-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/10/2013 12:36 PM, Eric Chennells wrote: > Hello, > > I must be missing something in my understanding of selinux but I'm having > problem where the root user can not change the selinux type of a directory. > I am running in targeted mode. > > I was experimenting and changed the type of /tmp/bah to "unconfined_t". I > am now unable to either delete the directory or to change the type back to > "tmp_t " > > chcon -R -t tmp_t /tmp/bah/ > > Results in: > > chcon: failed to change context of `/tmp/bah/' to > `unconfined_u:object_r:tmp_t:s0': Permission denied > > Audit2allow is suggesting "allow unconfined_t self:dir relabelfrom;" but > I don't want to apply that because it seems that would allow all > unconfined files/processes to relabel themselves, is that correct? > > Thanks for any tips. > > Eric > > > Notice of Confidentiality: The information transmitted is intended only for > the person or entity to which it is addressed and may contain confidential > and/or privileged material. Any review, re-transmission, dissemination or > other use of or taking of any action in reliance upon this information by > persons or entities other than the intended recipient is prohibited. If you > received this in error please contact the sender immediately by return > electronic transmission and then immediately delete this transmission > including all attachments without copying, distributing or disclosing the > same. > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > I had written a blog on this previously. http://danwalsh.livejournal.com/54803.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHd1xEACgkQrlYvE4MpobPVVACg0AqFoNGCnnoqSSEfJeCL1K8A 9MMAn1/gxYBYVbEW7KVBV0txHxz7sIwj =ASei -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux