Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Inconsistent behavior with semanage

Why is that if I use "chcon -t slapd_db_t file" to change the type context of a file, it reverts with "restorecon file," but if I use "chcon -u system_u" to change the user context, restorecon has no effect.

When I try to use semanage to set the user context permanently, e.g.,

semanage fcontext -m -s system_u file restorecon -R -v file

it has no effect at all. But if I use chcon to do it, the user context is changed, and the change is persistent.

I expect this kind of "i before e except after c" stuff in spoken languages that evolved over thousands of years, but not in software where every aspect has been deliberately engineered. Am I missing something here?

Inconsistent behavior with semanage

Why is that if I use "chcon -t slapd_db_t file" to change the type context of a file, it reverts with "restorecon file," but if I use "chcon -u system_u" to change the user context, restorecon has no effect.

When I try to use semanage to set the user context permanently, e.g.,

semanage fcontext -m -s system_u file file; restorecon -R -v file

it has no effect at all. But if I use chcon to do it, the user context is changed, and the change is persistent.

I expect this kind of "i before e except after c" stuff in spoken languages that evolved over thousands of years, but not in software where every aspect has been deliberately engineered. Am I missing something here?

click to hide/show revision 3
formatted for clarity

Inconsistent behavior with semanage

Why is that if I use "chcon "chcon -t slapd_db_t file" file" to change the type context of a file, it reverts with "restorecon file," "restorecon file", but if I use "chcon "chcon -u system_u" system_u" to change the user context, restorecon restorecon has no effect.

When I try to use semanage semanage to set the user context permanently, e.g.,

semanage fcontext -m -s system_u file;
restorecon -R -v file

file

it has no effect at all. But if I use chcon chcon to do it, the user context is changed, and the change is persistent.

I expect this kind of "i before e except after c" stuff in spoken languages that evolved over thousands of years, but not in software where every aspect has been deliberately engineered. Am I missing something here?