The user's home directory frequently changes with newly created files or directories. These files must have the correct security context in accordance with the security policy. The
restorecond user service is responsible for watching file creation and setting the file security context to the default by policy
To see the effect of the service, we create two files:
~/normal.txt is the normal file and
~/.xscreensaver is the XScreenSaver configuration file. Without the service, both files would be of type
user_home_t. The service fixes the file ~/.xscreensaver's context and sets the type to
Operation of the service is simple but important. If the file security context is not fixed, either the security policy is ineffective, or some tasks may be locked.
That's the new feature of selinux-2019.9.1 binary.
Share on Twitter Share on Facebook Share on Linked In
Can't see mail in Inbox? Check your Spam folder.
There are currently no comments