|
----------- a
challenge for selinux------------
Hi fellow selinux uses ... How can you fix labeling when the selinux tools don't allow you to. Selinux commands complain & refuse to work. Tradition selinux commands don't work. IE chcon, restorecon , fixfiles, setfiles etc..I Need an *expert* here, .......... PROBLEM is : my /boot directory has : :boot_t: and :home_root_t: .......... together labled --- see below. and I can't fix it. do we have to edit the "inode" directly?? Having two types on one file I believe should *never* happen but -- it has. Should be one ":boot_t:" or the other ":home_root_t:" but never *both*! I think I know how it happened -- but that's not the issue right now -- how do you fix it?? The security of selinux normaly is designed to prevent adhoc changes --- so this is why it is difficult... but with root password their would be a solution somehow. Thx Roger Salisbury Below is the setfiles display: /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /boot/lost\+found/.*. /etc/selinux/targeted/contexts/files/file_contexts: Multiple different specifications for /boot (system_u:object_r:home_root_t:s0 and system_u:object_r:boot_t:s0). /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /boot/\.journal. /etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications for /boot/lost\+found. setfiles: labeling files under /boot setfiles: labeling files under /boot matchpathcon_filespec_eval: hash table stats: 28 elements, 28/65536 buckets used, longest chain length 1 setfiles: Done. |
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
