setroubleshoot-plugins string not clear

John Dennis jdennis at redhat.com
Wed Feb 20 15:27:28 UTC 2008 

Domingo Becker wrote:
> There is a string that seems to be wrong and not clear in
> setroubleshoot-plugins.
> It is the one with comment #: ../src/restorecon.py:35
> The sentence
>     File contexts can get assigned to a file can following ways.  <ul>\n
> seems to be wrong.
> And the sentence
>     <li>The kernel can decide via policy that an application running as
> context A Creating a file in a directory labeled B will create files labeled
> C.\n
> Is not clear to me. Would you or someone please explain it ?
> 
> 
> kind regards
> 
> Domingo Becker (es)

You're right, the wording wasn't great, we rewrote it to look like this 
and should appear soon. You can either wait for the new po or use this 
text to help you interpret the existing text. Hope this helps.

     SELinux denied access requested by $SOURCE. $TARGET_PATH may
     be a mislabeled.  $TARGET_PATH default SELinux type is
     <B>$MATCHTYPE</B>, but its current type is <B>$TARGET_TYPE</B>. 
Changing
     this file back to the default type, may fix your problem.
     <p>
     File contexts can be assigned to a file in the following ways.
     <ul>
         <li>Files created in a directory receive the file context of 
the parent directory by default.
         <li>Users can change the file context on a file using tools 
such as chcon, or restorecon.
         <li>The SELinux policy might override the default label 
inherited from the parent directory by
             specifying a process running in context A which creates a 
file in a directory labeled B
             will instead create the file with label C. An example of 
this would be the dhcp client running
             with the dhclient_t type and creates a file in the 
directory /etc. This file would normally
             receive the etc_t type due to parental inheritance but 
instead the file
             is labeled with the net_conf_t type because the SELinux 
policy specifies this..
     </ul>
     This file could have been mislabeled either by user error, or if an 
normally confined application
     was run under the wrong domain.
     <p>
     However, this might also indicate a bug in SELinux because the file 
should not have been labeled
     with this type.
     <p>
     If you believe this is a bug, please file a
     <a href="http://bugzilla.redhat.com/bugzilla/enter_bug.cgi">bug 
report</a>
     against this package.


-- 
John Dennis <jdennis at redhat.com>

More information about the Fedora-trans-list mailing list