make relabel > restorecon

[Daniel J Walsh]

Steve Brueckner wrote:

>Daniel J Walsh wrote:
>  
>
>>Steve Brueckner wrote:
>>
>>    
>>
>>>I have a file
>>>/etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc
>>>that contains the following line only:
>>>
>>>/tspi/usr/local/bin/dillo	--	system_u:object_r:tspi_dillo_exec_t
>>>
>>>When I do # make reload and then # make relabel the system correctly
>>>labels the file and adds the above line to the master file_contexts
>>>file. 
>>>
>>>However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
>>>the file's type reverts to default_t
>>>
>>>Any ideas on why this is happening?
>>>
>>>
>>>      
>>>
>>I take it you have a domains/program/tspi_dillo.te file?
>>
>>grep dillo /etc/selinux/targeted/context/files/*
>>
>>    
>>
>
>Yes, I have /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
>which declares the tspi_dillo_exec_t.
>
>However, I think your grep showed me where the problem lies.  There are two
>file_contexts files:
>/etc/selinux/targeted/src/policy/file_contexts/file_contexts
>/etc/selinux/targeted/context/files/file_contexts
>
>And a diff shows that the former has the context for dillo and the latter
>does not.  I was apparently mistaken earlier when I said that the "master"
>file_contexts file contains the line in question.
>
>So my question now becomes how does the former get updated?  I've done make
>reload and make relabel but it seems that neither is updating
>/etc/selinux/targeted/context/files/file_contexts.
>
>Thanks,
>
> - Steve Brueckner, ATC-NY
>  
>
That is strange.  Make reload should have copied the your file_context over.

Try make -W users load
See if the file_context gets replaced.  Any chance of clock skew on your 
machine.

--