Re: make relabel > restorecon

Steve Brueckner wrote: > Daniel J Walsh wrote: > > >> Steve Brueckner wrote: >> >> >>> Daniel J Walsh wrote: >>> >>> >>>> Steve Brueckner wrote: >>>> >>>> >>>>> I have a file >>>>> /etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc >>>>> >>>>> that contains the following line only: >>>>> >>>>> /tspi/usr/local/bin/dillo -- >>>>> system_u:object_r:tspi_dillo_exec_t >>>>> >>>>> When I do # make reload and then # make relabel the system >>>>> correctly labels the file and adds the above line to the master >>>>> file_contexts file. >>>>> However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo >>>>> the file's type reverts to default_t >>>>> >>>>> Any ideas on why this is happening? >>>>> >>>>> >>>> >>>> I take it you have a domains/program/tspi_dillo.te file? >>>> >>>> grep dillo /etc/selinux/targeted/context/files/* >>>> >>>> >>> >>> Yes, I have >>> /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te >>> which declares the tspi_dillo_exec_t. >>> >>> However, I think your grep showed me where the problem lies. There >>> are two file_contexts files: >>> /etc/selinux/targeted/src/policy/file_contexts/file_contexts >>> /etc/selinux/targeted/context/files/file_contexts >>> And a diff shows that the former has the context for dillo and the >>> latter does not. I was apparently mistaken earlier when I said that >>> the "master" file_contexts file contains the line in question. >>> >>> So my question now becomes how does the former get updated? I've >>> done make reload and make relabel but it seems that neither is >>> updating /etc/selinux/targeted/context/files/file_contexts. >>> >>> >> >> That is strange. Make reload should have copied the your >> file_context over. >> Try make -W users load >> See if the file_context gets replaced. Any chance of clock skew on >> your machine. >> > > > Fooling make into thinking users had been updated did the trick, > thanks. My > clock, logs, and file times all look fine, so I don't think clock > skew is > the problem. > > I am, however, running (last week's) rawhide SELinux and rawhide > kernel on > an othewise FC3 install, so maybe there's something not meshing in > there. > Am I correct in thinking that the rawhide SELinux packages are currently > being written and tested on FC4? > > Anyway, I appreciate the assist. > > - Steve Brueckner, ATC-NY > > -- > fedora-selinux-list mailing list > fedora-selinux-list(a)redhat.com > http://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > Wasn't there a change a while back(3-4 weeks) to the make file that requires 'make install' to update the file_contexts? I've been using 'make clean install reload' to do a complete update from source policy. Richard Hally