On Sun, 2007-09-23 at 01:11 -0500, Arthur Pemberton wrote: > It takes less that a minute to find out 'man chcon'' : > http://linux.die.net/man/1/chcon chcon wasn't referred to in the list of see also man files at the bottom of the selinux man file. More hunting would have been required to know about that command. It's just another part of the obscureness of it. At the very least, I'd expect man selinux to get me started with the things I needed to know. > u -> user > r -> role > t -> type > > Manual modification of the security contexts aren't really expected of > most people. You need to know how to understand what's there when you're trying to work out why you can't serve something, etc. And they're still not particularly coherent with the example I gave. >>> Or a PNG file in my webserver directory: >>> user_u:object_r:httpd_sys_content_t That PNG is user user, object role, HTTP system content type? WTF! What the hell is an object role, and how is a PNG file a system anything? -- [tim@bigblack ~]$ uname -ipr 2.6.22.5-76.fc7 i686 i386 Using FC 4, 5, 6 & 7, plus CentOS 5. Today, it's FC7. Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
