File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be deleted
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 11 21:13:14 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/11/2014 04:05 PM, Jayson Hurst wrote:
> I don't think its is inheriting its file context from the parent directory.
> There is an explicit entry in the
> /etc/selinux/targeted/contexts/files/file_contexts for
> /var/opt/quest/vas/vasd(/.*)?
>
> So if I want to set my own file context on this directory via a SELinux
> module I cannot because it fails to install. How do I manage this problem
> for others who wish to install the module?
>
Right, I think you need to work with upstream or put an semanage fcontext -m
in your post install rather then shipping the label in your fc file.
>> Date: Tue, 11 Feb 2014 09:36:03 -0500 From: dwalsh at redhat.com To:
>> swazup at hotmail.com; selinux at lists.fedoraproject.org Subject: Re: File
>> context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be
>> deleted
>>
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 02/10/2014 08:42 PM, Jayson Hurst wrote:
>>> I am trying to create a policy for vasd but I cannot set my own
>>> fcontext for /var/opt/quest/vas/vasd(/.*)? because I get the following
>>> error:
>>>
>>> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
>>> specifications for /var/opt/quest/vas/vasd(/.*)?
>>> (system_u:object_r:qasd_var_auth_t:s0 and
>>> system_u:object_r:var_auth_t:s0)
>>>
>>> When I attempt to delete the file context I get:
>>>
>>> $ semanage fcontext -d "/var/opt/quest/vas/vasd(/.*)?"
>>> /usr/sbin/semanage: File context for /var/opt/quest/vas/vasd(/.*)? is
>>> defined in policy, cannot be deleted
>>>
>>> I don't know who or what has already installed this file context, but I
>>> am not able to work around it and it is causing problems with my module
>>> who is the true owner of the file directory in question.
>>>
>>> Is there was way to find out how this file context was created and by
>>> what? Also how do I remove it so I can define the directories file
>>> context correctly?
>>>
>>>
>>> -- selinux mailing list selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>> You could modify it, or work with Fedora/upstream to get your policy in
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL6kmoACgkQrlYvE4MpobNEDQCeI0DjpEnTgUUcA1QHPrAV59HO
VbEAoOjrPBfABlcXB3fdtQ2EMFoVOIZG
=i9ay
-----END PGP SIGNATURE-----
More information about the selinux
mailing list