Ted Toth <txtoth@xxxxxxxxx> writes:
I have something very much like the following in an fc file:
/usr/lib64/python2\.(6|7)/site-packages/xyz/paste --
gen_context(system_u:object_r:jxyz_exec_t,s0)
and I use the same file on el6 and el7. On el6 the file is
labeled as
specified in the python2.6 directory. However on el7 where the
file gets
installed into python2.7 the file is not labeled correctly. On
el7
`semanage fcontext -l | grep xyz` shows the file context
expected but
`matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste` does
not return
the expected context and `restorecon -RFv
/usr/lib64/python2.7/site-packages/xyz` has no affect. The type
xyz_exec_t
exists on both systems. It's probably something stupid I'm doing
but I'm
just not seeing it. Has anyone else experienced similar issues?
There's equivalency rule /usr/lib64 -> /usr/lib on el7:
# semanage fcontext -a -t tmp_t
'/usr/lib64/python2\.(6|7)/site-packages/xyz/paste'
ValueError: File spec
/usr/lib64/python2\.(6|7)/site-packages/xyz/paste conflicts with
equivalency rule '/usr/lib64 /usr/lib'; Try adding
'/usr/lib/python2\.(6|7)/site-packages/xyz/paste' instead
# semanage fcontext -a -t tmp_t
'/usr/lib/python2\.(6|7)/site-packages/xyz/paste'
# matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste
/usr/lib64/python2.7/site-packages/xyz/paste
system_u:object_r:tmp_t:s0
Petr
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
