Re: semodule and fixfiles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It depends on what you want things to be able to do with files in
that directory.  If they're only being used by normal users to do
normal user things, you might not need to give them a file context
at all.

As I said, you want to manage it with `semanage fcontext`.

On Wed, Jun 07, 2023 at 01:55:27PM -0700, Henry Zhang wrote:
> Robin,
> 
> The "/run/media/mmcblk0p2" is not listed in the file file_contexts.
> 1. Should I update file_contexts?
> 2. Where does the file_contexts come from and intialized?
> 
> ---henry
> 
> On Wed, Jun 7, 2023 at 11:26 AM Robin Lee Powell <
> rlpowell@xxxxxxxxxxxxxxxxxx> wrote:
> 
> > Exactly what it says; the system stores a list of what files should
> > have which labels, and it doesn't know about that path.  You can see
> > the raw data on what's currently defined at
> > /etc/selinux/targeted/contexts/files/file_contexts and
> > /etc/selinux/targeted/contexts/files/file_contexts.local , although
> > you really should managed them with `semanage fcontext`.
> >
> > On Wed, Jun 07, 2023 at 09:33:21AM -0700, Henry Zhang wrote:
> > > Vit,
> > >
> > > When I do relabel with setfiles and see:
> > > "Warning no default label for /run/media/mmcblk0p2"
> > >
> > > What is wrong?
> > >
> > > ---henry
> > >
> > > On Wed, Jun 7, 2023 at 4:59 AM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
> > >
> > > >
> > > >
> > > > On 6/6/23 23:13, Henry Zhang wrote:
> > > > > Zdenek,
> > > > >
> > > > > fixfiles are used for relabeling.
> > > > > Relabel hints the system was labeled before.
> > > > > But when the system is labeled initially?
> > > > After selinux-policy-targeted (or minimum/mls) is installed. These
> > > > packages contain distribution policy modules (including file context
> > > > definitions).
> > > >
> > > > >
> > > > > In which cases
> > > > > 1. semodule should be called?
> > > > "semodule" is for managing policy modules (install, remove, list,
> > > > enable, disable), so for example when you want to add a custom policy
> > > > module, or list which modules are present in your system.
> > > >
> > > > > 2. fixfiles should be executed?
> > > > After a policy change (new policy module is installed/removed, or new
> > > > file context definition is added using "semanage fcontext"), or after
> > > > mounting a new filesystem.
> > > > Note that relabeling can be done using "fixfiles", "setfiles", or
> > > > "restorecon", all of which use the same underlying code (each is just
> > > > aimed at different use-case).
> > > >
> > > > Hope this helps.
> > > > Vit
> > > > >
> > > > > Thanks.
> > > > >
> > > > > ----henry
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > > > To unsubscribe send an email to
> > selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > > > > Fedora Code of Conduct:
> > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > > > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > > > List Archives:
> > > >
> > https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > > > Do not reply to spam, report it:
> > > > https://pagure.io/fedora-infrastructure/new_issue
> > > > _______________________________________________
> > > > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > > > Fedora Code of Conduct:
> > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > > List Archives:
> > > >
> > https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > > Do not reply to spam, report it:
> > > > https://pagure.io/fedora-infrastructure/new_issue
> > > >
> >
> > > _______________________________________________
> > > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> > > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> > https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > > Do not reply to spam, report it:
> > https://pagure.io/fedora-infrastructure/new_issue
> >
> >
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux