make relabel > restorecon
Steve Brueckner
steve at atc-nycorp.com
Tue May 3 14:03:30 UTC 2005
Daniel J Walsh wrote:
> Steve Brueckner wrote:
>
>> I have a file
>> /etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc
>> that contains the following line only:
>>
>> /tspi/usr/local/bin/dillo -- system_u:object_r:tspi_dillo_exec_t
>>
>> When I do # make reload and then # make relabel the system correctly
>> labels the file and adds the above line to the master file_contexts
>> file.
>>
>> However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
>> the file's type reverts to default_t
>>
>> Any ideas on why this is happening?
>>
>>
> I take it you have a domains/program/tspi_dillo.te file?
>
> grep dillo /etc/selinux/targeted/context/files/*
>
Yes, I have /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
which declares the tspi_dillo_exec_t.
However, I think your grep showed me where the problem lies. There are two
file_contexts files:
/etc/selinux/targeted/src/policy/file_contexts/file_contexts
/etc/selinux/targeted/context/files/file_contexts
And a diff shows that the former has the context for dillo and the latter
does not. I was apparently mistaken earlier when I said that the "master"
file_contexts file contains the line in question.
So my question now becomes how does the former get updated? I've done make
reload and make relabel but it seems that neither is updating
/etc/selinux/targeted/context/files/file_contexts.
Thanks,
- Steve Brueckner, ATC-NY
More information about the fedora-selinux-list
mailing list