----------- a challenge for selinux------------

Hi fellow selinux uses ...

How can you fix labeling when the  selinux tools don't allow you to.

Selinux commands complain & refuse to work.

Tradition selinux commands don't work. IE chcon, restorecon , fixfiles,

setfiles  etc..I Need an *expert* here, ..........

PROBLEM is :

my /boot directory has :

:boot_t:

and

:home_root_t:

.......... together labled --- see below.

and I can't fix it.  do we have to edit the "inode" directly??

Having two types on one file I believe should *never* happen but -- it has.

Should be one  ":boot_t:"  or the other ":home_root_t:"  but never *both*!

I think I know how it happened -- but that's not the issue right now --
how do you fix it??
The security of selinux normaly is designed to prevent adhoc changes --- so
this is why it is difficult... but with root password their would be a
solution somehow.

Thx
Roger Salisbury


Below is the setfiles display:


/etc/selinux/targeted/contexts/files/file_contexts: Multiple same

specifications for /boot/lost\+found/.*.

/etc/selinux/targeted/contexts/files/file_contexts: Multiple different

specifications for /boot  (system_u:object_r:home_root_t:s0 and

system_u:object_r:boot_t:s0).

/etc/selinux/targeted/contexts/files/file_contexts: Multiple same

specifications for /boot/\.journal.

/etc/selinux/targeted/contexts/files/file_contexts: Multiple same

specifications for /boot/lost\+found.

setfiles: labeling files under /boot

setfiles:  labeling files under /boot

matchpathcon_filespec_eval:  hash table stats: 28 elements, 28/65536 buckets

used, longest chain length 1

setfiles:  Done.