Re: SELinux and user home dirs custom contexts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/31/2016 07:57 PM, info@xxxxxxxxxxxx wrote:
> I'm using SELinux with CentOS 7 for many years but I have problem with labeling of home dirs. In my policy and in semanage fcontext --list|grep '/var/www/hosts/ak-chalupova.cz' I have custom labels of files:
> -----------------------------------------------------------------------------------------------------------------------
> /var/www/hosts/ak-chalupova.cz(/.*)?               all files          system_u:object_r:ak-chalupova_cz_t:s0 
> /var/www/hosts/ak-chalupova.cz/logs(/.*)?          all files          system_u:object_r:ak-chalupova_cz_log_t:s0 
> /var/www/hosts/ak-chalupova.cz/mail(/.*)?          all files          system_u:object_r:ak-chalupova_cz_mail_t:s0 
> /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin(/.*)? all files          system_u:object_r:ak-chalupova_cz_cgi_t:s0 
> /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.fcgi all files          system_u:object_r:ak-chalupova_cz_cgi_exec_t:s0 
> -----------------------------------------------------------------------------------------------------------------------
> but when I run  restorecon -R -v /var/www/hosts/ak-chalupova.cz/ it tries to label all files as user_home_t:
> -----------------------------------------------------------------------------------------------------------------------
> restorecon reset /var/www/hosts/ak-chalupova.cz context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_dir_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/.bash_logout context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/mail context unconfined_u:object_r:ak-chalupova_cz_mail_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/.bash_profile context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/logs context unconfined_u:object_r:ak-chalupova_cz_log_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/logs/access_log context system_u:object_r:ak-chalupova_cz_log_t:s0->system_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/logs/error_log context system_u:object_r:ak-chalupova_cz_log_t:s0->system_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/.bashrc context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin context unconfined_u:object_r:ak-chalupova_cz_cgi_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.ini context unconfined_u:object_r:ak-chalupova_cz_cgi_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.fcgi context unconfined_u:object_r:ak-chalupova_cz_cgi_exec_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/tmp context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0
> restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/www context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0
> -----------------------------------------------------------------------------------------------------------------------
> Whaty I'm doing wrong?
> 
> Thangs in advance.

How is /var/www/hosts/ak-chalupova.cz used? Is it presented in /etc/passwd?

> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> 


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux