SELinux and RPM verification
Göran Uddeborg
goeran at uddeborg.se
Mon Jun 13 11:05:11 UTC 2005
Stephen Smalley writes:
> It means that the context stored in the file's extended attribute on
> disk is inconsistent with the file_contexts configuration. To fix,
> run /sbin/restorecon on the file(s) in question.
So it isn't really an RPM check then, rather an external check on
files choosen by RPM. Thanks for the explanation!
There seems to be something more involved, though. When doing
"rpm -Va" I get complaints about a few files. Doing restorecon
doesn't change anything. See below for /etc/idmapd.conf as an
example.
My rpm is from FC3 while SELinux-packages are from FC4 test, in case
this could be a compatibility issue.
I would like to understand what is going on here.
[root at mimmi ~]# rpm -Vf /etc/idmapd.conf
..5....TC c /etc/idmapd.conf
S.5....T. c /var/lib/nfs/etab
S.5....T. c /var/lib/nfs/rmtab
........? /var/lib/nfs/rpc_pipefs
..?...... c /var/lib/nfs/state
..?....T. c /var/lib/nfs/xtab
[root at mimmi ~]# ls -lZ /etc/idmapd.conf
-rw-r--r-- root root root:object_r:etc_t /etc/idmapd.conf
[root at mimmi ~]# /sbin/restorecon /etc/idmapd.conf
[root at mimmi ~]# ls -lZ /etc/idmapd.conf
-rw-r--r-- root root root:object_r:etc_t /etc/idmapd.conf
[root at mimmi ~]# rpm -Vf /etc/idmapd.conf
..5....TC c /etc/idmapd.conf
S.5....T. c /var/lib/nfs/etab
S.5....T. c /var/lib/nfs/rmtab
........? /var/lib/nfs/rpc_pipefs
..?...... c /var/lib/nfs/state
..?....T. c /var/lib/nfs/xtab
[root at mimmi ~]# rpm -qf /etc/idmapd.conf
nfs-utils-1.0.7-6
[root at mimmi ~]# rpm -q rpm selinux-policy-strict-sources selinux-policy-strict
rpm-4.3.2-21
selinux-policy-strict-sources-1.23.16-6
selinux-policy-strict-1.23.16-6
More information about the fedora-selinux-list
mailing list