On 1/9/2012 8:05 PM, Marko Vojinovic wrote:
> On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
>> file_t means the file has no label, so the only way to create this
>> type of file would be to remove the security attributes on the file.
>> On an SELinux system, file_t should never be created, they are only
>> created on a disabled SELinux system. I guess you could try to use
>> chcon -t file_t on a file, but I believe the kernel will block that.
>> Or you could attempt to delete the SELinux label, but that might also
>> be denied.
> Ok, now I think I understand. The OP has stale files in /tmp which are not
> labelled, due to not purging /tmp on reboot. SELinux doesn't know how these
> files should be labelled, so it doesn't even try, and gives them the type
> file_t, which is a synonym for "this file doesn't have a type".
>
> So the answer for the OP is to use chcon on this file to label it somehow. If
> that doesn't work, he should delete the file and recreate it (while SELinux is
> active), so that it gets properly labelled.
OK, I did delete the files in the /tmp/ directory, and as the running
apache process re-created them, it created them with the correct type:
[root@g6950-21025 tmp]# ls -lZ *
-rw-r--r-- apache apache system_u:object_r:httpd_sys_script_rw_t
hostname_ICECOOK.INFO
-rw-r--r-- apache apache system_u:object_r:httpd_sys_script_rw_t
hostname_LAZYFROG.INFO
etc.
So the documentation is missing something about clearing files out of
/tmp/ (or they won't get relabeled properly and processes won't be able
to access them under SELinux), but at least it's working now.
Bennett
> I learned something new today. :-) Thanks for the explanation!
>
> Best, :-)
> Marko
>
>
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
