Hi,
When doing an ls -lZ, some files show a security context like;
root:object_r:user_home_t:s0
... while some don't.
Does any one know how to remove this context either on a file, dir or file system level?
This would solve my dump/restore issue as even though they work, dump level 9 for example is being treated as a 0 because of the error.
- Brian
Brian Krusic wrote:
Hi,
When doing an ls -lZ, some files show a security context like;
root:object_r:user_home_t:s0
... while some don't.
Does any one know how to remove this context either on a file, dir or file system level?
Why do you want to remove them - if selinux is enforcing (as it should be in an up to date version of Fedora ) then all files should have a context and your best security is when selinux is set up correctly to work with your system. In F10 selinux did have a number of tweaks needed to get it going but in F11 it is likely to need very few tweaks.
On Jul 8, 2009, at 12:19 PM, Mike Cloaked wrote:
Brian Krusic wrote:
Hi,
When doing an ls -lZ, some files show a security context like;
root:object_r:user_home_t:s0
... while some don't.
Does any one know how to remove this context either on a file, dir or file system level?
Why do you want to remove them - if selinux is enforcing (as it should be in an up to date version of Fedora ) then all files should have a context and your best security is when selinux is set up correctly to work with your system. In F10 selinux did have a number of tweaks needed to get it going but in F11 it is likely to need very few tweaks. -- View this message in context: http://www.nabble.com/removing-context-tp24396015p24397663.html Sent from the Fedora SELinux List mailing list archive at Nabble.com.
I'm glad you asked the question.
I have selinux disabled first and foremost.
However the context labels still exist on some files which cause a problem doing dump/restore over NFS.
Let me explain;
While dump/restore works over NFS in general, they don't work with selinux context so I keep getting errors like;
restore: ./etc/ysyconfig/network-scripts/ifcfg-eth0: EA set security.selinux:system_u:object_r:etc_t:s0 failed: Operation not supported.
And while the dump/restore works and the files get copied, this error causes my incremental backs to work as full backups. Also, this muddies my log files which i rely on. Image half the files on the system kicking out this error.
Thanks in advance, - Brian
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Wed, 2009-07-08 at 12:27 -0700, Brian Krusic wrote:
On Jul 8, 2009, at 12:19 PM, Mike Cloaked wrote:
Brian Krusic wrote:
Hi,
When doing an ls -lZ, some files show a security context like;
root:object_r:user_home_t:s0
... while some don't.
Does any one know how to remove this context either on a file, dir or file system level?
Why do you want to remove them - if selinux is enforcing (as it should be in an up to date version of Fedora ) then all files should have a context and your best security is when selinux is set up correctly to work with your system. In F10 selinux did have a number of tweaks needed to get it going but in F11 it is likely to need very few tweaks. -- View this message in context: http://www.nabble.com/removing-context-tp24396015p24397663.html Sent from the Fedora SELinux List mailing list archive at Nabble.com.
I'm glad you asked the question.
I have selinux disabled first and foremost.
However the context labels still exist on some files which cause a problem doing dump/restore over NFS.
Let me explain;
While dump/restore works over NFS in general, they don't work with selinux context so I keep getting errors like;
restore: ./etc/ysyconfig/network-scripts/ifcfg-eth0: EA set security.selinux:system_u:object_r:etc_t:s0 failed: Operation not supported.
And while the dump/restore works and the files get copied, this error causes my incremental backs to work as full backups. Also, this muddies my log files which i rely on. Image half the files on the system kicking out this error.
Thanks in advance,
- Brian
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Have you tried something like
cd / find . -exec setfattr -h -x security.selinux '{}';
I know on an SELinux enabled system this will fail because you can't outright remove the security.selinux xattr but if it falls back to the generic xattr handlers it should be allowed. I'm not sure how the exec directive will handle the -h and -x options so you may have to fiddle with that.
- Dave
Wow and I mean Wow!
Yoda mang!
Basically;
find . -exec setfattr -h -x security.selinux '{}' ;
... worked!!!
The only diff and it may have been email formatting was there needs to be a space between "{}' and ; at the end of the command.
Thanks a lot David!
- Brian
On Jul 8, 2009, at 12:34 PM, David P. Quigley wrote:
On Wed, 2009-07-08 at 12:27 -0700, Brian Krusic wrote:
On Jul 8, 2009, at 12:19 PM, Mike Cloaked wrote:
Brian Krusic wrote:
Hi,
When doing an ls -lZ, some files show a security context like;
root:object_r:user_home_t:s0
... while some don't.
Does any one know how to remove this context either on a file, dir or file system level?
Why do you want to remove them - if selinux is enforcing (as it should be in an up to date version of Fedora ) then all files should have a context and your best security is when selinux is set up correctly to work with your system. In F10 selinux did have a number of tweaks needed to get it going but in F11 it is likely to need very few tweaks. -- View this message in context: http://www.nabble.com/removing-context-tp24396015p24397663.html Sent from the Fedora SELinux List mailing list archive at Nabble.com.
I'm glad you asked the question.
I have selinux disabled first and foremost.
However the context labels still exist on some files which cause a problem doing dump/restore over NFS.
Let me explain;
While dump/restore works over NFS in general, they don't work with selinux context so I keep getting errors like;
restore: ./etc/ysyconfig/network-scripts/ifcfg-eth0: EA set security.selinux:system_u:object_r:etc_t:s0 failed: Operation not supported.
And while the dump/restore works and the files get copied, this error causes my incremental backs to work as full backups. Also, this muddies my log files which i rely on. Image half the files on the system kicking out this error.
Thanks in advance,
- Brian
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Have you tried something like
cd / find . -exec setfattr -h -x security.selinux '{}';
I know on an SELinux enabled system this will fail because you can't outright remove the security.selinux xattr but if it falls back to the generic xattr handlers it should be allowed. I'm not sure how the exec directive will handle the -h and -x options so you may have to fiddle with that.
- Dave
selinux@lists.fedoraproject.org
-
Brian Krusic -
David P. Quigley -
mike cloaked