SELinux restorecon does not work
Percy Barboza
p_barboza at hotmail.com
Tue Apr 6 10:12:01 UTC 2010
restorecon is used to manually relabel a filesystem with defaults eg etc for etc dir or httpd_sys_content for /var/www/html dir.
you need to check the values for defaults from semanage fcontext listing
percy
> Date: Tue, 6 Apr 2010 13:53:50 +0800
> Subject: SELinux restorecon does not work
> From: james at linux-source.org
> To: redhat-list at redhat.com
>
> Hi All,
>
> I have this following issue in SELinux. I did what instruction say but the
> security context has still never change. I hope anyone could help me out of
> this. Thank you.
>
> -------------------------------------------------------
> # sealert -b
> ........................................
> Summary:
> SELinux is preventing postmaster (postgresql_t) "setattr" to ./db (etc_t).
>
> Allowing Access:
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore the default system file context for ./db,
>
> restorecon -v './db'
>
> If this does not work, there is currently no automatic way to allow this
> access. Instead, you can generate a local policy module to allow this access
> - see FAQ Or you can disable SELinux protection altogether. Disabling
> SELinux protection is not recommended. Please file a bug report against this
> package.
> ........................................
>
> # ls -ldZ /etc/<apps>/db
> drwx------ postgres postgres user_u:object_r:etc_t db
>
> # restorecon -v /etc/<apps>/db
> # ls -ldZ /etc/<apps>/db
> drwx------ postgres postgres user_u:object_r:etc_t db
> -------------------------------------------------------
>
> Regards,
> James
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
_________________________________________________________________
Bollywood This Decade
http://entertainment.in.msn.com/bollywoodthisdecade/
More information about the redhat-list
mailing list