semanage command not changing file context

I am trying to change selinux context for upload directory to enable anonymous upload.

This is the Directory path /var/ftp/upload

This is the default context

[root@server ftp]# ls -Z upload
drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload

I tried this command to change the type of the directory

[root@server ftp]# semanage fcontext -a -t public_content_rw_t upload
[root@server ftp]# restorecon -v upload

Its not changing, what is the mistake here ?

[root@server ftp]# ls -Z pub
drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload

The difference between semange and chcon is that chcon is "temporal" if the system gets relabel the contexts present in a file / directory will be lost, using semanage makes selinux contexts persistent.

In order to semanage to work, you must provide the full path to the file or directory, that is why semanage fcontext -a -t public_content_rw_t upload/ does not work but semanage fcontext -a -t public_content_rw_t "/var/ftp/upload(/.*)? does; restorecon does not require full path.


This is the default context

[root@server ftp]# ll -Zd upload/
drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload/

I tried this command to change the context

[root@server ftp]# semanage fcontext -a -t public_content_rw_t upload/
[root@server ftp]# ll -Zd upload/
drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload/
[root@server ftp]# restorecon -R -v upload
[root@server ftp]# ll -Zd upload/
drwxr-xr-x. root root unconfined_u:object_r:public_content_t:s0 upload/

It's not working, but this command will write the context in /etc/selinux/targeted/contexts/files/file_contexts.local file

see here

# This file is auto-generated by libsemanage
# Do not edit directly.

upload/    system_u:object_r:public_content_rw_t:s0

Now I tried this command (Working Command)

[root@server ftp]# semanage fcontext -a -t public_content_rw_t "/var/ftp/upload(/.*)?"
[root@server ftp]# restorecon -R -v upload
restorecon reset /var/ftp/upload context unconfined_u:object_r:public_content_t:s0->unconfined_u:object_r:public_content_rw_t:s0
Now context is changed.
[root@server ftp]# ll -Zd upload/
drwxr-xr-x. root root unconfined_u:object_r:public_content_rw_t:s0 upload/

But I really don't no why it's working, see the difference in command.

I got the answer in the man page of man ftpd_selinux

semanage fcontext -a -t public_content_rw_t "/var/ftpd/incoming(/.*)?"