Somebody in the thread at some point said: > On Wed, 2007-10-17 at 21:21 +0100, Andy Green wrote: >> Doesn't matter if the source is local or remote, the label is decided >> at file creation time at the destination. > > On that note, what sets it? Inheriting them from the parent? SELinux > itself acting on all file saves? Yes, where "file save" == open with O_CREAT (ie, creating the new file) AIUI. The knowledge about what labels to use where though is held by labels on the parent directories. So the only reason /var/www/* -- and all who are created in her --- are associated with httpd is the directory label: # ll -Zd /var/www drwxr-xr-x root root system_u:object_r:httpd_sys_content_t /var/www -Andy
