RE: make relabel > restorecon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel J Walsh wrote:
> Steve Brueckner wrote:
>> Daniel J Walsh wrote:
>>> Steve Brueckner wrote:
>>>> I have a file
>>>> /etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc
>>>> that contains the following line only:
>>>> 
>>>> /tspi/usr/local/bin/dillo	--	system_u:object_r:tspi_dillo_exec_t
>>>> 
>>>> When I do # make reload and then # make relabel the system
>>>> correctly labels the file and adds the above line to the master
>>>> file_contexts file. 
>>>> 
>>>> However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
>>>> the file's type reverts to default_t
>>>> 
>>>> Any ideas on why this is happening?
>>>> 
>>> I take it you have a domains/program/tspi_dillo.te file?
>>> 
>>> grep dillo /etc/selinux/targeted/context/files/*
>>> 
>> Yes, I have
>> /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
>> which declares the tspi_dillo_exec_t.
>> 
>> However, I think your grep showed me where the problem lies.  There
>> are two file_contexts files:
>> /etc/selinux/targeted/src/policy/file_contexts/file_contexts
>> /etc/selinux/targeted/context/files/file_contexts 
>> 
>> And a diff shows that the former has the context for dillo and the
>> latter does not.  I was apparently mistaken earlier when I said that
>> the "master" file_contexts file contains the line in question.
>> 
>> So my question now becomes how does the former get updated?  I've
>> done make reload and make relabel but it seems that neither is
>> updating /etc/selinux/targeted/context/files/file_contexts.
>> 
> That is strange.  Make reload should have copied the your
> file_context over. 
> 
> Try make -W users load
> See if the file_context gets replaced.  Any chance of clock skew on
> your machine.

Fooling make into thinking users had been updated did the trick, thanks.  My
clock, logs, and file times all look fine, so I don't think clock skew is
the problem.

I am, however, running (last week's) rawhide SELinux and rawhide kernel on
an othewise FC3 install, so maybe there's something not meshing in there.
Am I correct in thinking that the rawhide SELinux packages are currently
being written and tested on FC4?

Anyway, I appreciate the assist.

 - Steve Brueckner, ATC-NY

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux