Re: Trying to set context on a FIFO for nut_upsmon_t process

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi

You appear to be running an el8 (clone) and on my Rocky Linux 8 system I ran

[root@rhel8 ~]# semanage fcontext -l | grep nut_
/etc/ups(/.*)?                                     all files          system_u:object_r:nut_conf_t:s0 /sbin/upsdrvctl                                    regular file       system_u:object_r:nut_upsdrvctl_exec_t:s0 /usr/lib/systemd/system/nut.*                      regular file       system_u:object_r:nut_unit_file_t:s0 /usr/sbin/blazer_usb                               regular file       system_u:object_r:nut_upsdrvctl_exec_t:s0 /usr/sbin/upsd                                     regular file       system_u:object_r:nut_upsd_exec_t:s0 /usr/sbin/upsdrvctl                                regular file       system_u:object_r:nut_upsdrvctl_exec_t:s0 /usr/sbin/upsmon                                   regular file       system_u:object_r:nut_upsmon_exec_t:s0 /var/run/nut(/.*)?                                 all files          system_u:object_r:nut_var_run_t:s0
I am wondering if your problem would just go away if you moved your FIFO under /var/run/nut where it would automatically be assigned nut_var_run_t 

Or not! :-)

Trevor

On 08/06/2023 20:03, Robert Nichols wrote:

SELinux is not allowing me to set the needed context on a FIFO that will be written by a nut_upsmon_t process. Runnin sesearch to find suitable types yields:
    allow nut_upsmon_t nut_upsmon_t:fifo_file { append getattr ioctl lock open read write };
But, when I try to run "chcon -t nut_upsmon_t /path/to/fifo" I get "permission denied" and an SELinux alert than complains
    If you want to change the label of .alertFIFO2 to nut_upsmon_t, you are not allowed to since it is not a valid file type.
    Then you must pick a valid file label.
    Do
    select a valid file type.  List valid file labels by executing:
    # seinfo -afile_type -x
That returns info for files, not FIFOs.

Once again, SELinux is causing me more problems than any virus would.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux