<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; "><div>Hello,</div><div><br></div><div>I must be missing something in my understanding of selinux but I'm having problem where the root user can not change the selinux type of a directory. I am running in targeted mode.</div><div><br></div><div>I was experimenting and changed the type of /tmp/bah to "unconfined_t". I am now unable to either delete the directory or to change the type back to "tmp_t "</div><div><br></div><div>chcon -R -t tmp_t /tmp/bah/</div><div><br></div><div>Results in:</div><div><br></div><div>chcon: failed to change context of `/tmp/bah/' to `unconfined_u:object_r:tmp_t:s0': Permission denied</div><div><br></div><div>Audit2allow is suggesting "allow unconfined_t self:dir relabelfrom;" but I don't want to apply that because it seems that would allow all unconfined files/processes to relabel themselves, is that correct?</div><div><br></div><div>Thanks for any tips.</div><div><br></div><div>Eric</div><BR />
<BR />
Notice of Confidentiality: The information transmitted is intended only for the<br>person or entity to which it is addressed and may contain confidential and/or<br>privileged material. Any review, re-transmission, dissemination or other use of <br>or taking of any action in reliance upon this information by persons or entities<br>other than the intended recipient is prohibited. If you received this in error<br>please contact the sender immediately by return electronic transmission and then<br>immediately delete this transmission including all attachments without copying,<br>distributing or disclosing the same.<BR />
</body></html>