|
Thanks Dan,
right now I have it at the end of my make/install script. > Date: Tue, 11 Feb 2014 16:13:14 -0500 > From: dwalsh@xxxxxxxxxx > To: swazup@xxxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx > Subject: Re: File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be deleted > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 02/11/2014 04:05 PM, Jayson Hurst wrote: > > I don't think its is inheriting its file context from the parent directory. > > There is an explicit entry in the > > /etc/selinux/targeted/contexts/files/file_contexts for > > /var/opt/quest/vas/vasd(/.*)? > > > > So if I want to set my own file context on this directory via a SELinux > > module I cannot because it fails to install. How do I manage this problem > > for others who wish to install the module? > > > Right, I think you need to work with upstream or put an semanage fcontext -m > in your post install rather then shipping the label in your fc file. > >> Date: Tue, 11 Feb 2014 09:36:03 -0500 From: dwalsh@xxxxxxxxxx To: > >> swazup@xxxxxxxxxxx; selinux@xxxxxxxxxxxxxxxxxxxxxxx Subject: Re: File > >> context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be > >> deleted > >> > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > >> > >> On 02/10/2014 08:42 PM, Jayson Hurst wrote: > >>> I am trying to create a policy for vasd but I cannot set my own > >>> fcontext for /var/opt/quest/vas/vasd(/.*)? because I get the following > >>> error: > >>> > >>> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different > >>> specifications for /var/opt/quest/vas/vasd(/.*)? > >>> (system_u:object_r:qasd_var_auth_t:s0 and > >>> system_u:object_r:var_auth_t:s0) > >>> > >>> When I attempt to delete the file context I get: > >>> > >>> $ semanage fcontext -d "/var/opt/quest/vas/vasd(/.*)?" > >>> /usr/sbin/semanage: File context for /var/opt/quest/vas/vasd(/.*)? is > >>> defined in policy, cannot be deleted > >>> > >>> I don't know who or what has already installed this file context, but I > >>> am not able to work around it and it is causing problems with my module > >>> who is the true owner of the file directory in question. > >>> > >>> Is there was way to find out how this file context was created and by > >>> what? Also how do I remove it so I can define the directories file > >>> context correctly? > >>> > >>> > >>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > >>> https://admin.fedoraproject.org/mailman/listinfo/selinux > >>> > >> You could modify it, or work with Fedora/upstream to get your policy in > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlL6kmoACgkQrlYvE4MpobNEDQCeI0DjpEnTgUUcA1QHPrAV59HO > VbEAoOjrPBfABlcXB3fdtQ2EMFoVOIZG > =i9ay > -----END PGP SIGNATURE----- |
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
