mcs is used in my custom board.
I am asking for some common knowledge on how to use setfiles and restorecon here.
On Tue, Jun 13, 2023 at 8:53 AM Casper <fantom@xxxxxxxxxxxxxxxxx> wrote:
I guess that path is *not* correct (or even the file itself):
/etc/selinux/mcs/contexts/files/file_contexts
This file is *not* provided by the mcstrans rpm. Why did you used it
instead of /etc/selinux/targeted/contexts/files/file_contexts ?
Where does it come from?
Henry Zhang a écrit :
> Vit,
> I can do it with:
> setfiles -v /etc/selinux/mcs/contexts/files/file_contexts /home/root/yolo
>
> Relabeled /home/root/yolo from root:object_r:unlabeled_t:s0 to
> root:object_r:user_home_t:s0
>
> when I use "restorecon -R -v /home/root/yolo"
> Relabeled /sysroot/home/root/yolo from root:object_r:user_home_t:s0 to
> root:object_r:root_home_t:s0
>
> setfiles relabels yolo back to user_home_t
> and
> restorecon relabels yolo back to root_home_t
>
> Should setfiles or restorecon be used for me?
>
> ---henry
> On Mon, Jun 12, 2023 at 11:59 PM Vit Mojzis <[1]vmojzis@xxxxxxxxxx> wrote:
>
> > On 6/12/23 17:20, Henry Zhang wrote:
>
> >> Vit,
> >> Thanks for the links.
> >> I can use restorecon to recover to default value if file content is
> >> changed by the chcon command.
> >> But setfiles does nothing when the file is changed by chcon.
> >> May I change something and let setfiles recover it?
>
> > Sure. But you need to specify the full path (unlike when using
> > restorecon, which uses "realpath" to get the full path on its own).
>
> > $ touch yolo
> > $ ls -lZ
> > total 0
> > -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 0 Jun 12
> > 13:05 yolo
> > # chcon -t unlabeled_t yolo
> > $ ls -lZ
> > total 0
> > -rw-r--r--. 1 root root unconfined_u:object_r:unlabeled_t:s0 0 Jun 12
> > 13:05 yolo
> > # setfiles -v /etc/selinux/targeted/contexts/files/file_contexts
> > /home/testuser/yolo
> > Relabeled /home/testuser/yolo from unconfined_u:object_r:unlabeled_t:s0
> > to unconfined_u:object_r:user_home_t:s0
>
> > Vit
>
> >> ---henry
> >> On Mon, Jun 12, 2023 at 6:15 AM Vit Mojzis <[2]vmojzis@xxxxxxxxxx>
> >> wrote:
>
> >>> Hi,
> >>> let me walk you through the steps to find this info on your own.
>
> >>> # dnf provides setfiles
> >>> policycoreutils-3.3-4.fc36.x86_64 : SELinux policy core utilities
> >>> # dnf provides restorecon
> >>> policycoreutils-3.3-4.fc36.x86_64 : SELinux policy core utilities
>
> >>> So both utilities are shipped as part of policycoreutils package.
> >>> The package is build from the following repository:
> >>> [3]https://src.fedoraproject.org/rpms/policycoreutils
> >>> The spec file
> >>> ([4]https://src.fedoraproject.org/rpms/policycoreutils/blob/rawhide/f/policycoreutils.spec#_18)
> >>> shows that the source code repository is
> >>> [5]https://github.com/SELinuxProject/selinux
>
> >>> $ git clone [6]https://github.com/SELinuxProject/selinux ; cd selinux
> >>> $ find -name setfiles.c
> >>> ./policycoreutils/setfiles/setfiles.c
>
> >>> This is actually the source file for both tools. Their behavior
> >>> changes
> >>> based on the executable name
> >>> [7]https://github.com/SELinuxProject/selinux/blob/main/policycoreutils/setfiles/setfiles.c#L178
>
> >>> Hope this helps,
> >>> Vit
>
> >>> On 6/8/23 20:01, Henry Zhang wrote:
> >>> > Hi folks,
> >>> >
> >>> > I want to know the difference between setfiles and restorecon.
> >>> > Where can I get source codes of setfiles and restorecon?
> >>> >
> >>> > ---henry
> >>> >
> >>> > _______________________________________________
> >>> > selinux mailing list -- [8]selinux@xxxxxxxxxxxxxxxxxxxxxxx
> >>> > To unsubscribe send an email to
> >>> [9]selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> >>> > Fedora Code of Conduct:
> >>> [10]https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >>> > List Guidelines:
> >>> [11]https://fedoraproject.org/wiki/Mailing_list_guidelines
> >>> > List Archives:
> >>> [12]https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> >>> > Do not reply to spam, report it:
> >>> [13]https://pagure.io/fedora-infrastructure/new_issue
> >>> _______________________________________________
> >>> selinux mailing list -- [14]selinux@xxxxxxxxxxxxxxxxxxxxxxx
> >>> To unsubscribe send an email to
> >>> [15]selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> >>> Fedora Code of Conduct:
> >>> [16]https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> >>> List Guidelines:
> >>> [17]https://fedoraproject.org/wiki/Mailing_list_guidelines
> >>> List Archives:
> >>> [18]https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> >>> Do not reply to spam, report it:
> >>> [19]https://pagure.io/fedora-infrastructure/new_issue
>
> References
>
> Visible links
> 1. mailto:vmojzis@xxxxxxxxxx
> 2. mailto:vmojzis@xxxxxxxxxx
> 3. https://src.fedoraproject.org/rpms/policycoreutils
> 4. https://src.fedoraproject.org/rpms/policycoreutils/blob/rawhide/f/policycoreutils.spec#_18
> 5. https://github.com/SELinuxProject/selinux
> 6. https://github.com/SELinuxProject/selinux
> 7. https://github.com/SELinuxProject/selinux/blob/main/policycoreutils/setfiles/setfiles.c#L178
> 8. mailto:selinux@xxxxxxxxxxxxxxxxxxxxxxx
> 9. mailto:selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> 10. https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> 11. https://fedoraproject.org/wiki/Mailing_list_guidelines
> 12. https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> 13. https://pagure.io/fedora-infrastructure/new_issue
> 14. mailto:selinux@xxxxxxxxxxxxxxxxxxxxxxx
> 15. mailto:selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> 16. https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> 17. https://fedoraproject.org/wiki/Mailing_list_guidelines
> 18. https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> 19. https://pagure.io/fedora-infrastructure/new_issue
> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
--
GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org
CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der
Jabber/XMPP Messaging: casper@xxxxxxxxxxxxxxxxxx
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue