----- Original Message ----- > From: "m roth" <m.roth@xxxxxxxxx> > To: "Jeff Boyce" <jboyce@xxxxxxxxxxxxxxx> > Cc: "SELinux Fedora List" <selinux@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Tuesday, July 14, 2015 1:36:40 PM > Subject: Re: How to (or should I?) change unconfined_u to system_u for a file > > Jeff Boyce wrote: > > Greetings - > <snip> > > The issue: I have two shell files run by cron that rsync our file > > server directories to two backup servers, one on-site (Bison) and one > > off-site. The on-site cron has worked fine for years. I just setup the > > off-site cron and it is blocked by SELinux. Looking at the context of > > the files, the one that works is listed as system_u, while the one that > > fails is listed as unconfined_u. So my first question is, what is the > > proper syntax for changing the context of the second file so that it > > matches the first one. > <snip> > I don't vaguely represent myself as an selinux expert, just someone who's > been fighting, on and off for years, to shut up the AVCs (we're mostly in > permissive mode). > > That said, IIRC, the _u is pretty irrelevant; it's the _t that matters, > and whether the port is labelled correctly.... I assume the firewall's > open. > With regards to labels system_u -> started by a process at boot time unconfined_u -> started/changed by a user running as unconfined_u > mark > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- Simon Sekidde * Red Hat, Inc. * Westford, MA gpg: 5848 958E 73BA 04D3 7C06 F096 1BA1 2DBF 94BC 377E -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
