Al Pacifico wrote:
> This is related to the daemon question I asked earlier.
>
> I created a problem using policygentool by specifying that a log file
> is written to by two different binaries with different policies. My
> thread about "Helper program for a daemon" provides some context (no
> pun intended).
>
> I didn't realize that installing the policy would change the file
> context specification database (although it makes perfect sense in
> retrospect). Now, I've inadvertently specified that
> /var/log/slimserver be labelled under two different contexts in
> /etc/selinux/targeted/contexts/files/file_contexts and wish to remove
> the second set of entries.
>
> Output of setfiles -n
> /etc/selinux/targeted/contexts/files/file_contexts $filename includes
> several messages of the form:
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
> specifications for /var/log/slimserver
> (system_u:object_r:slimserver_scanner_var_log_t and
> system_u:object_r:slimserver_var_log_t).
>
> My policy module didn't install correctly because of this error, but
> the file contexts specification is now incorrect. What is the best way
> to correct this?
> 1. Just use sed or vi to eliminate the second specification?
> 2.Remove both installed policies that I wrote (which are the only
> non-stock policy modules installed on my FC5 box) using semodule and
> restore /etc/selinux/targeted/contexts/files/file_contexts from the
> rpm package file?
>
> Keep in mind I'm doing this over ssh to a box with no GUI, so I must
> use the command line, vi, etc.
semanage fcontext -d /var/log/slimserver

> -al
> --
> Al Pacifico
> Seattle, WA
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list