On Tue, 20 Sep 2011, Andrew Spiers <7andrew@gmail.com> wrote:

Is there a semanage command to set which users can access this file? I can't figure it out from the man page.

You don't "set which users can access a file". You set the context of the file which then determines (according to the policy database) whether a process of a given context is permitted to access it. http://doc.coker.com.au/computers/se-linux-terminology/ The context of a process for the user shell is determined by the SE Linux "identity" assigned to their account and the "role" assigned to that identity. See the above URL for some background. On Tue, 20 Sep 2011, Andrew Spiers <7andrew@gmail.com> wrote:

and yet restorecon does not change unconfined_u to system_u.

Try with the -F option. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/