Hi all,
I just installed a CentOS 5 machine from Kickstart. I configure NSS
and PAM to lookup and authenticate users from LDAP with authconfig. On
my LDAP I also have some automount configuration, but I'm not running
automount on this server. SELinux is installed and enforcing.
Whenever I try to install an RPM (and in other occasions during boot)
I see those messages:
# rpm -Uvh ... .rpm
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost\+found.
The RPM installs fine, I guess those are just warnings. (Actually,
/usr/local is practically empty, and there are no lost+found or
.journal there, so I guess those are really innocuous.)
I dug in deeper and I found out that the source of the problem is most
probably in this file:
/etc/selinux/targeted/contexts/files/file_contexts.homedirs
Among its contents are these lines:
/usr/local/[^/]*/.+ user_u:object_r:user_home_t:s0
/usr/local/[^/]*/.*/plugins/nprhapengine\.so.* --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*/.*/plugins/libflashplayer\.so.* --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u:object_r:httpd_user_content_t:s0
/usr/local/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.* --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]* -d user_u:object_r:user_home_dir_t:s0
/usr/local/lost\+found/.* <<none>>
/usr/local -d system_u:object_r:home_root_t:s0
/usr/local/\.journal <<none>>
/usr/local/lost\+found -d system_u:object_r:lost_found_t:s0
I saw that /home and /root are there, since they are really home
directories. But /usr/local shouldn't be there! And there's a fourth
directory there, which is based on the name of our NFS fileserver:
/colossus/users/[^/]*/.+ user_u:object_r:user_home_t:s0
/colossus/users/[^/]*/.*/plugins/nprhapengine\.so.* --
user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*/.*/plugins/libflashplayer\.so.* --
user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u:object_r:httpd_user_content_t:s0
/colossus/users/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*
-- user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]* -d user_u:object_r:user_home_dir_t:s0
/colossus/users/lost\+found/.* <<none>>
/colossus/users -d system_u:object_r:home_root_t:s0
/colossus/users/\.journal <<none>>
/colossus/users/lost\+found -d system_u:object_r:lost_found_t:s0
I tried to edit the file to remove the offending entries, but after I
installed another RPM I saw that the file was regenerated with the
other entries.
So, I would like to know: Where is this coming from? How is this file
being generated? What's the command that generates it? Which command
(semanage?) apart from rpm can I use to reproduce and test the
problem? (In other words, another command that won't install or change
anything on the system but check the integrity of this file.) How can
I tweak or control the way this file is generated?
Thanks a lot!
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
