Re: SELinux and access across 'similar types'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tuesday 10 January 2012 04:05:43 Marko Vojinovic wrote:
> On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
> > file_t means the file has no label, so the only way to create
> > this type of file would be to remove the security attributes on
> > the file. On an SELinux system, file_t should never be created,
> > they are only created on a disabled SELinux system.  I guess you
> > could try to use chcon -t file_t on a file, but I believe the
> > kernel will block that. Or you could attempt to delete the
> > SELinux label, but that might also be denied.
> 
> Ok, now I think I understand. The OP has stale files in /tmp which
> are not labelled, due to not purging /tmp on reboot. SELinux
> doesn't know how these files should be labelled, so it doesn't
> even try, and gives them the type file_t, which is a synonym for
> "this file doesn't have a type".
> 
> So the answer for the OP is to use chcon on this file to label it
> somehow. If that doesn't work, he should delete the file and
> recreate it (while SELinux is active), so that it gets properly
> labelled.
> 
> I learned something new today. :-) Thanks for the explanation!
> 
> Best, :-)
> Marko
> 
+1

I think I'm finally getting the hang of this SELinux.

Tony
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux