Re: removing context

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Wow and I mean Wow!

Yoda mang!

Basically;

find . -exec setfattr -h -x security.selinux '{}' \;

... worked!!!

The only diff and it may have been email formatting was there needs to be a space between "{}' and \; at the end of the command.

Thanks a lot David!

- Brian

On Jul 8, 2009, at 12:34 PM, David P. Quigley wrote:

On Wed, 2009-07-08 at 12:27 -0700, Brian Krusic wrote:
On Jul 8, 2009, at 12:19 PM, Mike Cloaked wrote:




Brian Krusic wrote:

Hi,

When doing an ls -lZ, some files show a security context like;

root:object_r:user_home_t:s0

... while some don't.

Does any one know how to remove this context either on a file, dir or
file system level?



Why do you want to remove them - if selinux is enforcing (as it
should be in
an up to date version of Fedora ) then all files should have a
context and
your best security is when selinux is set up correctly to work with
your
system.  In F10 selinux did have a number of tweaks needed to get it
going
but in F11 it is likely to need very few tweaks.
--
View this message in context: http://www.nabble.com/removing-context-tp24396015p24397663.html
Sent from the Fedora SELinux List mailing list archive at Nabble.com.

I'm glad you asked the question.

I have selinux disabled first and foremost.

However the context labels still exist on some files which cause a
problem doing dump/restore over NFS.

Let me explain;

While dump/restore works over NFS in general, they don't work with
selinux context so I keep getting errors like;

restore: ./etc/ysyconfig/network-scripts/ifcfg-eth0: EA set
security.selinux:system_u:object_r:etc_t:s0 failed: Operation not
supported.

And while the dump/restore works and the files get copied, this error
causes my incremental backs to work as full backups.  Also, this
muddies my log files which i rely on.  Image half the files on the
system kicking out this error.

Thanks in advance,
- Brian






--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


Have you tried something like

cd /
find . -exec setfattr -h -x security.selinux '{}'\;

I know on an SELinux enabled system this will fail because you can't
outright remove the security.selinux xattr but if it falls back to the
generic xattr handlers it should be allowed. I'm not sure how the exec
directive will handle the -h and -x options so you may have to fiddle
with that.

- Dave


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux