SElinux concerning symlink?
mike.cloaked at gmail.com
Thu Jul 24 19:21:18 UTC 2008
Stuart Sears <stuart <at> sjsears.com> writes:
> how, exactly?
> These are the labels on my system (using ls -Z):
> /home/* system_u:object_r:user_home_dir_t:s0
> /home/USER/* system_u:object_r:user_home_t:s0
> /home system_u:object_r:home_root_t:s0
> whereas files in /opt/local seem to get labelled like this:
> /opt/local/* unconfined_u:object_r:usr_t:s0
> or this system_u:object_r:usr_t:s0
My file contexts are:
[mike at lapmike2 mike]$ ls -Zd /opt/Local/home
drwxr-xr-x root root system_u:object_r:file_t:s0 /opt/Local/home
[mike at lapmike2 mike]$ ls -Zd /home
lrwxrwxrwx root root unconfined_u:object_r:root_t:s0 /home -> /opt/Local/home
[mike at lapmike2 mike]$ ls -Zd /home/mike
drwx------ mike mike system_u:object_r:user_home_dir_t:s0 /home/mike
[mike at lapmike2 mike]$ ls -Zd /opt/Local/home/mike
drwx------ mike mike system_u:object_r:user_home_dir_t:s0 /opt/Local/home/mike
[mike at lapmike2 mike]$ ls -Zd /home/mike/.bash_profile
-rw-r--r-- mike mike system_u:object_r:user_home_t:s0 /home/mike/.bash_profile
> have you tried relabelling the homedirs and their contents in
> /opt/local/home appropriately?
I am not sure what is appropriate here?
> what did you try to change it to?
I notice from your post that my /opt/Local/home has a type file_t whereas
yours was home_root_t - maybe I need to change this?
The subdirectories seem the same as you quoted.
> 1. yum install setroubleshoot
> 2. service setroubleshoot start
> 3. then ssh in
> 4. look in /var/log/messages on your machine for lines containing 'sealert'
> (or just run sealert -b if you have a graphical desktop)
Yes this gives messages in /var/log/messages that selinux is preventing
access to files with label file_t - which suggests that your context was
right for /opt/Local/home and mine is wrong!
I will change that context and try again.
More information about the fedora-list