selinux January 2010 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: are comments allowed in default_contexts?

Re: are comments allowed in default_contexts?

From: Stephen Smalley <sds_at_nospam>
Date: Mon Jan 25 2010 - 17:47:03 GMT
To: Larry Ross <>

On Mon, 2010-01-25 at 08:39 -0800, Larry Ross wrote:
> A quick question: Are comments allowed in the default_contexts and
> user contexts files?
> /etc/selinux/strict/contexts/
> and
> /etc/selinux/strict/contexts/users/root
> Are normal '#' comment lines ignored in the processing of these files?

Technically, no. However, the first field (e.g. system_r:crond_t:s0) is matched against the caller's context and if it does not match, then the line is ignored. So in effect, any illegal context value, including '#' should cause the entire line to be ignored. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.