RE: File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be deleted

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I don't think its is inheriting its file context from the parent directory. There is an explicit entry in the /etc/selinux/targeted/contexts/files/file_contexts for 
/var/opt/quest/vas/vasd(/.*)? 

So if I want to set my own file context on this directory via a SELinux module I cannot because it fails to install. How do I manage this problem for others who wish to install the module?

> Date: Tue, 11 Feb 2014 09:36:03 -0500
> From: dwalsh@xxxxxxxxxx
> To: swazup@xxxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Subject: Re: File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be deleted
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/10/2014 08:42 PM, Jayson Hurst wrote:
> > I am trying to create a policy for vasd but I cannot set my own fcontext
> > for /var/opt/quest/vas/vasd(/.*)? because I get the following error:
> >
> > /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
> > specifications for /var/opt/quest/vas/vasd(/.*)?
> > (system_u:object_r:qasd_var_auth_t:s0 and system_u:object_r:var_auth_t:s0)
> >
> > When I attempt to delete the file context I get:
> >
> > $ semanage fcontext -d "/var/opt/quest/vas/vasd(/.*)?" /usr/sbin/semanage:
> > File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot
> > be deleted
> >
> > I don't know who or what has already installed this file context, but I am
> > not able to work around it and it is causing problems with my module who is
> > the true owner of the file directory in question.
> >
> > Is there was way to find out how this file context was created and by what?
> > Also how do I remove it so I can define the directories file context
> > correctly?
> >
> >
> > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
> You could modify it, or work with Fedora/upstream to get your policy in.
> Basically this directory needs to be written to by login programs so we
> labeled it var_auth_t.
>
> I think
>
> semanage fcontext -m -t qasd_var_auth_t "/var/opt/quest/vas/vasd(/.*)?"
> Would work.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlL6NVMACgkQrlYvE4MpobNVzwCgk7wCVkGNCrtcxH+TjgBpeIFH
> tF4AnjXQWMGVGGgzKCWxPM2QQX12+woW
> =L+/4
> -----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux