make relabel > restorecon

Daniel J Walsh dwalsh at redhat.com
Tue May 3 20:28:57 UTC 2005 

Richard Hally wrote:

> Steve Brueckner wrote:
>
>> Daniel J Walsh wrote:
>>  
>>
>>> Steve Brueckner wrote:
>>>   
>>>
>>>> Daniel J Walsh wrote:
>>>>     
>>>>
>>>>> Steve Brueckner wrote:
>>>>>       
>>>>>
>>>>>> I have a file
>>>>>> /etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc 
>>>>>>
>>>>>> that contains the following line only:
>>>>>>
>>>>>> /tspi/usr/local/bin/dillo    --    
>>>>>> system_u:object_r:tspi_dillo_exec_t
>>>>>>
>>>>>> When I do # make reload and then # make relabel the system
>>>>>> correctly labels the file and adds the above line to the master
>>>>>> file_contexts file.
>>>>>> However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
>>>>>> the file's type reverts to default_t
>>>>>>
>>>>>> Any ideas on why this is happening?
>>>>>>
>>>>>>         
>>>>>
>>>>> I take it you have a domains/program/tspi_dillo.te file?
>>>>>
>>>>> grep dillo /etc/selinux/targeted/context/files/*
>>>>>
>>>>>       
>>>>
>>>> Yes, I have
>>>> /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
>>>> which declares the tspi_dillo_exec_t.
>>>>
>>>> However, I think your grep showed me where the problem lies.  There
>>>> are two file_contexts files:
>>>> /etc/selinux/targeted/src/policy/file_contexts/file_contexts
>>>> /etc/selinux/targeted/context/files/file_contexts
>>>> And a diff shows that the former has the context for dillo and the
>>>> latter does not.  I was apparently mistaken earlier when I said that
>>>> the "master" file_contexts file contains the line in question.
>>>>
>>>> So my question now becomes how does the former get updated?  I've
>>>> done make reload and make relabel but it seems that neither is
>>>> updating /etc/selinux/targeted/context/files/file_contexts.
>>>>
>>>>     
>>>
>>> That is strange.  Make reload should have copied the your
>>> file_context over.
>>> Try make -W users load
>>> See if the file_context gets replaced.  Any chance of clock skew on
>>> your machine.
>>>   
>>
>>
>> Fooling make into thinking users had been updated did the trick, 
>> thanks.  My
>> clock, logs, and file times all look fine, so I don't think clock 
>> skew is
>> the problem.
>>
>> I am, however, running (last week's) rawhide SELinux and rawhide 
>> kernel on
>> an othewise FC3 install, so maybe there's something not meshing in 
>> there.
>> Am I correct in thinking that the rawhide SELinux packages are currently
>> being written and tested on FC4?
>>
>> Anyway, I appreciate the assist.
>>
>> - Steve Brueckner, ATC-NY
>>
>> -- 
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>
>>  
>>
> Wasn't there a change a while back(3-4 weeks) to the make file that 
> requires 'make install' to update the file_contexts? I've been using 
> 'make clean install reload' to do a complete update from source policy.
>
> Richard Hally
>
Shouldn't have to.  The goal was to never do a make install since this 
will blow away any user customizations.

Dan

--

More information about the fedora-selinux-list mailing list