Skip to content

Latest commit

 

History

History
48 lines (37 loc) · 1.84 KB

selinux_fcontext.md

File metadata and controls

48 lines (37 loc) · 1.84 KB
Raw

Back to resource list

selinux_fcontext

Set the SELinux context of files with semanage fcontext.

Actions

Action Description
:manage (Default) Assigns the file to the right context regardless of previous state.
:add Assigns the file context if not set.(-a)
:modify Updates the file context if previously set.(-m)
:delete Removes the file context if set. (-d)

Properties

Name Type Default Description
file_spec String Resource name Path or regular expression to files to modify.
secontext String The SELinux context to assign the file to.
file_type String a (all files) Restrict the resource to only modifying specific file types. See list below.

Supported file types:

  • a - All files
  • f - Regular files
  • d - Directory
  • c - Character device
  • b - Block device
  • s - Socket
  • l - Symbolic link
  • p - Named pipe

Examples

# Allow http servers (e.g. nginx/apache) to modify moodle files
selinux_policy_fcontext '/var/www/moodle(/.*)?' do
  secontext 'httpd_sys_rw_content_t'
end

# Adapt a symbolic link
selinux_policy_fcontext '/var/www/symlink_to_webroot' do
  secontext 'httpd_sys_rw_content_t'
  file_type 'l'
end