">''</ins>unconfined_r<ins class="diffchange diffchange-inline">''</ins>.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This will add an entry in the system file contexts.&#160; This entry will be persistent, even when the distribution policy is updated.&#160; However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy.&#160; This can be tested by running the ''restorecon'' command and examining the file's context afterward:</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This will add an entry in the system file contexts.&#160; This entry will be persistent, even when the distribution policy is updated.&#160; However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy.&#160; This can be tested by running the ''restorecon'' command and examining the file's context afterward:</div></td></tr> </table> Thu, 19 Nov 2009 18:37:43 GMT JoshuaBrindle http://selinuxproject.org/page/Talk:FileLabelRecipe ChrisPeBenito at 15:05, 27 October 2009 http://selinuxproject.org/w/?title=FileLabelRecipe&diff=781&oldid=prev http://selinuxproject.org/w/?title=FileLabelRecipe&diff=781&oldid=prev <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 15:05, 27 October 2009</td> </tr><tr><td colspan="2" class="diff-lineno">Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>If you want to change the context of a file the ''chcon'' program.&#160; However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the /.autorelabel file and rebooting.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>If you want to change the context of a file the ''chcon'' program.&#160; However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the /.autorelabel file and rebooting. <ins class="diffchange diffchange-inline"> The ''semanage'' program is used to make customizations to the SELinux policy configuration.</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">For example, if you want to set the file '''/path/to/myfile''' to have the type '''myfile_t''', the following semanage command can be run:</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # semanage fcontext -a -t myfile_t /path/to/myfile</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&#160; # semanage fcontext -a -t myfile_t /path/to/myfile</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This will add an entry in the system file contexts.&#160; This entry will be persistent, even when the distribution policy is updated.&#160; However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">You must be the root Linux user and in a role allowed to run semanage, such as sysadm_r or unconfined_r.</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This will add an entry in the system file contexts.&#160; This entry will be persistent, even when the distribution policy is updated.&#160; However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy. <ins class="diffchange diffchange-inline"> This can be tested by running the ''restorecon'' command and examining the file's context afterward:</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> # restorecon /path/to/myfile</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> # ls -Z /path/to/myfile</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline"> system_u:object_r:myfile_t /path/to/myfile</ins></div></td></tr> </table> Tue, 27 Oct 2009 15:05:27 GMT ChrisPeBenito http://selinuxproject.org/page/Talk:FileLabelRecipe ChrisPeBenito: New page: If you want to change the context of a file the ''chcon'' program. However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the /.autore... http://selinuxproject.org/w/?title=FileLabelRecipe&diff=780&oldid=prev http://selinuxproject.org/w/?title=FileLabelRecipe&diff=780&oldid=prev <p>New page: If you want to change the context of a file the &#039;&#039;chcon&#039;&#039; program. However, changes made this way will not preserved if the file is relabeled by using &#039;&#039;restorecon&#039;&#039; or using the /.autore...</p> <p><b>New page</b></p><div>If you want to change the context of a file the ''chcon'' program. However, changes made this way will not preserved if the file is relabeled by using ''restorecon'' or using the /.autorelabel file and rebooting.<br /> <br /> # semanage fcontext -a -t myfile_t /path/to/myfile<br /> <br /> This will add an entry in the system file contexts. This entry will be persistent, even when the distribution policy is updated. However, if you change policies, e.g. from targeted to mls, you will have to re-run the above command to add it to the new policy.</div> Tue, 27 Oct 2009 14:52:08 GMT ChrisPeBenito http://selinuxproject.org/page/Talk:FileLabelRecipe