file contexts change on reboot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm not sure, but I think I'm hitting a precedence issue which is
causing files to be relabeled on boot.  The symptom is:

root@lstlinux57 13:32:21 ~> restorecon -R /var/opt/ft/log
root@lstlinux57 13:32:28 ~> ls -lZ
/var/opt/ft/log/libft_sra_alarm_server.log 
-rw-------  root root system_u:object_r:lsb-ft-asn_rw_t
/var/opt/ft/log/libft_sra_alarm_server.log
root@lstlinux57 13:32:36 ~> init 6
root@lstlinux57 13:32:40 ~> logout

Connection to 134.111.82.122 closed.
bash-3.1$ ssh 134.111.82.122 -l root
root@xxxxxxxxxxxxxx's password: 
Last login: Wed Aug 13 13:08:02 2008 from rjlinux2.mno.stratus.com
root@lstlinux57 13:39:22 ~> ls -lZ
/var/opt/ft/log/libft_sra_alarm_server.log 
-rw-------  root root system_u:object_r:var_log_t
/var/opt/ft/log/libft_sra_alarm_server.log
root@lstlinux57 13:39:24 ~> restorecon -R /var/opt/ft/log
root@lstlinux57 13:39:45 ~> ls -lZ
/var/opt/ft/log/libft_sra_alarm_server.log 
-rw-------  root root system_u:object_r:lsb-ft-asn_rw_t
/var/opt/ft/log/libft_sra_alarm_server.log


The situation is a standard RHEL5.2 with all errata applied; plus the
following modifications

I have a local policy modification introduced by one rpm:

    /usr/sbin/semanage fcontext -a -t var_log_t -s system_u
'/var/opt/ft/log'

And a separate policy module containing:

    /var/opt/ft/log/libft_.*	--
gen_context(system_u:object_r:lsb-ft-asn_rw_t,s0)

The net result is:

root@lstlinux57 14:56:56 ~> semanage fcontext -l | grep '/opt/ft'

/var/opt/ft/asn(/.*)?                      all files
system_u:object_r:lsb-ft-asn_rw_t:s0 
/var/opt/ft/log/libft_.*                   regular file
system_u:object_r:lsb-ft-asn_rw_t:s0 
/opt/ft/sbin/sra_alarm                     regular file
system_u:object_r:lsb-ft-asn_exec_t:s0 
/etc/opt/ft/asn/sra_ppp/ASN_CallHome       regular file
system_u:object_r:lsb-ft-asn_script_t:s0 
/etc/opt/ft/asn/sra_ppp/SetUPCallHome      regular file
system_u:object_r:lsb-ft-asn_script_t:s0 
/var/opt/ft/log                            all files
system_u:object_r:var_log_t:s0 
/var/opt/ft/log/snmpd\.log                 all files
system_u:object_r:snmpd_log_t:s0

I suspect that the problem lies with the ordering of those
'/var/opt/ft/log' lines.  Am I on the right track?  How can I sort
things out?

Thx,
--rich

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux