Stephen Smalley writes: > It means that the context stored in the file's extended attribute on > disk is inconsistent with the file_contexts configuration. To fix, > run /sbin/restorecon on the file(s) in question. So it isn't really an RPM check then, rather an external check on files choosen by RPM. Thanks for the explanation! There seems to be something more involved, though. When doing "rpm -Va" I get complaints about a few files. Doing restorecon doesn't change anything. See below for /etc/idmapd.conf as an example. My rpm is from FC3 while SELinux-packages are from FC4 test, in case this could be a compatibility issue. I would like to understand what is going on here. [root@mimmi ~]# rpm -Vf /etc/idmapd.conf ..5....TC c /etc/idmapd.conf S.5....T. c /var/lib/nfs/etab S.5....T. c /var/lib/nfs/rmtab ........? /var/lib/nfs/rpc_pipefs ..?...... c /var/lib/nfs/state ..?....T. c /var/lib/nfs/xtab [root@mimmi ~]# ls -lZ /etc/idmapd.conf -rw-r--r-- root root root:object_r:etc_t /etc/idmapd.conf [root@mimmi ~]# /sbin/restorecon /etc/idmapd.conf [root@mimmi ~]# ls -lZ /etc/idmapd.conf -rw-r--r-- root root root:object_r:etc_t /etc/idmapd.conf [root@mimmi ~]# rpm -Vf /etc/idmapd.conf ..5....TC c /etc/idmapd.conf S.5....T. c /var/lib/nfs/etab S.5....T. c /var/lib/nfs/rmtab ........? /var/lib/nfs/rpc_pipefs ..?...... c /var/lib/nfs/state ..?....T. c /var/lib/nfs/xtab [root@mimmi ~]# rpm -qf /etc/idmapd.conf nfs-utils-1.0.7-6 [root@mimmi ~]# rpm -q rpm selinux-policy-strict-sources selinux-policy-strict rpm-4.3.2-21 selinux-policy-strict-sources-1.23.16-6 selinux-policy-strict-1.23.16-6 -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
