Re: How to (or should I?) change unconfined_u to system_u for a file

From: "m roth" <m.roth(a)5-cent.us&gt; To: "Jeff Boyce" <jboyce(a)meridianenv.com&gt; Cc: "SELinux Fedora List" <selinux(a)lists.fedoraproject.org&gt; Sent: Tuesday, July 14, 2015 1:36:40 PM Subject: Re: How to (or should I?) change unconfined_u to system_u for a file Jeff Boyce wrote: > Greetings - <snip> > The issue: I have two shell files run by cron that rsync our file > server directories to two backup servers, one on-site (Bison) and one > off-site. The on-site cron has worked fine for years. I just setup the > off-site cron and it is blocked by SELinux. Looking at the context of > the files, the one that works is listed as system_u, while the one that > fails is listed as unconfined_u. So my first question is, what is the > proper syntax for changing the context of the second file so that it > matches the first one. <snip> I don't vaguely represent myself as an selinux expert, just someone who's been fighting, on and off for years, to shut up the AVCs (we're mostly in permissive mode). That said, IIRC, the _u is pretty irrelevant; it's the _t that matters, and whether the port is labelled correctly.... I assume the firewall's open.

mark -- selinux mailing list selinux(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux