removing context

Brian Krusic brian at krusic.com
Wed Jul 8 20:41:09 UTC 2009 

Wow and I mean Wow!

Yoda mang!

Basically;

find . -exec setfattr -h -x security.selinux '{}' \;

... worked!!!

The only diff and it may have been email formatting was there needs to  
be a space between   "{}' and \;   at the end of the command.

Thanks a lot David!

- Brian

On Jul 8, 2009, at 12:34 PM, David P. Quigley wrote:

> On Wed, 2009-07-08 at 12:27 -0700, Brian Krusic wrote:
>> On Jul 8, 2009, at 12:19 PM, Mike Cloaked wrote:
>>
>>>
>>>
>>>
>>> Brian Krusic wrote:
>>>>
>>>> Hi,
>>>>
>>>> When doing an ls -lZ, some files show a security context like;
>>>>
>>>> root:object_r:user_home_t:s0
>>>>
>>>> ... while some don't.
>>>>
>>>> Does any one know how to remove this context either on a file,  
>>>> dir or
>>>> file system level?
>>>>
>>>>
>>>
>>> Why do you want to remove them - if selinux is enforcing (as it
>>> should be in
>>> an up to date version of Fedora ) then all files should have a
>>> context and
>>> your best security is when selinux is set up correctly to work with
>>> your
>>> system.  In F10 selinux did have a number of tweaks needed to get it
>>> going
>>> but in F11 it is likely to need very few tweaks.
>>> -- 
>>> View this message in context: http://www.nabble.com/removing-context-tp24396015p24397663.html
>>> Sent from the Fedora SELinux List mailing list archive at  
>>> Nabble.com.
>>
>> I'm glad you asked the question.
>>
>> I have selinux disabled first and foremost.
>>
>> However the context labels still exist on some files which cause a
>> problem doing dump/restore over NFS.
>>
>> Let me explain;
>>
>> While dump/restore works over NFS in general, they don't work with
>> selinux context so I keep getting errors like;
>>
>> restore: ./etc/ysyconfig/network-scripts/ifcfg-eth0: EA set
>> security.selinux:system_u:object_r:etc_t:s0 failed: Operation not
>> supported.
>>
>> And while the dump/restore works and the files get copied, this error
>> causes my incremental backs to work as full backups.  Also, this
>> muddies my log files which i rely on.  Image half the files on the
>> system kicking out this error.
>>
>> Thanks in advance,
>> - Brian
>>
>>
>>
>>
>>>
>>>
>>> --
>>> fedora-selinux-list mailing list
>>> fedora-selinux-list at redhat.com
>>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>> --
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
> Have you tried something like
>
> cd /
> find . -exec setfattr -h -x security.selinux '{}'\;
>
> I know on an SELinux enabled system this will fail because you can't
> outright remove the security.selinux xattr but if it falls back to the
> generic xattr handlers it should be allowed. I'm not sure how the exec
> directive will handle the -h and -x options so you may have to fiddle
> with that.
>
> - Dave
>

More information about the fedora-selinux-list mailing list