Set persistent SELinux file types under /run

quackrabbit asked:

I set a file to a specific type using semanage fcontext, and using restorecon does properly set the file type. However, upon reboot, the type goes back the default. If I run restorecon again then it updates to its proper type. This file exists under /run/, is there a way to have this permissions change persist across reboots?

I ran semanage fcontext -a -t httpd_sys_content_t /var/run/myfile

My answer:


You’ve placed a file in /run but your semanage fcontext command references a path in /var/run. While that’s a symlink to /run on modern systems, if you create a file in /run directly, that path will never match. Try fixing that; it should be /run and not /var/run.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.