On Sat, Dec 27, 2008 at 5:24 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Xavier Toth wrote: >> On Mon, Dec 22, 2008 at 2:43 PM, David P. Quigley <dpquigl@xxxxxxxxxxxxx> wrote: >>> On Mon, 2008-12-22 at 10:16 -0600, Xavier Toth wrote: >>>> I installed FC10, installed selinux-policy-mls, touched /.autorelabel >>>> and rebooted. Here are the kernel and policy installed: >>>> >>>> [tedx@localhost ~]$ uname -a >>>> Linux localhost.localdomain 2.6.27.7-134.fc10.x86_64 #1 SMP Mon Dec 1 >>>> 22:21:35 EST 2008 x86_64 x86_64 x86_64 GNU/Linux >>>> [tedx@localhost ~]$ rpm -qa | grep selinux-policy >>>> selinux-policy-3.5.13-34.fc10.noarch >>>> selinux-policy-targeted-3.5.13-34.fc10.noarch >>>> selinux-policy-mls-3.5.13-34.fc10.noarch >>>> >>>> >>>> During the relabeling I saw a lot of problems like the following: >>>> >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:userhelper_conf_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:etc_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:dnsmasq_initrc_exec_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:kerneloops_initrc_exec_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:portreserve_etc_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:selinux_config_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:default_context_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:semanage_store_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:admin_home_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:root_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:consolekit_log_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:rpm_log_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:dnsmasq_lease_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:polkit_var_lib_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:rpm_var_lib_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:games_data_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:consolekit_var_run_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:polkit_var_run_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:portreserve_var_run_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:user_home_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:gnome_home_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:gnome_home_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:mozilla_home_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:execmem_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:games_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:mono_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:polkit_resolve_exec_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:polkit_grant_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:polkit_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:polkit_auth_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:gnomeclock_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:openoffice_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:nsplugin_rw_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:nsplugin_config_exec_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:nsplugin_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:mozilla_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:consolekit_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:dnsmasq_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:usernetctl_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:userhelper_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:kerneloops_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:lockdev_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:unconfined_notrans_exec_t:s0 is not valid (left >>>> unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:user_tmp_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> unconfined_u:object_r:xdm_tmp_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: SELinux: Context >>>> system_u:object_r:portreserve_exec_t:s0 is not valid (left unmapped). >>>> Dec 22 10:02:28 localhost kernel: __ratelimit: 81 callbacks suppressed >>>> >>>> Then I logged in and did a ls -laZ of my home directory: >>>> >>>> drwx------ tedx tedx system_u:object_r:user_home_dir_t:s0-s15:c0.c1023 . >>>> drwxr-xr-x root root system_u:object_r:home_root_t:s0-s15:c0.c1023 .. >>>> -rw------- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .bash_history >>>> -rw-r--r-- tedx tedx system_u:object_r:user_home_t:s0 .bash_logout >>>> -rw-r--r-- tedx tedx system_u:object_r:user_home_t:s0 .bash_profile >>>> -rw-r--r-- tedx tedx system_u:object_r:user_home_t:s0 .bashrc >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .cache >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .config >>>> drwx------ tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .dbus >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Desktop >>>> -rw-r--r-- tedx tedx system_u:object_r:xdm_home_t:s0 .dmrc >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Documents >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Download >>>> -rw------- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .esd_auth >>>> drwx------ tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .gconf >>>> drwx------ tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .gconfd >>>> drwxr-xr-x tedx tedx system_u:object_r:user_home_t:s0 .gnome2 >>>> drwx------ tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .gnome2_private >>>> drwxrwxr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .gstreamer-0.10 >>>> -rw-rw-r-- tedx tedx user_u:object_r:user_home_t:s0 .gtk-bookmarks >>>> dr-x------ tedx tedx system_u:object_r:fusefs_t:s0 .gvfs >>>> -rw------- tedx tedx system_u:object_r:iceauth_home_t:s0 .ICEauthority >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .local >>>> drwxr-xr-x tedx tedx system_u:object_r:user_home_t:s0 .mozilla >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Music >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .nautilus >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Pictures >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Public >>>> drwx------ tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .pulse >>>> -rw------- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .pulse-cookie >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Templates >>>> drwxrwxr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .tomboy >>>> -rw-rw-r-- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .tomboy.log >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Videos >>>> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .wapi >>>> -rw------- tedx tedx system_u:object_r:xdm_home_t:s0 .xsession-errors >>>> -rw------- tedx tedx system_u:object_r:xdm_home_t:s0 .xsession-errors.old >>>> >>>> How did these directories and files get relabel unlabeled_t:SystemHigh? >>>> >>>> Ted >>>> >>>> -- >>>> This message was distributed to subscribers of the selinux mailing list. >>>> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with >>>> the words "unsubscribe selinux" without quotes as the message. >>> I believe what you are seeing here is the deferred context mapping >>> support [1]. Essentially what is going on here is that the MLS policy >>> doesn't have those types defined so when the kernel goes to map the >>> contexts it will map them to unlabeled_t. >>> >>> Dave >>> >>> [1]http://lkml.org/lkml/2008/7/7/223 >>> >>> >> >> Thanks now this makes sense to me. I've rebuilt my mls policy to >> include gnome, mozilla and some other modules to get the correct >> labeling on some vital directories like ~/.gconf. However I am >> concerned about some of the remaining unlabel files and directories >> and the impact on the users experience. It