From 245aa971b9a8ec31fd1e5a766ad3940702ff66b7 Mon Sep 17 00:00:00 2001 From: "Chris St. Pierre" Date: Thu, 11 Apr 2013 14:47:46 -0400 Subject: POSIX: SELinux context fixes for Path entries * Fixed Path entries with secontext='__default__' where no fcontext rule applied to the path. * Permitted setting secontext='' when no SELinux context should be applied to a Path entry --- doc/server/plugins/generators/rules.txt | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/server/plugins/generators/rules.txt b/doc/server/plugins/generators/rules.txt index 2789411e7..845006115 100644 --- a/doc/server/plugins/generators/rules.txt +++ b/doc/server/plugins/generators/rules.txt @@ -117,8 +117,13 @@ describe the attributes available for various Path types. Note that ``secontext`` below expects a full context, not just the type. For instance, "``system_u:object_r:etc_t:s0``", not just ``etc_t``. You can also specify "``__default__``", which will restore -the context of the file to the default set by policy. See -:ref:`server-selinux` for more information. +the context of the file to the default set by policy. If a file has +no default context rule, and you don't wish to set one, you can +specify ``secontext=''`` (i.e., an empty ``secontext``), in which case +the client will not try to manage the SELinux context of the file at +all. + +See :ref:`server-selinux` for more information. Attributes common to all Path tags: -- cgit v1.2.3-1-g7c22