Add note about sefcontext doing no restorecon (#39076)
* Add note about sefcontext doing no restorecon To someone like me who is relatively new to SELinux, setting the "reload" option to yes might suggest that a restorecon is automatically executed after the semanage call, making the new file context effective immediately. I have found out that this is not the case and would like to clarify this to others. +label: docsite_pr * Replace note by one suggested by reviewer Reviewer dagwieers suggested a better notice text during review of my original one, giving recommendations about what to do to actually get the newly chosen SELinux context applied to the file.
This commit is contained in:
parent
fdcf8c7f74
commit
db88cb8d8f
1 changed files with 4 additions and 0 deletions
|
@ -53,6 +53,10 @@ options:
|
|||
default: 'yes'
|
||||
notes:
|
||||
- The changes are persistent across reboots
|
||||
- The M(sefcontext) module does not modify existing files to the new
|
||||
SELinux context(s), so it is advisable to first create the SELinux
|
||||
file contexts before creating files, or run C(restorecon) manually
|
||||
for the existing files that require the new SELinux file contexts.
|
||||
requirements:
|
||||
- libselinux-python
|
||||
- policycoreutils-python
|
||||
|
|
Loading…
Reference in a new issue