Problem with label on /
Stephen Smalley
sds at tycho.nsa.gov
Wed Jan 10 18:36:38 UTC 2007
On Wed, 2007-01-10 at 18:10 +0000, Adam Huffman wrote:
> On 10/01/07, Daniel J Walsh <dwalsh at redhat.com> wrote:
> > Adam Huffman wrote:
> > > Rather unwisely I followed through some advice from setroubleshootd on
> > > a new FC6 test system without thinking through the implications.
> > >
> > > It advised me to run:
> > >
> > > chcon -R -t xen_image_t /
> > >
> > > because xend was having some trouble with virtual disk files.
> > >
> > > This had some interesting consequences, most of which I have been able
> > > to fix via relabelling.
> > >
> > > However, there are still errors being reported for various daemons. E.g.
> > >
> > > SELinux is preventing /usr/sbin/cupsd (cupsd_t) "search" access to /
> > > (xen_image_t).
> > >
> >
> > xen images should be in their own directory. Not in / or /root. The
> > default directory for xen images is under /var/lib/xen, which would
> > solve your problem. I will take a look at the troubleshoot plugin to
> > make fix it up.
>
> Yes, I was only experimenting with different locations because of an
> error in virt-install (it was complaining that it couldn't get access
> to the virtual disks I was creating).
Use the force option (-F to fixfiles or restorecon) to force relabeling
of even files with customizable types?
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list