On 06/02/14 12:12, Sven Vermeulen wrote:
>
> Policies do contain paths. They contain path expressions to be more 
> precise.
>
> During policy load, the path expressions together with the target 
> contexts are extracted and placed in 
> /etc/selinux/mcs/contexts/files/file_contexts, which is where tools 
> like matchpathcon get their information from.
>
> Wkr,
>   Sven Vermeulen
>
> On Jun 1, 2014 5:48 PM, "dE" <de.techno@gmail.com 
> <mailto:de.techno@gmail.com>> wrote:
>
>     As we know, policies don't contain paths. So the working of
>     matchpathcon/setfiles must be based on common sense.
>
>     It looks like it knows certain special folders and it's
>     appropriate security context, for e.g. home folder contents should
>     have files with user_home_t and suggests the correct SELinux user
>     for the files/directories based on which user's home folder is it.
>
>     Other directories/files should have the same security context as
>     the parent directory, like with /opt.
>
>     Is this correct?
>

Do the paths have any other purpose other than defining the default 
security context?