On Thu, Jul 30, 2015 at 12:07:03PM +0200, Petr Lautrbach wrote:
On 07/29/2015 07:39 PM, Robin Lee Powell wrote:
> On Wed, Jul 29, 2015 at 06:45:22AM -0400, Simon Sekidde wrote:
>> ----- Original Message -----
>>> From: "Robin Lee Powell" <rlpowell(a)digitalkingdom.org>
>>> To: "Lukas Vrabec" <lvrabec(a)redhat.com>,
>>> Sent: Wednesday, July 29, 2015 6:29:16 AM
>>> Subject: Re: [selinux] Re: Conflict between local module and local fcontext
>>> I removed this line:
>>> from the module's .fc file, since that was the only other use of
>>> lojban_logger_logs_t , and that line was non-functional as
>>> previously described, and now the fcontext command works.
>>> Yay!, but I don't get it at all.
>> The purpose of that line in the .fc is to have you avoid running
>> `semanage fcontext -a -t lojban_logger_logs_t
>> '/srv/lojban/irclogs(/.*)?'` since the label for all files in that
>> path dir has been predefined.
> Yes, but:
> 1. it *doesn't work*, because I have an fcontent rule for
> /srv/loban(/.*)? that wins over the module in all cases
> 2. why does the fcontext command abort with:
> libsemanage.dbase_llist_query: could not query record value (No such file or
> OSError: No such file or directory
> when that .fc line exists?, especially when the .fc line doesn't
> even *do* anything?
> It's #2 that I don't get. Seems like a bug to me? At the very
> least, the error message is not helpful.
The message is not helpful indeed. The problem seems to be that you try
to add the same rule via semanage as you have already defined in .fc file.
You could try to use slightly different specified rules to overwrite
your local modification:
: Our last, best hope for a fantastic future.
.i ko na cpedu lo nu stidi vau loi jbopre .i dafsku lu na go'i li'u .e
lu go'i li'u .i ji'a go'i lu na'e go'i li'u .e lu go'i
na'i li'u .e
lu no'e go'i li'u .e lu to'e go'i li'u .e lu lo mamta be do cu