selinux out smarted itself. "Multiple different specifications" One FILE But two types labled ------------- (system_u:object_r:home_root_t:s0 and system_u:object_r:boot_t:s0).
9:12 p.m.
----------- a challenge for selinux------------
Hi fellow selinux uses ...
How can you fix labeling when the selinux tools don't allow you to.
Selinux commands complain & refuse to work.
Tradition selinux commands don't work. IE chcon, restorecon , fixfiles,
setfiles etc..I Need an *expert* here, ..........
PROBLEM is :
my /boot directory has :
:boot_t:
and
:home_root_t:
.......... together labled --- see below.
and I can't fix it. do we have to edit the "inode" directly??
Having two types on one file I believe should *never* happen but -- it has.
Should be one ":boot_t:" or the other ":home_root_t:" but never
*both*!
I think I know how it happened -- but that's not the issue right now --
how do you fix it??
The security of selinux normaly is designed to prevent adhoc changes --- so
this is why it is difficult... but with root password their would be a
solution somehow.
Thx
Roger Salisbury
Below is the setfiles display:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /boot/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /boot (system_u:object_r:home_root_t:s0 and
system_u:object_r:boot_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /boot/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /boot/lost\+found.
setfiles: labeling files under /boot
setfiles: labeling files under /boot
matchpathcon_filespec_eval: hash table stats: 28 elements, 28/65536 buckets
used, longest chain length 1
setfiles: Done.
10:03 a.m.
New subject: selinux out smarted itself. "Multiple different specifications" One FILE But two types labled ------------- (system_u:object_r:home_root_t:s0 and system_u:object_r:boot_t:s0).
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Roger Salisbury wrote:
----------- a challenge for selinux------------
Hi fellow selinux uses ...
How can you fix labeling when the selinux tools don't allow you to.
Selinux commands complain & refuse to work.
Tradition selinux commands don't work. IE chcon, restorecon , fixfiles,
setfiles etc..I Need an *expert* here, ..........
PROBLEM is :
my /boot directory has :
:boot_t:
and
:home_root_t:
.......... together labled --- see below.
and I can't fix it. do we have to edit the "inode" directly??
Having two types on one file I believe should *never* happen but -- it has.
Should be one ":boot_t:" or the other ":home_root_t:" but never
*both*!
I think I know how it happened -- but that's not the issue right now --
how do you fix it??
The security of selinux normaly is designed to prevent adhoc changes --- so
this is why it is difficult... but with root password their would be a
solution somehow.
Thx
Roger Salisbury
Below is the setfiles display:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /boot/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /boot (system_u:object_r:home_root_t:s0 and
system_u:object_r:boot_t:s0).
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /boot/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /boot/lost\+found.
setfiles: labeling files under /boot
setfiles: labeling files under /boot
matchpathcon_filespec_eval: hash table stats: 28 elements, 28/65536 buckets
used, longest chain length 1
setfiles: Done.
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This looks like selinux
is confused and thinks you have a homedirectory
under /boot? Or someone added a context for /boot as home_root_t.
is there an entry in /etc/passwd with a homedir of /boot in the path?
grep /boot /etc/selinux/targeted/contexts/files/*
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHVCjYrlYvE4MpobMRAiu6AKDIFAL2HPrWHG5c9ddNbd3aYX3HDwCgwSZC
FX8YhLW0aRFlO60gSchwDZg=
=Kf2p
-----END PGP SIGNATURE-----
5986
days inactive
5991
days old
selinux@lists.fedoraproject.org
1 comments
2 participants
participants (2)
-
Daniel J Walsh -
Roger Salisbury