files without SE Linux labels on a default install - no Anaconda labeling

Russell Coker russell at coker.com.au
Mon May 16 14:11:39 UTC 2005 

On an SE Linux system barring file system corruption and quota issues every 
file on a regular file system (Ext3 etc) should have a SE Linux label.

As a test I did a default install of FC4T3 in the "Personal Workstation" 
configuration and checked this.  Below is the relevant output from setfiles 
-v when relabelling the root file system.

It seems to me that /usr/share/apps/ksplash, /usr/share/apps/ksplash/Themes,
/usr/share/anaconda, /usr/share/anaconda/pixmaps, /usr/lib/anaconda-runtime,
/usr/lib/anaconda-runtime/boot, and the install logs are created by Anaconda 
which doesn't apply SE Linux labels.  Would it be possible to get Anaconda 
changed to apply labels to files and directories that it creates?

I have no idea why the Portuguese Brazilian language file didn't get a label 
when all the other language files did.

I have attached a list of all the files which aren't correctly labeled after a 
default targeted install which I haven't dealt with in other messages.  NB 
this includes /etc/shadow...

setfiles:  relabeling /usr/share/apps/ksplash from system_u:object_r:file_t to 
system_u:object_r:usr_t
setfiles:  relabeling /usr/share/apps/ksplash/Themes from 
system_u:object_r:file_t to system_u:object_r:usr_t
setfiles:  relabeling /usr/share/anaconda from system_u:object_r:file_t to 
system_u:object_r:usr_t
setfiles:  relabeling /usr/share/anaconda/pixmaps from 
system_u:object_r:file_t to system_u:object_r:usr_t
setfiles:  relabeling /usr/lib/anaconda-runtime from system_u:object_r:file_t 
to system_u:object_r:lib_t
setfiles:  relabeling /usr/lib/anaconda-runtime/boot from 
system_u:object_r:file_t to system_u:object_r:lib_t
setfiles:  relabeling /usr/X11R6/lib/X11/locale/pt_BR.UTF-8 from 
system_u:object_r:file_t to system_u:object_r:lib_t
setfiles:  relabeling /root/install.log from system_u:object_r:file_t to 
root:object_r:user_home_t
setfiles:  relabeling /root/install.log.syslog from system_u:object_r:file_t 
to root:object_r:user_home_t

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
-------------- next part --------------
setfiles:  relabeling /usr/share/apps/ksplash from system_u:object_r:file_t to system_u:object_r:usr_t
setfiles:  relabeling /usr/share/apps/ksplash/Themes from system_u:object_r:file_t to system_u:object_r:usr_t
setfiles:  relabeling /usr/share/anaconda from system_u:object_r:file_t to system_u:object_r:usr_t
setfiles:  relabeling /usr/share/anaconda/pixmaps from system_u:object_r:file_t to system_u:object_r:usr_t
setfiles:  relabeling /usr/lib/anaconda-runtime from system_u:object_r:file_t to system_u:object_r:lib_t
setfiles:  relabeling /usr/lib/anaconda-runtime/boot from system_u:object_r:file_t to system_u:object_r:lib_t
setfiles:  relabeling /usr/X11R6/lib/X11/locale/pt_BR.UTF-8 from system_u:object_r:file_t to system_u:object_r:lib_t
setfiles:  relabeling /root/install.log from system_u:object_r:file_t to root:object_r:user_home_t
setfiles:  relabeling /root/install.log.syslog from system_u:object_r:file_t to root:object_r:user_home_t
setfiles:  relabeling /etc/ssh/ssh_host_key from system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
setfiles:  relabeling /etc/ssh/ssh_host_rsa_key from system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
setfiles:  relabeling /etc/ssh/ssh_host_dsa_key from system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
setfiles:  relabeling /etc/asound.conf from system_u:object_r:etc_runtime_t to system_u:object_r:etc_t
setfiles:  relabeling /etc/shadow from system_u:object_r:etc_t to system_u:object_r:shadow_t
setfiles:  relabeling /etc/gshadow- from system_u:object_r:etc_t to system_u:object_r:shadow_t
setfiles:  relabeling /etc/cups/cupsd.conf from system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
setfiles:  relabeling /etc/cups/printers.conf from system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
setfiles:  relabeling /etc/cups/cupsd.conf.save from system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
setfiles:  relabeling /etc/aliases.db from system_u:object_r:etc_t to system_u:object_r:etc_aliases_t
setfiles:  relabeling /etc/shadow- from system_u:object_r:etc_t to system_u:object_r:shadow_t
setfiles:  relabeling /etc/gshadow from system_u:object_r:etc_t to system_u:object_r:shadow_t
setfiles:  relabeling /etc/.pwd.lock from system_u:object_r:etc_t to system_u:object_r:shadow_t
setfiles:  relabeling /etc/dhclient-eth0.conf from system_u:object_r:etc_runtime_t to system_u:object_r:dhcp_etc_t
setfiles:  relabeling /etc/sysconfig/mouse from system_u:object_r:etc_runtime_t to system_u:object_r:etc_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.dep from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.ieee1394map from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.usbmap from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.inputmap from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.isapnpmap from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.symbols from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.ccwmap from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.alias from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.pcimap from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
setfiles:  relabeling /home/rjc from system_u:object_r:home_root_t to user_u:object_r:user_home_dir_t
setfiles:  relabeling /var/run/sm-client.pid from system_u:object_r:initrc_var_run_t to system_u:object_r:sendmail_var_run_t
setfiles:  relabeling /var/log/lastlog from system_u:object_r:var_log_t to system_u:object_r:lastlog_t
setfiles:  relabeling /var/log/btmp from system_u:object_r:var_log_t to system_u:object_r:faillog_t
setfiles:  relabeling /var/log/mail from system_u:object_r:var_log_t to system_u:object_r:sendmail_log_t

More information about the fedora-devel-list mailing list