On 05/23/2016 03:34 PM, m.roth@xxxxxxxxx wrote: > CentOS 7, updated. > selinux_policy: 3.13.1-60 > selinux_policy_targeted: 3.13.1-60 > > python: SELinux is preventing <blah_blah_stupid user path> from getattr > access on the chr_file /dev/ipmi0.#012#012***** Plugin restorecon (90.5 > confidence) suggests ************************#012#012If you want to fix > the label. #012/dev/ipmi0 default label should be ipmi_device_ > Please provide a whole message with AVC denial next time to help to find a solution A context for /dev/ipmi0 is already defined in the policy therefore it should be sufficient to run restorecon: # matchpathcon /dev/ipmi0 /dev/ipmi0 system_u:object_r:ipmi_device_t:s0 # restorecon -v /dev/ipmi0 restorecon reset /dev/ipmi0 context system_u:object_r:device_t:s0->system_u:object_r:ipmi_device_t:s0 > > So I tried: > semanage fcontext -m -t ipmi_device_t /dev/ipmi0 > ValueError: File context for /dev/ipmi0 is not defined > If the file context is not already defined in your local modification, you need to add is, not modify (but it's not the case here as it's already in system policy) # semanage fcontext -a -t ipmi_device_t /dev/ipmi0 Petr
Attachment:
signature.asc
Description: OpenPGP digital signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
