restorecon vs. setfiles
Gary Peck
gbpeck at sbcglobal.net
Wed May 19 02:22:49 UTC 2004
For some reason restorecon and setfiles have different notions of what
context certain files should be. For example:
# ls -Z /usr/lib/libz.*
-rwxr-xr-x+ root root system_u:object_r:lib_t /usr/lib/libz.a
lrwxrwxrwx+ root root system_u:object_r:lib_t /usr/lib/libz.so -> libz.so.1.2.1.1
lrwxrwxrwx root root system_u:object_r:lib_t /usr/lib/libz.so.1 -> libz.so.1.2.1.1
-rwxr-xr-x root root system_u:object_r:shlib_t /usr/lib/libz.so.1.2.1.1
# restorecon -v /usr/lib/libz.*
restorecon set context /usr/lib/libz.so->system_u:object_r:shlib_t
restorecon set context /usr/lib/libz.so.1->system_u:object_r:shlib_t
# setfiles -v /etc/security/selinux/file_contexts /usr/lib/libz.*
setfiles: read 1450 specifications
setfiles: labeling files under /usr/lib/libz.a
setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1
setfiles: labeling files under /usr/lib/libz.so
setfiles: relabeling /usr/lib/libz.so from system_u:object_r:shlib_t to system_u:object_r:lib_t
setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1
setfiles: labeling files under /usr/lib/libz.so.1
setfiles: relabeling /usr/lib/libz.so.1 from system_u:object_r:shlib_t to system_u:object_r:lib_t
setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1
setfiles: labeling files under /usr/lib/libz.so.1.2.1.1
setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1
setfiles: Done.
So, restorecon thinks that *.so files should be shlib_t, whereas
setfiles thinks they should be lib_t. Which one is right and why do they
disagree? I thought that they both get their context info from the same
place.
This is with policy-1.11.3-5 and policycoreutils-1.11-4.
gary
More information about the fedora-selinux-list
mailing list