Wikipedia:Reference desk/Archives/Computing/2018 March 5

= March 5 =

Why are selinux contexts controlled via REs in /etc/selinux/targeted/contexts/files/ rather than directory inheritance
It seems odd to me that selinux facls are controlled by defaults in directories (setfacl -d) whereas contexts are stored as regular expressions in files via semanage. Why the difference? -- Q Chris (talk) 09:12, 5 March 2018 (UTC)
 * Since there are no takers for this question I though I would add my own insight after working for a few days with selinux. It appears that facls are usually the concern of the sys admin, like the file groups and permissions. On the other hand contexts and policies are likely to be set by application developers and distribution packagers, so it is useful to have them defined in this way. - Q Chris (talk) 15:40, 9 March 2018 (UTC)