Al Pacifico wrote:
This is related to the daemon question I asked earlier.
I created a problem using policygentool by specifying that a log file
is written to by two different binaries with different policies. My
thread about "Helper program for a daemon" provides some context (no
pun intended).
I didn't realize that installing the policy would change the file
context specification database (although it makes perfect sense in
retrospect). Now, I've inadvertently specified that
/var/log/slimserver be labelled under two different contexts in
/etc/selinux/targeted/contexts/files/file_contexts and wish to remove
the second set of entries.
Output of setfiles -n
/etc/selinux/targeted/contexts/files/file_contexts $filename includes
several messages of the form:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /var/log/slimserver
(system_u:object_r:slimserver_scanner_var_log_t and
system_u:object_r:slimserver_var_log_t).
My policy module didn't install correctly because of this error, but
the file contexts specification is now incorrect. What is the best way
to correct this?
1. Just use sed or vi to eliminate the second specification?
2.Remove both installed policies that I wrote (which are the only
non-stock policy modules installed on my FC5 box) using semodule and
restore /etc/selinux/targeted/contexts/files/file_contexts from the
rpm package file?
Keep in mind I'm doing this over ssh to a box with no GUI, so I must
use the command line, vi, etc.
semanage fcontext -d /var/log/slimserver
-al
--
Al Pacifico
Seattle, WA
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
