-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/28/2010 09:35 PM, Dominick Grift wrote: > On 12/28/2010 09:31 PM, Vadym Chepkov wrote: > >> On Dec 24, 2010, at 12:01 PM, Vadym Chepkov wrote: > >>> Hi, >>> >>> It seems for some reason selinux-targeted policy on Fedora doesn't install razor policy and, furthermore, removes it if razor module was installed. >>> I guess it is done for simplicity, to have just one "spam" domain. But, somehow the proper labeling was forgotten: >>> >>> selinux-policy-targeted-3.9.7-18.fc14.noarch >>> >>> # ls -Z /usr/bin/razor-* >>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-admin >>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-check >>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-client >>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-report >>> -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /usr/bin/razor-revoke >>> >>> # ls -dZ /home/vchepkov/.razor >>> drwxr-xr-x. vchepkov users unconfined_u:object_r:user_home_t:s0 /home/vchepkov/.razor >>> >>> # ls -dZ /root/.razor >>> drwxr-xr-x. root root system_u:object_r:admin_home_t:s0 /root/.razor >>> >>> >>> Vadym >>> >>> P.S. On related note, how do $HOME files get their labeling? It depends, When all is right then files in Home get created with the proper contexts by means of "type transitions" basically rules. example: if a process with type pyzor_t creates a file in a directory with type user_home_dir_t then "type transition" from user_home_dir_t to pyzor_home_t. But in gnome-session there is also restorecond -u watching contexts in home. Basically it compares contexts in home with whats defined in semanage fcontext (or homedir.template) and resets contexts accordingly. (this is some hack to ensure that user home dir content is labelled properly) >>> # semanage fcontext -l|grep pyzor >>> has reference only to >>> /root/\.pyzor(/.*)? all files system_u:object_r:pyzor_home_t:s0 >>> >>> but, directory gets proper labeling: >>> >>> # ls -dZ /home/vchepkov/.pyzor >>> drwx------. vchepkov users unconfined_u:object_r:spamc_home_t:s0 /home/vchepkov/.pyzor >>> >>> >>> > >> I wonder if e-mail got lost. > > I think i replied to this message earlier. So for me it was not lost. > >> Shall I just open a bugzilla about it? > > Yes i think that may be the best solution (bugzilla.redhat.com in the > selinux-policy component) > > Looks like somehow fedora has not installed the pyzor/razor policy > module or did it wrong. > >> Thanks, >> Vadym > >> -- >> selinux mailing list >> selinux@xxxxxxxxxxxxxxxxxxxxxxx >> https://admin.fedoraproject.org/mailman/listinfo/selinux > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk0aSz8ACgkQMlxVo39jgT+u1QCfVLjLxlwugdnk6D848loHovF4 ShgAn11QNQsc5YrnIsP8cHS8GwnVLMTF =l1Nt -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
