label rootfs in compile time not run time
by Henry Zhang
Hi folks,
Any document talking about how to set the SELinux security context of files
and directories of rootfs at compile time.
Any suggestions?
Thanks.
---henry
3 months, 1 week
busybox with selinux
by Henry Zhang
Hi folks,
New version of SELinux complains of busybox when relabeling.
My busybox was compiled as CONFIG_FEATURE_INDIVIDUAL=n
That means all applets of busybox share the same inode.
But SElinux requires each file assigned to an individual inode so that each
file can be defined by file_contexts.
Any suggestions?
Thanks
---henry
3 months, 3 weeks
conflicting specifications during booting up
by Henry Zhang
Hi guys,
My selinux complains during booting.
setfiles complains conflicting specifications:
selinux-autorelabel.sh[1524]: /sbin/setfiles: conflicting specifications
for /tmp/tmp.flCsmAYyao/usr/lib/systemd/system/smartcard.target and
/tmp/tmp.flCsmAYyao/usr/lib/systemd/user/smartcard.target, using
system_u:object_r:systemd_user_unit_t:s0.
# ls -Z /usr/lib/systemd/system/sound.target
system_u:object_r:systemd_user_unit_t:s0
/usr/lib/systemd/system/sound.target
ls -Z /usr/lib/systemd/user/sound.target
system_u:object_r:systemd_user_unit_t:s0 /usr/lib/systemd/user/sound.target
# grep "/usr/lib/systemd/system"
/etc/selinux/mcs/contexts/files/file_contexts
/usr/lib/systemd/system(/.*)? system_u:object_r:systemd_unit_t:s0
/usr/lib/systemd/user(/.*)? system_u:object_r:systemd_user_unit_t:s0
My question is why "/usr/lib/systemd/system/smartcard.target " does not
take systemd_unit_t from file_contexts?
What is wrong in my selinux?
Thanks.
----henry
4 months