[gentoo-commits] proj/hardened-docs:master commit in: xml/

["Sven Vermeulen" <sven.vermeulen@siphos.be>]

commit:     e355d40278fe8df7e742825cb2baa9b15a115e09
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sat May 14 12:13:36 2011 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sat May 14 12:13:36 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=e355d402

Add FAQ on how to retrieve the file context rule for a particular path

---
 xml/selinux-faq.xml |   31 +++++++++++++++++++++++++++++--
 1 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/xml/selinux-faq.xml b/xml/selinux-faq.xml
index 471917e..969b562 100644
--- a/xml/selinux-faq.xml
+++ b/xml/selinux-faq.xml
@@ -17,8 +17,8 @@ The FAQ is a collection of solutions found on IRC, mailinglist, forums or
 elsewhere
 </abstract>
 
-<version>7</version>
-<date>2011-05-03</date>
+<version>8</version>
+<date>2011-05-14</date>
 
 <faqindex>
 <title>Questions</title>
@@ -234,6 +234,33 @@ context.
 
 </body>
 </section>
+<section id="matchcontext">
+<title>
+  How do I know which file context rule is used for a particular file?
+</title>
+<body>
+
+<p>
+If you use the <c>matchpathcon</c> command, it will tell you what the security
+context for the given path (file or directory) should be, but it doesn't tell
+you which rule it used to deduce this. To do that, you can use <c>findcon</c>:
+</p>
+
+<pre caption="Using findcon">
+~# <i>findcon /etc/selinux/strict/contexts/files/file_contexts -p /lib64/rc/init.d</i>
+/.*                          system_u:object_r:default_t
+/lib(64)?/rc/init\.d(/.*)?   system_u:object_r:initrc_state_t
+/lib64/.*                    system_u:object_r:lib_t
+</pre>
+
+<p>
+When the SELinux utilities try to apply a context, they try to match the rule
+that is the most specific, so in the above case, it is the one that leads to the
+initrc_state_t context.
+</p>
+
+</body>
+</section>
 </chapter>
 
 <chapter>