seems that the main issue >> is that since in the default targeted policy these files get labeled >> unconfined_u:object_r:user_home_t:s0 and then when you switch to MLS >> because the unconfined modules is not included they get relabel to >> system_u:object_r:unlabeled_t:s15:c0.c1023. Would it be >> possible/reasonable to only change the undefined portion of the >> context to something else for example only change unconfined_u to >> system_u instead of changing and losing the whole context? >> >> >> -rw------- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .bash_history >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .cache >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .config >> drwx------ tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .dbus >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Desktop >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Documents >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Download >> -rw------- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .esd_auth >> drwx------ tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .gnome2_private >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Music >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .nautilus >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Pictures >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Public >> -rw------- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .pulse-cookie >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Templates >> drwxrwxr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .tomboy >> -rw-rw-r-- tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .tomboy.log >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 Videos >> drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:s15:c0.c1023 .wapi >> >> >> Ted >> >> -- >> This message was distributed to subscribers of the selinux mailing list. >> If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with >> the words "unsubscribe selinux" without quotes as the message. > This looks like the labelling of the home directory was unsuccessful? > > If you run restorecon -R -v /home does this clean up the problems? > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iEYEARECAAYFAklWEFwACgkQrlYvE4MpobNuTwCgrSWz3/IuBVLGlBN2a18Lgp2k > AjoAn0Sz6Rxf62MWSjPdrUfsLyre8Kn0 > =0Toc > -----END PGP SIGNATURE----- > Not completely. There are still a number of files and diretories that don't have file context mappings which were labeled unconfined_u in targeted policy and relabeled system_u:object_r:unlabeled_t:SystemHigh in mls policy because unconfined_u isn't defined. The options to deal with this would seem to be: a) change policy to have file context labeling for these files/directories b) have a way to specify the mappings for undefined portions of contexts [tedx@localhost ~]$ sudo /sbin/restorecon -R -v /home /sbin/restorecon reset /home/tedx/.wapi/shared_data-localhost.localdomain-Linux-x86_64-328-12-0 context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.wapi/shared_fileshare-localhost.localdomain-Linux-x86_64-40-12-0 context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/src2/Linux_i386/BUILD/rpmbuild/BUILD/libselinux-2.0.76/man/man8/selinuxconlist.8 context user_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/src2/Linux_i386/BUILD/rpmbuild/BUILD/libselinux-2.0.76/man/man8/selinuxdefcon.8 context user_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.recently-used.xbel context user_u:object_r:nsplugin_home_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.nautilus/saved-session-XTPLMU context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.nautilus/saved-session-N76KMU context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.nautilus/metafiles/x-nautilus-desktop:%2F%2F%2F.xml context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.nautilus/metafiles/file:%2F%2F%2Fmedia.xml context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon: unable to stat file /home/tedx/.gvfs: Permission denied /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/host-index context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/1 context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/1/Tomboy.Tomboy,0.10.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.ExportToHtmlAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.TasqueAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.NoteOfTheDayAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.BacklinksAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.SshSyncServiceAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.InsertTimestampAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.WebDavSyncServiceAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.BugzillaAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.FixedWidthAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.StickyNoteImportAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.PrintNotesAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.EvolutionAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-data/global/Tomboy.FileSystemSyncServiceAddin,0.1.maddin context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-dir-data context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-dir-data/usr_lib64_tomboy_addins_671fc10c.data context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.tomboy/addin-db-001/addin-dir-data/usr_lib64_tomboy_5acc0d90.data context user_u:object_r:unlabeled_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/Download/libselinux-2.0.76-5.fc10.src.rpm context user_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.ssh context user_u:object_r:user_home_t:s0->system_u:object_r:ssh_home_t:s0 /sbin/restorecon reset /home/tedx/.ssh/known_hosts context user_u:object_r:user_home_t:s0->system_u:object_r:ssh_home_t:s0 /sbin/restorecon reset /home/tedx/.dmrc context system_u:object_r:xdm_home_t:s0->system_u:object_r:user_home_t:s0 /sbin/restorecon reset /home/tedx/.fontconfig context user_u:object_r:user_home_t:s0->system_u:object_r:fonts_config_home_t:s0 /sbin/restorecon reset /home/tedx/.fontconfig/642ab087ea0ebabea976545ce5d710db-x86-64.cache-2 context user_u:object_r:user_home_t:s0->system_u:object_r:fonts_config_home_t:s0 [tedx@localhost ~]$ ls -laZ | grep unlabeled -rw------- tedx tedx system_u:object_r:unlabeled_t:SystemHigh .bash_history drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh .cache drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh .config drwx------ tedx tedx system_u:object_r:unlabeled_t:SystemHigh .dbus drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Desktop drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Documents drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Download -rw------- tedx tedx system_u:object_r:unlabeled_t:SystemHigh .esd_auth drwx------ tedx tedx system_u:object_r:unlabeled_t:SystemHigh .gnome2_private drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Music drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh .nautilus drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Pictures drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Public -rw------- tedx tedx system_u:object_r:unlabeled_t:SystemHigh .pulse-cookie -rw-rw-r-- tedx tedx system_u:object_r:unlabeled_t:SystemHigh targeted.ls drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Templates drwxrwxr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh .tomboy -rw-rw-r-- tedx tedx system_u:object_r:unlabeled_t:SystemHigh .tomboy.log drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh Videos drwxr-xr-x tedx tedx system_u:object_r:unlabeled_t:SystemHigh .wapi Ted -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
