Greetings,
I have a custom policy that has a label for a directory and all its
contents, except for one specific sub-directory that uses a more
specific type. When a file is created in that sub-directory, it gets
the general label instead of the specific one.
It looks wrong, and at least restorecon seems to agree because it will
happily relabel the offending file, meeting my expectations. I must be
doing something wrong, probably missing something, but I have no idea
what.
Or could it be a bug? The kernel module could be evaluating rules in a
different order, hence the discrepancy at file creation time. In my
policy file contexts are sorted from least to most specific.
Anyway, I can't share that, so I made a minimal reproducer:
https://github.com/dridi/selinux-lostlabel
Any help appreciated, I tried really hard to understand what is going
on, to no avail. The only similar search result was wrong labels in
home directories showing up in several places but I couldn't find my
nugget there.
I initially sent an email and it's not showing up in the archive, so
instead I subscribed to the list and started a new thread using the
Hyperkitty interface. Apologies in advance if you receive it twice.
Thanks,
Dridi
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
