Re: SELinux and SGID
by Douglas Brown
Hi all,
I have a RHEL 6.3 machine enforcing the mls policy. When I try to set the SGID bit on a folder with with `chmod g+s folder_name`, the command's exit code is 0; nothing is logged in /var/log/messages or /var/log/audit/audit.log; but the bit isn't actually set. If I change to permissive mode with `setenforce 0`, it then works.
Maybe this is by design, but why the command would succeed whilst failing to actually set the bit is odd. Should I submit a bug, or can anyone shed some light on this?
Thanks,
Doug
11 years, 1 month
- 2
- 2
default_t on /home Fedora18
by Per Sjoholm
Hi
Need some help.
I get a label of default_t on my /home
I have done autorelabel
I currently use /home_l for home
and I do a mount --bind from an other filesystem
semanage fcontext -l |grep /home
/disk_dev/sda5/F18/home_l all files system_u:object_r:home_root_t:s0
/disk_dev/sda5/home_l = /home_l
I usedto
semange fcontext -a -e /home /home_l
and that stopped working with the fedora update around mars 1, 2013
restorecon -v /home
restorecon reset /home context unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:default_t:s0
restorecon -v /home/per/
restorecon reset /home/per context system_u:object_r:user_home_t:s0->system_u:object_r:default_t:s0
matchpathcon /home/per
/home/per system_u:object_r:default_t:s0
--
Per Sjöholm
11 years, 1 month
- 2
- 1
security_secctx_to_secid question
by Mr Dash Four
One simple query: the above function (from include/linux/security.h)
maps the specified security context to a number. Are there any instances
where this number would change while the kernel is still running? I am
aware that the number *might* change on kernel reboot, but need to know
if this number is likely to change if that is not the case.
In other words, if I use the above function to get a specific security
context mapped to a number and later on, say after a month, I try to
retrieve that same security context (assuming the kernel has been
running continuously in that period) what is the likelihood that I will
get a different number? Thanks!
11 years, 1 month
- 1
- 0