mcs is used in my custom board. I am asking for some common knowledge on how to use setfiles and restorecon here.
On Tue, Jun 13, 2023 at 8:53 AM Casper fantom@fedoraproject.org wrote:
I guess that path is *not* correct (or even the file itself):
/etc/selinux/mcs/contexts/files/file_contexts
This file is *not* provided by the mcstrans rpm. Why did you used it instead of /etc/selinux/targeted/contexts/files/file_contexts ?
Where does it come from?
Henry Zhang a écrit :
Vit, I can do it with: setfiles -v /etc/selinux/mcs/contexts/files/file_contexts
/home/root/yolo
Relabeled /home/root/yolo from root:object_r:unlabeled_t:s0 to root:object_r:user_home_t:s0
when I use "restorecon -R -v /home/root/yolo" Relabeled /sysroot/home/root/yolo from root:object_r:user_home_t:s0 to root:object_r:root_home_t:s0
setfiles relabels yolo back to user_home_t and restorecon relabels yolo back to root_home_t
Should setfiles or restorecon be used for me?
---henry On Mon, Jun 12, 2023 at 11:59 PM Vit Mojzis <[1]vmojzis@redhat.com>
wrote:
On 6/12/23 17:20, Henry Zhang wrote:
Vit, Thanks for the links. I can use restorecon to recover to default value if file content is changed by the chcon command. But setfiles does nothing when the file is changed by chcon. May I change something and let setfiles recover it?
Sure. But you need to specify the full path (unlike when using restorecon, which uses "realpath" to get the full path on its own).
$ touch yolo $ ls -lZ total 0 -rw-r--r--. 1 root root unconfined_u:object_r:user_home_t:s0 0 Jun
12
13:05 yolo # chcon -t unlabeled_t yolo $ ls -lZ total 0 -rw-r--r--. 1 root root unconfined_u:object_r:unlabeled_t:s0 0 Jun
12
13:05 yolo # setfiles -v /etc/selinux/targeted/contexts/files/file_contexts /home/testuser/yolo Relabeled /home/testuser/yolo from
unconfined_u:object_r:unlabeled_t:s0
to unconfined_u:object_r:user_home_t:s0
Vit
---henry On Mon, Jun 12, 2023 at 6:15 AM Vit Mojzis <[2]vmojzis@redhat.com> wrote:
Hi, let me walk you through the steps to find this info on your own.
# dnf provides setfiles policycoreutils-3.3-4.fc36.x86_64 : SELinux policy core utilities # dnf provides restorecon policycoreutils-3.3-4.fc36.x86_64 : SELinux policy core utilities
So both utilities are shipped as part of policycoreutils package. The package is build from the following repository: [3]https://src.fedoraproject.org/rpms/policycoreutils The spec file ([4]
https://src.fedoraproject.org/rpms/policycoreutils/blob/rawhide/f/policycore... )
shows that the source code repository is [5]https://github.com/SELinuxProject/selinux
$ git clone [6]https://github.com/SELinuxProject/selinux ; cd
selinux
$ find -name setfiles.c ./policycoreutils/setfiles/setfiles.c
This is actually the source file for both tools. Their behavior changes based on the executable name [7]
https://github.com/SELinuxProject/selinux/blob/main/policycoreutils/setfiles...
Hope this helps, Vit
On 6/8/23 20:01, Henry Zhang wrote:
Hi folks,
I want to know the difference between setfiles and restorecon. Where can I get source codes of setfiles and restorecon?
---henry
selinux mailing list -- [8]selinux@lists.fedoraproject.org To unsubscribe send an email to
[9]selinux-leave@lists.fedoraproject.org
Fedora Code of Conduct:
[10]https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
[11]https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
[12]
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
Do not reply to spam, report it:
[13]https://pagure.io/fedora-infrastructure/new_issue _______________________________________________ selinux mailing list -- [14]selinux@lists.fedoraproject.org To unsubscribe send an email to [15]selinux-leave@lists.fedoraproject.org Fedora Code of Conduct: [16]https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: [17]https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: [18]
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
Do not reply to spam, report it: [19]https://pagure.io/fedora-infrastructure/new_issue
References
Visible links
- mailto:vmojzis@redhat.com
- mailto:vmojzis@redhat.com
- https://src.fedoraproject.org/rpms/policycoreutils
https://src.fedoraproject.org/rpms/policycoreutils/blob/rawhide/f/policycore...
https://github.com/SELinuxProject/selinux/blob/main/policycoreutils/setfiles...
- mailto:selinux@lists.fedoraproject.org
- mailto:selinux-leave@lists.fedoraproject.org
- https://docs.fedoraproject.org/en-US/project/code-of-conduct/
- https://fedoraproject.org/wiki/Mailing_list_guidelines
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
- https://pagure.io/fedora-infrastructure/new_issue
- mailto:selinux@lists.fedoraproject.org
- mailto:selinux-leave@lists.fedoraproject.org
- https://docs.fedoraproject.org/en-US/project/code-of-conduct/
- https://fedoraproject.org/wiki/Mailing_list_guidelines
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
selinux mailing list -- selinux@lists.fedoraproject.org To unsubscribe send an email to selinux-leave@lists.fedoraproject.org Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.or...
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
-- GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der Jabber/XMPP Messaging: casper@casperlefantom.net
selinux@lists.fedoraproject.org