selinux out smarted itself. "Multiple different specifications" One FILE But two types labled ------------- (system_u:object_r:home_root_t:s0 and system_u:object_r:boot_t:s0).

Daniel J Walsh dwalsh at redhat.com
Mon Dec 3 16:03:37 UTC 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roger Salisbury wrote:
> ----------- a challenge for selinux------------
> 
> Hi fellow selinux uses ...
> 
> How can you fix labeling when the  selinux tools don't allow you to.
> 
> Selinux commands complain & refuse to work.
> 
> Tradition selinux commands don't work. IE chcon, restorecon , fixfiles,
> 
> setfiles  etc..I Need an *expert* here, ..........
> 
> PROBLEM is :
> 
> my /boot directory has :
> 
> :boot_t:
> 
> and
> 
> :home_root_t:
> 
> .......... together labled --- see below.
> 
> and I can't fix it.  do we have to edit the "inode" directly??
> 
> Having two types on one file I believe should *never* happen but -- it has.
> 
> Should be one  ":boot_t:"  or the other ":home_root_t:"  but never *both*!
> 
> I think I know how it happened -- but that's not the issue right now -- 
> how do you fix it??
> The security of selinux normaly is designed to prevent adhoc changes --- so 
> this is why it is difficult... but with root password their would be a 
> solution somehow.
> 
> Thx
> Roger Salisbury
> 
> 
> Below is the setfiles display:
> 
> 
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
> 
> specifications for /boot/lost\+found/.*.
> 
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
> 
> specifications for /boot  (system_u:object_r:home_root_t:s0 and
> 
> system_u:object_r:boot_t:s0).
> 
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
> 
> specifications for /boot/\.journal.
> 
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
> 
> specifications for /boot/lost\+found.
> 
> setfiles: labeling files under /boot
> 
> setfiles:  labeling files under /boot
> 
> matchpathcon_filespec_eval:  hash table stats: 28 elements, 28/65536 buckets
> 
> used, longest chain length 1
> 
> setfiles:  Done. 
> 
> 
> 
> ------------------------------------------------------------------------
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This looks like selinux is confused and thinks you have a homedirectory
under /boot?  Or someone added a context for /boot as home_root_t.

is there an entry in /etc/passwd with a homedir of /boot in the path?

grep /boot /etc/selinux/targeted/contexts/files/*


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHVCjYrlYvE4MpobMRAiu6AKDIFAL2HPrWHG5c9ddNbd3aYX3HDwCgwSZC
FX8YhLW0aRFlO60gSchwDZg=
=Kf2p
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list