Does SETroubleshoot speak to SEBool?

Arthur Dent selinux.list at troodos.demon.co.uk
Mon Feb 2 16:52:07 UTC 2009 

On Mon, Feb 02, 2009 at 05:34:47PM +0100, Dominick Grift wrote:
> I think, but not sure, that your home space is mislabeled ( especially
> pyzor_home_t). if my memory serves me correct then labeling for that
> location has recently changes. It seems that setroubleshoot hasnt been
> updated to reflect this change yet.
> 
> to fix, restorecon -R -v /home, might fix this issue.
> 
> hth

Thanks for that suggestion. I tried it, and there were indeed some files
that got relabelled - but not the pyzor ones. Do you think that the ones
that did are significant in this issue? (Output listed below).

I have already created a local policy using audit2allow and this
produced the following:

require {
	type user_pyzor_home_t;
	type spamd_t;
	class file { read getattr };
}

#============= spamd_t ==============
allow spamd_t user_pyzor_home_t:file { read getattr };


Do you think I still need this local policy?

Thanks for your help...

Mark

Output of the relabelling (apologies for the line-wrap)...

restorecon -R -v /home
restorecon reset
/home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecrm1200.600pk
context
unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
restorecon reset
/home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ectt1000.600pk
context
unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
restorecon reset
/home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecbx1200.600pk
context
unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
restorecon reset
/home/mark/.texlive2007/texmf-var/fonts/pk/ljfour/jknappen/ec/ecrm1000.600pk
context
unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:user_home_t:s0
restorecon reset /home/mark/.spamassassin context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset /home/mark/.spamassassin/bayes_toks.expire2474 context
system_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset /home/mark/.spamassassin/bayes_journal context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset
/home/mark/.spamassassin/bayes.lock.troodos.org.uk.20547 context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset /home/mark/.spamassassin/user_prefs context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset
/home/mark/.spamassassin/bayes.lock.troodos.org.uk.23935 context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset /home/mark/.spamassassin/bayes_seen context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset /home/mark/.spamassassin/bayes_toks context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_spamassassin_home_t:s0
restorecon reset /home/mark/.Xauthority context
unconfined_u:object_r:user_home_t:s0->system_u:object_r:user_xauth_home_t:s0
 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090202/6ed8aa0f/attachment.sig>

More information about the fedora-selinux-list mailing list