NOTE TO SELF!
While going over some Selinux tools, I noticed some differences in the semantics used to specify similar properties.
In a previous post, I wrote about making changes to a file context temporarily or permanently, using the chcon or semanage fcontext respectively.
The flags to specify the selinux user are different depending on the command you use. To specify the user for the chcon command, you use the -u modifier, as in:
chcon -u user_u ...
While, semanage fcontext uses the -s modifier, as in:
semanage fcontext -a -s user_u ...
In the former command, the modifier -u has the obvious mnemonic of "user".
In the latter, the modifier -s actually stands for "selinux user".
Considering the two commands are closely related, it is not so obvious that the semantic changes from one command to another.
While going over some Selinux tools, I noticed some differences in the semantics used to specify similar properties.
In a previous post, I wrote about making changes to a file context temporarily or permanently, using the chcon or semanage fcontext respectively.
The flags to specify the selinux user are different depending on the command you use. To specify the user for the chcon command, you use the -u modifier, as in:
chcon -u user_u ...
While, semanage fcontext uses the -s modifier, as in:
semanage fcontext -a -s user_u ...
In the former command, the modifier -u has the obvious mnemonic of "user".
In the latter, the modifier -s actually stands for "selinux user".
Considering the two commands are closely related, it is not so obvious that the semantic changes from one command to another.
No comments:
Post a Comment