tar xvf <tar file> --xattrs warning/error in MLS enforcing
Xavier Toth
txtoth at gmail.com
Fri Apr 30 20:38:12 UTC 2010
I'm going to simplify this because a lot of the detail isn't import to
the issue I'm working through. I'm taring some files, one of which
happens to be labeled SystemHigh and the rest SystemLow. An init
script, running SystemLow-SystemHigh, is later run on a different
system which untars the file. tar generates a warning message about
setfilecon failing for the file labeled SystemHigh and I see a
SELINUX_ERR message in the audit log (security_validate_transition:
denied for oldcontext=system_u:object_r:selinux_config_t:s0
newcontext=system_u:object_r:selinux_config_t:s15:c0-c1023
taskcontext=system_u:system_r:initrc_t=s0-s15:c0.c1023 tclass=file). I
am using run_init to run test this init script. What I'm confused
about is that there are no AVCs (I did an semnodule -DB just to see if
there were any dontaudits) and why there even is a failure as initrc_t
uses the mls_file_write_all_levels marco. Also does anyone know of a
way to see the contexts stored in the tar file?
Ted
More information about the selinux
mailing list