semanage command not changing file context
I am trying to change selinux context for upload directory to enable anonymous upload.
This is the Directory path /var/ftp/upload
This is the default context
[root@server ftp]# ls -Z upload drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload
I tried this command to change the type of the directory
[root@server ftp]# semanage fcontext -a -t public_content_rw_t upload
[root@server ftp]# restorecon -v upload
Its not changing, what is the mistake here ?
[root@server ftp]# ls -Z pub drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload
The difference between semange and chcon is that chcon is "temporal" if the system gets relabel the contexts present in a file / directory will be lost, using semanage makes selinux contexts persistent.
In order to semanage to work, you must provide the full path to the file or directory, that is why
semanage fcontext -a -t public_content_rw_t upload/
does not work but semanage fcontext -a -t public_content_rw_t "/var/ftp/upload(/.*)?
does; restorecon does not require full path.
This is the default context
[root@server ftp]# ll -Zd upload/ drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload/
I tried this command to change the context
[root@server ftp]# semanage fcontext -a -t public_content_rw_t upload/ [root@server ftp]# ll -Zd upload/ drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload/
[root@server ftp]# restorecon -R -v upload [root@server ftp]# ll -Zd upload/ drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload/
It's not working, but this command will write the context in /etc/selinux/targeted/contexts/files/file_contexts.local
file
see here
# This file is auto-generated by libsemanage # Do not edit directly. upload/ system_u:object_r:public_content_rw_t:s0
Now I tried this command (Working Command)
[root@server ftp]# semanage fcontext -a -t public_content_rw_t "/var/ftp/upload(/.*)?"
[root@server ftp]# restorecon -R -v upload restorecon reset /var/ftp/upload context unconfined_u:object_r:public_content_t:s0->unconfined_u:object_r:public_content_rw_t:s0
Now context is changed. [root@server ftp]# ll -Zd upload/ drwxr-xr-x. root root unconfined_u:object_r:public_content_rw_t:s0 upload/
But I really don't no why it's working, see the difference in command.
I got the answer in the man page of man ftpd_selinux
semanage fcontext -a -t public_content_rw_t "/var/ftpd/incoming(/.*)?"