How to (or should I?) change unconfined_u to system_u for a file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings -
I essentially have two questions here. First, I have a file that needs the context changed and I don't have a clear understanding of the proper syntax that should be used. Second, after doing some additional reading through the SELinux manual and some Google searching, I realized that I may be taking the wrong approach with this file. Then I ran across Dan Walsh's blog dated April 23, 2013 (Subject: What is the differences between user_home_dir_t and user_home_t) and realize that I am likely not doing something the appropriate way. So I am looking for someone to educate me on my error, the risks involved, and the proper approach I should be using.
The issue: I have two shell files run by cron that rsync our file server directories to two backup servers, one on-site (Bison) and one off-site. The on-site cron has worked fine for years. I just setup the off-site cron and it is blocked by SELinux. Looking at the context of the files, the one that works is listed as system_u, while the one that fails is listed as unconfined_u. So my first question is, what is the proper syntax for changing the context of the second file so that it matches the first one. 

[root@sequoia home]# pwd
/home
[root@sequoia home]# ls -lZ | grep RsyncS
-rwxr--r--. root root system_u:object_r:home_root_t:s0 RsyncSequoiaToBison.sh -rwxr--r--. root root unconfined_u:object_r:home_root_t:s0 RsyncSequoiaToOffsite.sh
Looking from a wider perspective, I have these shell files located in /home. I am speculating now that for my objective, this might not be the appropriate location for them, and is probably why SELinux is blocking the new one I created for the off-site backup. So my second question is more philosophical regarding what should be the location for a shell file that is used by cron to rsync our files to a backup server.
Thanks, and please cc me directly as I only receive the daily digest from the mailing list. 

Jeff

--

Jeff Boyce
Meridian Environmental
www.meridianenv.com

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux