Re: SELinux and access across 'similar types'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
> file_t means the file has no label, so the only way to create this
> type of file would be to remove the security attributes on the file.
> On an SELinux system, file_t should never be created, they are only
> created on a disabled SELinux system.  I guess you could try to use
> chcon -t file_t on a file, but I believe the kernel will block that.
> Or you could attempt to delete the SELinux label, but that might also
> be denied.

Ok, now I think I understand. The OP has stale files in /tmp which are not 
labelled, due to not purging /tmp on reboot. SELinux doesn't know how these 
files should be labelled, so it doesn't even try, and gives them the type 
file_t, which is a synonym for "this file doesn't have a type".

So the answer for the OP is to use chcon on this file to label it somehow. If 
that doesn't work, he should delete the file and recreate it (while SELinux is 
active), so that it gets properly labelled.

I learned something new today. :-) Thanks for the explanation!

Best, :-)
Marko


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux