0

I set a file to a specific type using semanage fcontext, and using restorecon does properly set the file type. However, upon reboot, the type goes back the default. If I run restorecon again then it updates to its proper type. This file exists under /run/, is there a way to have this permissions change persist across reboots?

I ran semanage fcontext -a -t httpd_sys_content_t /var/run/myfile

quackrabbit
  • 3
  • 3
  • `semanage fcontext` IS the way to make it persistent. Exactly what did you do? You need to be extremely specific and detailed. Edit your post and make it as long and detailed as possible. – Michael Hampton Jan 16 '18 at 18:57

1 Answers1

0

You've placed a file in /run but your semanage fcontext command references a path in /var/run. While that's a symlink to /run on modern systems, if you create a file in /run directly, that path will never match. Try fixing that; it should be /run and not /var/run.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Ok, so it won't let me do that. `conflicts with equivalency rule` – quackrabbit Jan 16 '18 at 19:20
  • 1
    SELinux restorecon is smart enough to know that /var and/var/run are equivalent. My testing confirms the same results as the OP. I've noticed this before but didn't get tot he bottom of it. A file takes on the context of the parent directory even if these is a specific fcontext for it in the database and it takes a restrecon to set it correctly. I think I worked around it by putting the file in a directory and set the appropriate context on that. – user9517 Jan 16 '18 at 19:28
  • @Iain The problem is not with restorecon, but when he creates the file initially. – Michael Hampton Jan 16 '18 at 20:03