• 1

Re: semanage clarification

If you want to have a customized label for a file, you need to tell SELinux about it. You can either do this via the semanage command as you state or by building a custom policy module including a fc file

semanage fcontext -a -f -- -t tmp_t /root/example.txt


/root/example.txt gen_context(system_u:object_r:tmp_t, s0)

Contents in the home directory are special. This is because we do not know where the homedir will be. If you look in

grep public_html /etc/selinux/targeted/contexts/files/file_contexts.homedirs
/home/[^/]*/((www)|(web)|(public_html)|(public_git))(/.+)? unconfined_u:object_r:httpd_user_content_t:s0
/home/pwalsh/((www)|(web)|(public_html)|(public_git))(/.+)? staff_u:object_r:httpd_user_content_t:s0

genhomedircon generates this file out of


If you want to customize content in the homedir you need to install a custom policy with a file contents like

HOME_DIR/example.txt -- gen_context(system_u:object_r:tmp_t,s0)

  • 1

Log in