Re: make relabel > restorecon

[Daniel J Walsh <dwalsh@xxxxxxxxxx>]

Richard Hally wrote:

> Steve Brueckner wrote:
>
> > Daniel J Walsh wrote:
> >  
> >
> > > Steve Brueckner wrote:
> > >   
> > >
> > > > Daniel J Walsh wrote:
> > > >     
> > > >
> > > > > Steve Brueckner wrote:
> > > > >       
> > > > >
> > > > > > I have a file
> > > > > > /etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc 
> > > > > >
> > > > > > that contains the following line only:
> > > > > >
> > > > > > /tspi/usr/local/bin/dillo    --    
> > > > > > system_u:object_r:tspi_dillo_exec_t
> > > > > >
> > > > > > When I do # make reload and then # make relabel the system
> > > > > > correctly labels the file and adds the above line to the master
> > > > > > file_contexts file.
> > > > > > However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
> > > > > > the file's type reverts to default_t
> > > > > >
> > > > > > Any ideas on why this is happening?
> > > > > >
> > > > > >         
> > > > >
> > > > > I take it you have a domains/program/tspi_dillo.te file?
> > > > >
> > > > > grep dillo /etc/selinux/targeted/context/files/*
> > > > >
> > > > >       
> > > >
> > > > Yes, I have
> > > > /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
> > > > which declares the tspi_dillo_exec_t.
> > > >
> > > > However, I think your grep showed me where the problem lies.  There
> > > > are two file_contexts files:
> > > > /etc/selinux/targeted/src/policy/file_contexts/file_contexts
> > > > /etc/selinux/targeted/context/files/file_contexts
> > > > And a diff shows that the former has the context for dillo and the
> > > > latter does not.  I was apparently mistaken earlier when I said that
> > > > the "master" file_contexts file contains the line in question.
> > > >
> > > > So my question now becomes how does the former get updated?  I've
> > > > done make reload and make relabel but it seems that neither is
> > > > updating /etc/selinux/targeted/context/files/file_contexts.
> > > >
> > > >     
> > >
> > > That is strange.  Make reload should have copied the your
> > > file_context over.
> > > Try make -W users load
> > > See if the file_context gets replaced.  Any chance of clock skew on
> > > your machine.
> > >   
> >
> >
> > Fooling make into thinking users had been updated did the trick, 
> > thanks.  My
> > clock, logs, and file times all look fine, so I don't think clock 
> > skew is
> > the problem.
> >
> > I am, however, running (last week's) rawhide SELinux and rawhide 
> > kernel on
> > an othewise FC3 install, so maybe there's something not meshing in 
> > there.
> > Am I correct in thinking that the rawhide SELinux packages are currently
> > being written and tested on FC4?
> >
> > Anyway, I appreciate the assist.
> >
> > - Steve Brueckner, ATC-NY
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> > http://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> >  
> Wasn't there a change a while back(3-4 weeks) to the make file that 
> requires 'make install' to update the file_contexts? I've been using 
> 'make clean install reload' to do a complete update from source policy.
>
> Richard Hally
Shouldn't have to.  The goal was to never do a make install since this 
will blow away any user customizations.

Dan

--


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list