1 SELinux can either setup labeling directory using the Application/files screen, or you can setup file equivalence. 2 3 4 File Equivalence allows an administrator to label entire directory trees as the same way as the Equivalence directory tree. 5 6 Use Case 1: 7 An administrator want to store his Apache root content in a location other then /var/www like /srv/www. He could define an equivalence between /srv/www and /var/www. 8 9 libselinux reads the equivalence rules and does the substitution when ever the matchpathcon function is called. Tools like restorecon/rpm/udev and others will all follow the substitution. Using the example above when matchpathcon is handed /srv/www/cgi-bin/myscript.cgi, it substitutes /var/www for /svr/www and looks up the context of /var/www/cgi-bin/myscript.cgi. 10 11 In the command line you could execute. 12 13 # semanage fcontext -a -e /var/www /srv/www 14 15 Another common case where you might want to use file equivalence, is if you put your users home directories in a location other then /home. 16 17 If you setup an equivalence between /home and /export/home 18 19 # matchpathcon /export/home/dwalsh/.ssh 20 /export/home/dwalsh/.ssh unconfined_u:object_r:home_ssh_t:s0 21
