SELinux and RPM verification
Stephen Smalley
sds at tycho.nsa.gov
Thu Jun 9 20:11:40 UTC 2005
On Thu, 2005-06-09 at 21:51 +0200, Göran Uddeborg wrote:
> Some days ago it was explained here that RPM packages do not include
> the context information for the files it contains. Rather it sets
> context according to the current policy.
>
> Occasionally "rpm --verify" puts a "C" in the list of attribute
> checks:
>
> ........C c /root/.bash_logout
>
> That bit isn't documented in the manual page for RPM. My assumption
> was that it meant that the context differed from what the package
> said.
>
> But if the package doesn't say what the context should be, then what
> does it mean?
It means that the context stored in the file's extended attribute on
disk is inconsistent with the file_contexts configuration. To fix,
run /sbin/restorecon on the file(s) in question.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list