On Sunday 08 January 2012 04:31:05 Bennett Haselton wrote:
> [root@g6950-21025 ~]# ls -lZ /tmp/hostname_SKYSLICE.INFO
> -rw-r--r-- apache apache system_u:object_r:file_t
> /tmp/hostname_SKYSLICE.INFO
> [root@g6950-21025 ~]# restorecon -v /tmp/hostname_SKYSLICE.INFO
> [root@g6950-21025 ~]# ls -lZ /tmp/hostname_SKYSLICE.INFO
> -rw-r--r-- apache apache system_u:object_r:file_t
> /tmp/hostname_SKYSLICE.INFO
> [root@g6950-21025 ~]#
Well...
With this output I would say that your policy has been customized to have
file_t as the default label for that file. Have you used audit2allow on that
machine before the filesystem was properly relabeled?
I am not sure at this point, but I would say that your SELinux policy has been
customized into an inconsistent state (since no file should have the type file_t
by default, and yet restorecon says that this is the default label for that
file). However, I don't know how to reset the customizations once they have
been made (except for the brute force method).
I have never had any machine with SELinux in this kind of state, so I am a bit
wary of giving you further advice on this matter. Also, you should probably
start a new thread about this problem (quoting the above restorecon output and
a brief history of the machine), since more eyeballs would be good in this
situation.
As for the brute force method, it would go on the lines of
* disable SELinux
* reboot
* delete all policy files in /etc/selinux/
* reinstall selinux-policy-targeted via yum
* enable SELinux for the next reboot
* prepare the autorelabel
* reboot
The idea is to get you back to the CentOS default for both the policy and the
file labels. However, there may be gotchas above or a more elegant way to
restore the default policy, so someone else might chime in with a better
advice (Dan?).
HTH, :-)
Marko
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
