-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2013 08:20 AM, Tris Hoar wrote:
>
> On 16/11/2013 21:46, Andrew Holway wrote:
>> [root@ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot
>> directory system_u:object_r:tftpdir_t:s0 /tftpboot/.*
>> all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd
>> regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in\.tftpd
>> regular file system_u:object_r:tftpd_exec_t:s0 /var/lib/tftpboot(/.*)?
>> all files system_u:object_r:tftpdir_rw_t:s0 /var/lib/tftpboot/etc(/.*)?
>> all files system_u:object_r:cobbler_var_lib_t:s0
>> /var/lib/tftpboot/grub(/.*)? all files
>> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/images(/.*)?
>> all files system_u:object_r:cobbler_var_lib_t:s0
>> /var/lib/tftpboot/memdisk regular file
>> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/menu\.c32
>> regular file system_u:object_r:cobbler_var_lib_t:s0
>> /var/lib/tftpboot/ppc(/.*)?all files
>> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/pxelinux\.0
>> regular file system_u:object_r:cobbler_var_lib_t:s0
>> /var/lib/tftpboot/pxelinux\.cfg(/.*)? all files
>> system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/s390x(/.*)?
>> all files system_u:object_r:cobbler_var_lib_t:s0 /var/lib/tftpboot/yaboot
>> regular file system_u:object_r:cobbler_var_lib_t:s0
>>
>> Could someone tell me why:
>>
>> /var/lib/tftpboot(/.*)? - is using (/.*)?
>
> This covers /var/lib/tftpboot and all files under it and gives them the
> label tftpdir_rw_t
>
>>
>> /tftpboot/.* - is using .*
>
> This covers all files under /tftpboot/ giving them the label tftpdir_t.
> There is a separate entry for the directory: /tftpboot
> directory system_u:object_r:tftpdir_t:s0 As to why the difference I've no
> idea as looking at other root dirs with semanage fcontext -l I can see most
> of them use (/.*)? which makes sense.
>
>>
>> Thanks,
>>
>> Andrew ___ CentOS mailing
>> list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>>
>
> Regards,
>
> Tris
>
> * This email
> and any files transmitted with it are confidential and intended solely for
> the use of the individual or entity to whom they are addressed. If you have
> received this email in error please notify postmas...@bgfl.org
>
> The views expressed within this email are those of the individual, and not
> necessarily those of the organisation
> *
>
> ___ CentOS mailing list
> CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
>
There was some fixes used for udev that allowed labeling to run faster if the
top level directory had this type of labeling as I recall. Probably not as
important with all of the improvements to labeling algorithms over the years.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlKKHgMACgkQrlYvE4MpobN0/ACg03Y8BO3IuEOL3bbWC6GiVI3n
2yoAniUXbjQFZ5XHexHIbkGsuAJGBFmq
=pvuM
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
