selinux January 2017

selinux@lists.fedoraproject.org

12 participants
12 discussions

SELinux and user home dirs custom contexts

by info＠joomladev.eu

I'm using SELinux with CentOS 7 for many years but I have problem with labeling of home dirs. In my policy and in semanage fcontext --list|grep '/var/www/hosts/ak-chalupova.cz' I have custom labels of files: ----------------------------------------------------------------------------------------------------------------------- /var/www/hosts/ak-chalupova.cz(/.*)? all files system_u:object_r:ak-chalupova_cz_t:s0 /var/www/hosts/ak-chalupova.cz/logs(/.*)? all files system_u:object_r:ak-chalupova_cz_log_t:s0 /var/www/hosts/ak-chalupova.cz/mail(/.*)? all files system_u:object_r:ak-chalupova_cz_mail_t:s0 /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin(/.*)? all files system_u:object_r:ak-chalupova_cz_cgi_t:s0 /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.fcgi all files system_u:object_r:ak-chalupova_cz_cgi_exec_t:s0 ----------------------------------------------------------------------------------------------------------------------- but when I run restorecon -R -v /var/www/hosts/ak-chalupova.cz/ it tries to label all files as user_home_t: ----------------------------------------------------------------------------------------------------------------------- restorecon reset /var/www/hosts/ak-chalupova.cz context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_dir_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/.bash_logout context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/mail context unconfined_u:object_r:ak-chalupova_cz_mail_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/.bash_profile context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/logs context unconfined_u:object_r:ak-chalupova_cz_log_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/logs/access_log context system_u:object_r:ak-chalupova_cz_log_t:s0->system_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/logs/error_log context system_u:object_r:ak-chalupova_cz_log_t:s0->system_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/.bashrc context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin context unconfined_u:object_r:ak-chalupova_cz_cgi_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.ini context unconfined_u:object_r:ak-chalupova_cz_cgi_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.fcgi context unconfined_u:object_r:ak-chalupova_cz_cgi_exec_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/tmp context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0 restorecon reset /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/www context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_t:s0 ----------------------------------------------------------------------------------------------------------------------- Whaty I'm doing wrong? Thangs in advance.

7 years, 3 months

2
2
0 / 0

Fwd: Re: SELinux and user home dirs custom contexts

by Thomas Mueller

replied to sender directly instead of the list. - Thomas -------- Weitergeleitete Nachricht -------- Betreff: Re: SELinux and user home dirs custom contexts Datum: Sun, 1 Jan 2017 12:43:44 +0100 Von: Thomas Mueller <thomas(a)chaschperli.ch> An: info(a)joomladev.eu Hi sounds strange. Am 31.12.2016 um 19:57 schrieb info(a)joomladev.eu: > I'm using SELinux with CentOS 7 for many years but I have problem with labeling of home dirs. In my policy and in semanage fcontext --list|grep '/var/www/hosts/ak-chalupova.cz' I have custom labels of files: > ----------------------------------------------------------------------------------------------------------------------- > /var/www/hosts/ak-chalupova.cz(/.*)? all files system_u:object_r:ak-chalupova_cz_t:s0 > /var/www/hosts/ak-chalupova.cz/logs(/.*)? all files system_u:object_r:ak-chalupova_cz_log_t:s0 > /var/www/hosts/ak-chalupova.cz/mail(/.*)? all files system_u:object_r:ak-chalupova_cz_mail_t:s0 > /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin(/.*)? all files system_u:object_r:ak-chalupova_cz_cgi_t:s0 > /var/www/hosts/ak-chalupova.cz/ak-chalupova.cz/cgi-bin/php.fcgi all files system_u:object_r:ak-chalupova_cz_cgi_exec_t:s0 > ----------------------------------------------------------------------------------------------------------------------- > but when I run restorecon -R -v /var/www/hosts/ak-chalupova.cz/ it tries to label all files as user_home_t: > ----------------------------------------------------------------------------------------------------------------------- > restorecon reset /var/www/hosts/ak-chalupova.cz context unconfined_u:object_r:ak-chalupova_cz_t:s0->unconfined_u:object_r:user_home_dir_t:s0 maybe related to semanage.conf usepasswd param? see man semanage.conf: usepasswd Whether or not to enable the use getpwent() to obtain a list of home directories to label. It can be set to either "true" or "false". *By default it is set to "true".* but my centos7 installation has set usepasswd=False in semanage.conf. Or is /var/www/hosts/ak-chalupova.cz a symlink to somewhere? realpath /var/www/hosts/ak-chalupova.cz - Thomas

7 years, 3 months

1
0
0 / 0

← Newer
1
2
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux January 2017