Problem with restorecon
Daniel J Walsh
dwalsh at redhat.com
Tue Dec 2 20:49:19 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Konrad Azzopardi wrote:
> Hi people,
>
> i have the following policy version installed
> selinux-policy-3.3.1-107.fc9.noarch
> selinux-policy-devel-3.3.1-107.fc9.noarch
> selinux-policy-targeted-3.3.1-107.fc9.noarch
>
> I create an Selinux policy and generated the following filecontexts
>
> [root at MALTA konsu]# semanage fcontext -l | grep yule
> /etc/init.d/yule regular file
> system_u:object_r:yule_script_exec_t:s0
> /var/run/yule.pid regular file
> system_u:object_r:yule_var_run_t:s0
> /var/log/yule(/.*)? regular file
> system_u:object_r:yule_log_t:s0
> /var/lib/yule(/.*)? regular file
> system_u:object_r:yule_var_lib_t:s0
> /etc/yulerc regular file
> system_u:object_r:yule_config_t:s0
> /usr/local/sbin/yule regular file
> system_u:object_r:yule_exec_t:s0
>
> Allt he files seems to become labelled normally as expected except
> /etc/init.d/yule
>
> [root at MALTA konsu]# restorecon -R -v /etc/init.d/yule
> [root at MALTA konsu]# ls -lrtZ /etc/init.d/yule
> -rwx------ root root system_u:object_r:initrc_exec_t:s0 /etc/init.d/yule
>
> I cannot get rid of initrc_exec_t. Although my script is still
> confined correctly, I would like to label this file normally, is there
> a reason why restorecon fails ?
>
> many thanks
> konrad
>
>
>
> fedora-selinux-list
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Make sure you escape the "."s The regular expression matching does not
always work as expected.
/etc/init\.d/yule regular file
system_u:object_r:yule_script_exec_t:s0
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk1n08ACgkQrlYvE4MpobM2wwCePyFIGH8o2ZstmxdYFJ5eXE2r
vFIAoKv7XAslgUGEs0Rc27TnLMFPBzs0
=Q+CX
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list