selinux_fcontext

Set the SELinux context of files with semanage fcontext.

Actions

Action	Description
`:manage`	(Default) Assigns the file to the right context regardless of previous state.
`:add`	Assigns the file context if not set.(`-a`)
`:modify`	Updates the file context if previously set.(`-m`)
`:delete`	Removes the file context if set. (`-d`)

Properties

Name	Type	Default	Description
`file_spec`	String	Resource name	Path or regular expression to files to modify.
`secontext`	String		The SELinux context to assign the file to.
`file_type`	String	`a` (all files)	Restrict the resource to only modifying specific file types. See list below.

Supported file types:

a - All files
f - Regular files
d - Directory
c - Character device
b - Block device
s - Socket
l - Symbolic link
p - Named pipe

Examples

# Allow http servers (e.g. nginx/apache) to modify moodle files
selinux_policy_fcontext '/var/www/moodle(/.*)?' do
  secontext 'httpd_sys_rw_content_t'
end
 
# Adapt a symbolic link
selinux_policy_fcontext '/var/www/symlink_to_webroot' do
  secontext 'httpd_sys_rw_content_t'
  file_type 'l'
end

Selinux Boolean Selinux Install