-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/11/2014 04:05 PM, Jayson Hurst wrote: > I don't think its is inheriting its file context from the parent directory. > There is an explicit entry in the > /etc/selinux/targeted/contexts/files/file_contexts for > /var/opt/quest/vas/vasd(/.*)? > > So if I want to set my own file context on this directory via a SELinux > module I cannot because it fails to install. How do I manage this problem > for others who wish to install the module? > Right, I think you need to work with upstream or put an semanage fcontext -m in your post install rather then shipping the label in your fc file. >> Date: Tue, 11 Feb 2014 09:36:03 -0500 From: dwalsh@xxxxxxxxxx To: >> swazup@xxxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: File >> context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be >> deleted >> >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 02/10/2014 08:42 PM, Jayson Hurst wrote: >>> I am trying to create a policy for vasd but I cannot set my own >>> fcontext for /var/opt/quest/vas/vasd(/.*)? because I get the following >>> error: >>> >>> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different >>> specifications for /var/opt/quest/vas/vasd(/.*)? >>> (system_u:object_r:qasd_var_auth_t:s0 and >>> system_u:object_r:var_auth_t:s0) >>> >>> When I attempt to delete the file context I get: >>> >>> $ semanage fcontext -d "/var/opt/quest/vas/vasd(/.*)?" >>> /usr/sbin/semanage: File context for /var/opt/quest/vas/vasd(/.*)? is >>> defined in policy, cannot be deleted >>> >>> I don't know who or what has already installed this file context, but I >>> am not able to work around it and it is causing problems with my module >>> who is the true owner of the file directory in question. >>> >>> Is there was way to find out how this file context was created and by >>> what? Also how do I remove it so I can define the directories file >>> context correctly? >>> >>> >>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >> You could modify it, or work with Fedora/upstream to get your policy in -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlL6kmoACgkQrlYvE4MpobNEDQCeI0DjpEnTgUUcA1QHPrAV59HO VbEAoOjrPBfABlcXB3fdtQ2EMFoVOIZG =i9ay -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
