Strange restriction for setfiles_t

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I find it odd that a setfiles_t process is allowed to read user_home_t
files but not admin_home_t.  So, to use "semanage -i ..." I need to
store the file in a less protected location?
(Or use "cat xxx | semanage -i", of course.)
type=AVC msg=audit(1420507367.059:518): avc: denied { read } for pid=13112 comm="setfiles" path="/root/SElinux/contexts" dev=dm-0 ino=560291 scontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file 

selinux-policy-3.7.19-260.el6_6.1.noarch
selinux-policy-targeted-3.7.19-260.el6_6.1.noarch

--
Bob Nichols     "NOSPAM" is really part of my email address.
                Do NOT delete it.

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux