On Fri, 2005-09-02 at 16:37 +0100, Keith Sharp wrote: > Looks like the file /var/tmp/krb5kdc_rcache doesn't have a security > context: > > [root@server ~]# ls -alZ /var/tmp/ > drwxrwxrwt root root system_u:object_r:tmp_t . > drwxr-xr-x root root system_u:object_r:var_t .. > -rw------- root root root:object_r:kadmind_tmp_t kadmin_0 > -rw------- root root krb5kdc_rcache > > How should I go about fixing this? This is a result of previously booting with SELinux disabled; while SELinux is disabled, any files created won't be assigned security contexts. Switching to permissive mode is better than disabling SELinux entirely, and can be done temporarily with /usr/sbin/setenforce 0 without needing to touch /etc/selinux/config or reboot. That continues to label files but allows all accesses and just logs the denials for review in the audit.log. Assuming that this file is just a temporary cache, I'd suggest removing it (or moving it aside), and then restart the process that created it in the first place with SELinux enabled (but permissive, if necessary). Possibly fixfiles relabel needs to purge /var/tmp as well as /tmp? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
