files without SE Linux labels on a default install - no Anaconda labeling
Ronny Buchmann
ronny-vlug at vlugnet.org
Mon May 16 16:49:49 UTC 2005
On Monday 16 May 2005 16:11, Russell Coker wrote:
> On an SE Linux system barring file system corruption and quota issues every
> file on a regular file system (Ext3 etc) should have a SE Linux label.
>
> As a test I did a default install of FC4T3 in the "Personal Workstation"
> configuration and checked this. Below is the relevant output from setfiles
> -v when relabelling the root file system.
This was after the first start I assume (= at the second reboot)?
> setfiles: relabeling /usr/share/apps/ksplash from system_u:object_r:file_t
> to system_u:object_r:usr_t
> setfiles: relabeling /usr/share/apps/ksplash/Themes from
> system_u:object_r:file_t to system_u:object_r:usr_t
owned by kdebase
> setfiles: relabeling /usr/share/anaconda from system_u:object_r:file_t to
> system_u:object_r:usr_t
> setfiles: relabeling /usr/share/anaconda/pixmaps from
> system_u:object_r:file_t to system_u:object_r:usr_t
> setfiles: relabeling /usr/lib/anaconda-runtime from
> system_u:object_r:file_t to system_u:object_r:lib_t
> setfiles: relabeling /usr/lib/anaconda-runtime/boot from
> system_u:object_r:file_t to system_u:object_r:lib_t
owned by anaconda, anaconda-runtime
rpm issue?
> setfiles: relabeling /usr/X11R6/lib/X11/locale/pt_BR.UTF-8 from
> system_u:object_r:file_t to system_u:object_r:lib_t
should be owned by xorg-x11-libs
> setfiles: relabeling /root/install.log from system_u:object_r:file_t to
> root:object_r:user_home_t
> setfiles: relabeling /root/install.log.syslog from
> system_u:object_r:file_t to root:object_r:user_home_t
this is from anaconda
> setfiles: relabeling /etc/ssh/ssh_host_key from
> system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
> setfiles: relabeling /etc/ssh/ssh_host_rsa_key from
> system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
> setfiles: relabeling /etc/ssh/ssh_host_dsa_key from
> system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
these are generated on first start of sshd
> setfiles: relabeling /etc/asound.conf from system_u:object_r:etc_runtime_t
to system_u:object_r:etc_t
kudzu or firstboot?
> setfiles: relabeling /etc/shadow from system_u:object_r:etc_t to
system_u:object_r:shadow_t
> setfiles: relabeling /etc/gshadow- from system_u:object_r:etc_t to
system_u:object_r:shadow_t
anaconda
> setfiles: relabeling /etc/cups/cupsd.conf from
system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
> setfiles: relabeling /etc/cups/printers.conf from
system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
> setfiles: relabeling /etc/cups/cupsd.conf.save from
system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
?
> setfiles: relabeling /etc/aliases.db from system_u:object_r:etc_t to
system_u:object_r:etc_aliases_t
sendmail init script?
> setfiles: relabeling /etc/shadow- from system_u:object_r:etc_t to
system_u:object_r:shadow_t
> setfiles: relabeling /etc/gshadow from system_u:object_r:etc_t to
system_u:object_r:shadow_t
anaconda
> setfiles: relabeling /etc/.pwd.lock from system_u:object_r:etc_t to
system_u:object_r:shadow_t
?
> setfiles: relabeling /etc/dhclient-eth0.conf from
system_u:object_r:etc_runtime_t to system_u:object_r:dhcp_etc_t
anaconda?
> setfiles: relabeling /etc/sysconfig/mouse from
system_u:object_r:etc_runtime_t to system_u:object_r:etc_t
anaconda?
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.dep from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.ieee1394map
from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.usbmap from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.inputmap from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.isapnpmap from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.symbols from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.ccwmap from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.alias from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /lib/modules/2.6.11-1.1286_FC4/modules.pcimap from
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles: relabeling /home/rjc from system_u:object_r:home_root_t to
user_u:object_r:user_home_dir_t
firstboot?
> setfiles: relabeling /var/run/sm-client.pid from
system_u:object_r:initrc_var_run_t to system_u:object_r:sendmail_var_run_t
sendmail init script
> setfiles: relabeling /var/log/lastlog from system_u:object_r:var_log_t to
system_u:object_r:lastlog_t
> setfiles: relabeling /var/log/btmp from system_u:object_r:var_log_t to
system_u:object_r:faillog_t
initscripts?
> setfiles: relabeling /var/log/mail from system_u:object_r:var_log_t to
system_u:object_r:sendmail_log_t
should be owned by some package (i.e. sendmail)
--
http://LinuxWiki.org/RonnyBuchmann
More information about the fedora-devel-list
mailing list