making a file context change work for initrc_t and unconfined_t
Dominick Grift
dominick.grift at gmail.com
Sat Feb 4 08:56:13 UTC 2012
On Fri, 2012-02-03 at 21:41 -0500, Maria Iano wrote:
> Those files are
> /var/lib/likewise/.eventlog
> /var/lib/likewise/krb5cc_lsass.AD.DOMAIN
> /var/lib/likewise/db/lsass-adcache.filedb.AD.DOMAIN
>
> What happened was that I ran restorecon on them after they had been
> created but before those AVCs. I added these rules to the fc file:
>
> /var/lib/likewise/\.eventlog -s
> gen_context(system_u:object_r:eventlogd_var_socket_t,s0)
> /var/lib/likewise/krb5cc\_lsass\..* --
> gen_context(system_u:object_r:lsassd_var_lib_t, s0)
> /var/lib/likewise/db/lsass-adcache\.filedb\..* --
> gen_context(system_u:object_r:lsassd_var_lib_t,s0)
>
> and matchpathcon gives the correct type for them now.
>
> I haven't had any new AVC messages since those last changes.
>
>
>
Thanks. Attached patch is what i think might be the proper fixes for
upstream.
More information about the selinux
mailing list