Syslog and Selinux

Stephen Smalley sds at epoch.ncsc.mil
Fri Aug 27 17:09:28 UTC 2004


On Fri, 2004-08-27 at 09:46, Daniel J Walsh wrote:
> restorecon /lib/tls/libc-2.3.3.so
> 
> will fix it, but how did the file get their with the wrong security context?

Most likely explanation is that at some point where the targeted
file_contexts file was broken due to an undefined type, he did an update
that updated those files.  In that case, rpm proceeds with the install
but doesn't know what to label the files, so they fall back into the
default type, I think.  Colin's patch to have setfiles revalidate the
file contexts when the policy is rebuilt should avoid future
occurrences.  Another good idea would be to change matchpathcon_init and
rpm to just skip invalid entries with a warning, but still try to match,
as the invalid entries typically only affect a few specific files.


-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency





More information about the fedora-test-list mailing list