-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roger Salisbury wrote: > ----------- a challenge for selinux------------ > > Hi fellow selinux uses ... > > How can you fix labeling when the selinux tools don't allow you to. > > Selinux commands complain & refuse to work. > > Tradition selinux commands don't work. IE chcon, restorecon , fixfiles, > > setfiles etc..I Need an *expert* here, .......... > > PROBLEM is : > > my /boot directory has : > > :boot_t: > > and > > :home_root_t: > > .......... together labled --- see below. > > and I can't fix it. do we have to edit the "inode" directly?? > > Having two types on one file I believe should *never* happen but -- it has. > > Should be one ":boot_t:" or the other ":home_root_t:" but never *both*! > > I think I know how it happened -- but that's not the issue right now -- > how do you fix it?? > The security of selinux normaly is designed to prevent adhoc changes --- so > this is why it is difficult... but with root password their would be a > solution somehow. > > Thx > Roger Salisbury > > > Below is the setfiles display: > > > /etc/selinux/targeted/contexts/files/file_contexts: Multiple same > > specifications for /boot/lost\+found/.*. > > /etc/selinux/targeted/contexts/files/file_contexts: Multiple different > > specifications for /boot (system_u:object_r:home_root_t:s0 and > > system_u:object_r:boot_t:s0). > > /etc/selinux/targeted/contexts/files/file_contexts: Multiple same > > specifications for /boot/\.journal. > > /etc/selinux/targeted/contexts/files/file_contexts: Multiple same > > specifications for /boot/lost\+found. > > setfiles: labeling files under /boot > > setfiles: labeling files under /boot > > matchpathcon_filespec_eval: hash table stats: 28 elements, 28/65536 buckets > > used, longest chain length 1 > > setfiles: Done. > > > > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list This looks like selinux is confused and thinks you have a homedirectory under /boot? Or someone added a context for /boot as home_root_t. is there an entry in /etc/passwd with a homedir of /boot in the path? grep /boot /etc/selinux/targeted/contexts/files/* -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHVCjYrlYvE4MpobMRAiu6AKDIFAL2HPrWHG5c9ddNbd3aYX3HDwCgwSZC FX8YhLW0aRFlO60gSchwDZg= =Kf2p -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
