-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Michal Schmidt wrote: > On Thu, 13 Mar 2008 11:46:58 -0600 > "Nathanael D. Noblet" <nathanael@xxxxxxx> wrote: > >> Hello, >> I have a machine with F8, selinux-policy-targeted >> enforcing=permissive. Lots of things I do tend to throw this message >> into the console. I've tried auto relabeling, restorecon etc. I've >> removed the targeted policy and re-installed it. I searched bugzilla >> but found no one else with this issue. I'm not sure if it is the >> policy or just me. In any case I get the following in my console >> often, and while running many programs such as yum. >> >> /etc/selinux/targeted/contexts/files/file_contexts: Multiple >> different specifications for /opt (system_u:object_r:home_root_t:s0 >> and system_u:object_r:usr_t:s0). >> >> Ideas why that is the case? > > /opt is normally usr_t. I don't why you have home_root_t there. > Have you played with semanage(8) ? > > restorecon used the information in /etc/.../file_contexts. Your > file_contexts apparently contains contradictory declarations for /opt. > > Michal > grep /opt /etc/selinux/targeted/context/files/files_context I would guess this is happening for one of two reasons. One you have a service account in /etc/passwd or NIS which has a homedir in /opt. SELinux has mistakenly seen this as a login account, because the account has a UID > 500 and a valid shell. If you change the shell to /sbin/nologin or /bin/false and run genhomedircon, the duplicate file context will go away. The second way this could happen is you or some application/rpm added a file context via semanage that matches a definition from the base. You can use semanage fcontext -d FILECONTEXT to remove the file context mappening. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkfZj7oACgkQrlYvE4MpobP9xACfWHai0IOQ4TdPdHahFYu8wpLm QY8AnAxFZKuzUOU+9Ighcsyrevxjhpze =OxTK -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
