<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I have a file context installed as follows:<br><br># semanage fcontext -l | grep vasd<br><br>/etc/rc.d/init.d/vasd regular file system_u:object_r:vasd_initrc_exec_t:s0 <br>/opt/quest/sbin/vasd regular file system_u:object_r:vasd_exec_t:s0 <br>/var/opt/quest(/.*)? all files system_u:object_r:vasd_var_t:s0 <br>/var/opt/quest/vas/vasd(/.*)? all files system_u:object_r:vasd_var_auth_t:s0 <br>/var/opt/quest/vas/vasd/.vasd.pid regular file system_u:object_r:vasd_var_run_t:s0 <br><br>After a fresh install I see the following:<br><br># ls -laZ /var/opt/quest/vas/vasd/<br>drwxr-xr-x. root root unconfined_u:object_r:vasd_var_t:s0 .<br>drwxr-xr-x. root root unconfined_u:object_r:vasd_var_t:s0 ..<br>-rw-r--r--. root root unconfined_u:object_r:vasd_var_t:s0 vas_ident.vdb<br>-rw-r--r--. root root unconfined_u:object_r:vasd_var_t:s0 vas_misc.vdb<br><br><br>Why are the files being created under /var/opt/quest/vas/vasd not being labelled correctly as qasd_var_auth_t as the fcontext states?<br>Is the software installer supposed to force a relabel on a post-install?<br><br>After a restart of the daemon I do not see the pid file being labelled correctly:<br><br># /etc/init.d/vasd restart<br>Stopping vasd: vasd does not appear to be running.<br>Starting vasd: [ OK ]<br><br># ls -laZ /var/opt/quest/vas/vasd/<br>drwxr-xr-x. daemon daemon unconfined_u:object_r:vasd_var_t:s0 .<br>drwxr-xr-x. root root unconfined_u:object_r:vasd_var_t:s0 ..<br>srwxrwxrwx. daemon daemon unconfined_u:object_r:vasd_var_t:s0 .vasd_19574<br>srwxrwxrwx. daemon daemon unconfined_u:object_r:vasd_var_t:s0 .vasd_19575<br>srwxrwxrwx. daemon daemon unconfined_u:object_r:vasd_var_t:s0 .vasd_19576<br>srwxrwxrwx. daemon daemon unconfined_u:object_r:vasd_var_t:s0 .vasd40_ipc_sock<br>-rw-r--r--. daemon daemon unconfined_u:object_r:vasd_var_t:s0 .vasd.pid<br>-rw-r--r--. daemon daemon unconfined_u:object_r:vasd_var_t:s0 vas_ident.vdb<br>-rw-r--r--. daemon daemon unconfined_u:object_r:vasd_var_t:s0 vas_misc.vdb<br><br>After forcing a relabel:<br><br># restorecon -F -R /var/opt/quest/vas/vasd/<br><br># ls -laZ /var/opt/quest/vas/vasd/<br>drwxr-xr-x. daemon daemon system_u:object_r:vasd_var_auth_t:s0 .<br>drwxr-xr-x. root root unconfined_u:object_r:vasd_var_t:s0 ..<br>srwxrwxrwx. daemon daemon system_u:object_r:vasd_var_auth_t:s0 .vasd_19574<br>srwxrwxrwx. daemon daemon system_u:object_r:vasd_var_auth_t:s0 .vasd_19575<br>srwxrwxrwx. daemon daemon system_u:object_r:vasd_var_auth_t:s0 .vasd_19576<br>srwxrwxrwx. daemon daemon system_u:object_r:vasd_var_auth_t:s0 .vasd40_ipc_sock<br>-rw-r--r--. daemon daemon system_u:object_r:vasd_var_auth_t:s0 .vasd.pid<br>-rw-r--r--. daemon daemon system_u:object_r:vasd_var_auth_t:s0 vas_ident.vdb<br>-rw-r--r--. daemon daemon system_u:object_r:vasd_var_auth_t:s0 vas_misc.vdb<br><br>I get the files and directory labelled correctly, but not the pid file. I can set a pid transition in the policy but then what is the point of setting a file context in the <domain>.fc for the pid file if it never gets picked up? Apparently I am missing something important here.<br><br>Does anyone know a place for good documentation on this subject?<br><br><br><br><br><br> </div></body>
</html>