Backing out of changes to file contexts specification

[Daniel J Walsh]

Al Pacifico wrote:
> This is related to the daemon question I asked earlier.
>
> I created a problem using policygentool by specifying that a log file 
> is written to by two different binaries with different policies. My 
> thread about "Helper program for a daemon" provides some context (no 
> pun intended).
>
> I didn't realize that installing the policy would change the file 
> context specification database (although it makes perfect sense in 
> retrospect). Now, I've inadvertently specified that 
> /var/log/slimserver be labelled under two different contexts in 
> /etc/selinux/targeted/contexts/files/file_contexts and wish to remove 
> the second set of entries.
>
> Output of setfiles -n 
> /etc/selinux/targeted/contexts/files/file_contexts $filename includes 
> several messages of the form:
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different 
> specifications for /var/log/slimserver  
> (system_u:object_r:slimserver_scanner_var_log_t and 
> system_u:object_r:slimserver_var_log_t).
>
> My policy module didn't install correctly because of this error, but 
> the file contexts specification is now incorrect. What is the best way 
> to correct this?
> 1. Just use sed or vi to eliminate the second specification?
> 2.Remove both installed policies that I wrote (which are the only 
> non-stock policy modules installed on my FC5 box) using semodule and 
> restore /etc/selinux/targeted/contexts/files/file_contexts from the 
> rpm package file?
>
> Keep in mind I'm doing this over ssh to a box with no GUI, so I must 
> use the command line, vi, etc.
semanage fcontext -d /var/log/slimserver
> -al
> -- 
> Al Pacifico
> Seattle, WA
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list