make relabel > restorecon
Steve Brueckner
steve at atc-nycorp.com
Tue May 3 14:23:54 UTC 2005
Daniel J Walsh wrote:
> Steve Brueckner wrote:
>> Daniel J Walsh wrote:
>>> Steve Brueckner wrote:
>>>> I have a file
>>>> /etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc
>>>> that contains the following line only:
>>>>
>>>> /tspi/usr/local/bin/dillo -- system_u:object_r:tspi_dillo_exec_t
>>>>
>>>> When I do # make reload and then # make relabel the system
>>>> correctly labels the file and adds the above line to the master
>>>> file_contexts file.
>>>>
>>>> However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
>>>> the file's type reverts to default_t
>>>>
>>>> Any ideas on why this is happening?
>>>>
>>> I take it you have a domains/program/tspi_dillo.te file?
>>>
>>> grep dillo /etc/selinux/targeted/context/files/*
>>>
>> Yes, I have
>> /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
>> which declares the tspi_dillo_exec_t.
>>
>> However, I think your grep showed me where the problem lies. There
>> are two file_contexts files:
>> /etc/selinux/targeted/src/policy/file_contexts/file_contexts
>> /etc/selinux/targeted/context/files/file_contexts
>>
>> And a diff shows that the former has the context for dillo and the
>> latter does not. I was apparently mistaken earlier when I said that
>> the "master" file_contexts file contains the line in question.
>>
>> So my question now becomes how does the former get updated? I've
>> done make reload and make relabel but it seems that neither is
>> updating /etc/selinux/targeted/context/files/file_contexts.
>>
> That is strange. Make reload should have copied the your
> file_context over.
>
> Try make -W users load
> See if the file_context gets replaced. Any chance of clock skew on
> your machine.
Fooling make into thinking users had been updated did the trick, thanks. My
clock, logs, and file times all look fine, so I don't think clock skew is
the problem.
I am, however, running (last week's) rawhide SELinux and rawhide kernel on
an othewise FC3 install, so maybe there's something not meshing in there.
Am I correct in thinking that the rawhide SELinux packages are currently
being written and tested on FC4?
Anyway, I appreciate the assist.
- Steve Brueckner, ATC-NY
More information about the fedora-selinux-list
mailing list