Paul Howarth wrote:
On Sat, 2006-04-08 at 12:18 -0500, Bruno Wolff III wrote:
Don't know much about writing custom policy modules from scratch, but
the context management should be easy enough using semanage.
For instance, to make /srv/softlib and everything underneath it have a
default context type of public_content_rw_t:
# semanage fcontext -a -t public_content_rw_t '/srv/softlib(/.*)?'
Allow Apache to listen on port 81:
# semanage port -a -t http_port_t -p tcp 81
It's currently possible to see the local changes you've made in this way
by looking at /etc/selinux/targeted/contexts/files/file_contexts.local
etc.
semanage doesn't change the contexts of existing files, it changes the
underlying policy. This means that changes made using semanage will be
effected if you use "restorecon" or do a full relabel.
I rather thought that's how semanage should work, but one would be
hard pressed to deduce that from the manpage, for which the
description begins with the extraordinary insight:
"This manual page describes the semanage program."
and says little else about what the program actually does. I haven't
seen writing of that calibre since the third grade,"
"My Vacation," by Amy Heppelwhite
"Here's what I did on my vacation. ..."
--
Bob Nichols Yes, "NOSPAM" is really part of my email address.
