restorecon vs. setfiles
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 25 16:56:22 UTC 2004
Stephen Smalley wrote:
>On Fri, 2004-06-25 at 12:34, Gary Peck wrote:
>
>
>>Looks like a similar bug might be present in rpm, or at least the end
>>result is similar. Whenever I install new RPM's from Rawhide, *.so*
>>files get installed with object_r:lib_t context. If I run
>>"/sbin/fixfiles restore" right afterward, they get relabeled back to
>>object_r:shlib_t. Either rpm has an old policy version on the Rawhide
>>build machines, or it's not labeling files correctly.
>>
>>Also, the dev package in Rawhide comes with all files labeled as
>>object_r:device_t. After running fixfiles, some of those get relabeled
>>to the correct object_r:fixed_disk_device_t, object_r:tty_device_t,
>>object_r:sound_device_t, etc. dev should have the correct contexts to
>>begin with. Various files in /usr/sbin also don't have the correct
>>contexts as shipped in the RPM's.
>>
>>This is all with selinux-policy-targeted-1.13.8-1,
>>policycoreutils-1.13.3-2, and rpm-4.3.2-0.4.
>>
>>
>
>I don't believe that rpm is computing file contexts at package build
>time anymore, since there are multiple policies (strict and targeted)
>now. It should instead compute the file contexts when unpacking the
>package based on your local file_contexts configuration, whose path is
>obtained from /usr/lib/rpm/macros using /etc/selinux/config to determine
>the active policy. It seems to be working for me.
>
>
>
Any chance the so files are getting created in a post install script?
rpm should be working the same as restorecon and setfiles.
Dan
More information about the fedora-selinux-list
mailing list