On Mon, 2005-06-13 at 13:05 +0200, Göran Uddeborg wrote:
There seems to be something more involved, though. When doing
"rpm -Va" I get complaints about a few files. Doing restorecon
doesn't change anything. See below for /etc/idmapd.conf as an
example.
My rpm is from FC3 while SELinux-packages are from FC4 test, in case
this could be a compatibility issue.
I would like to understand what is going on here.
[root@mimmi ~]# rpm -Vf /etc/idmapd.conf
..5....TC c /etc/idmapd.conf
S.5....T. c /var/lib/nfs/etab
S.5....T. c /var/lib/nfs/rmtab
........? /var/lib/nfs/rpc_pipefs
..?...... c /var/lib/nfs/state
..?....T. c /var/lib/nfs/xtab
[root@mimmi ~]# ls -lZ /etc/idmapd.conf
-rw-r--r-- root root root:object_r:etc_t /etc/idmapd.conf
[root@mimmi ~]# /sbin/restorecon /etc/idmapd.conf
[root@mimmi ~]# ls -lZ /etc/idmapd.conf
-rw-r--r-- root root root:object_r:etc_t /etc/idmapd.conf
[root@mimmi ~]# rpm -Vf /etc/idmapd.conf
..5....TC c /etc/idmapd.conf
S.5....T. c /var/lib/nfs/etab
S.5....T. c /var/lib/nfs/rmtab
........? /var/lib/nfs/rpc_pipefs
..?...... c /var/lib/nfs/state
..?....T. c /var/lib/nfs/xtab
[root@mimmi ~]# rpm -qf /etc/idmapd.conf
nfs-utils-1.0.7-6
[root@mimmi ~]# rpm -q rpm selinux-policy-strict-sources selinux-policy-strict
rpm-4.3.2-21
selinux-policy-strict-sources-1.23.16-6
selinux-policy-strict-1.23.16-6
Try restorecon -F.
By default, restorecon ignores differences in the user identity (root
vs. system_u). The initial state is typically system_u (system user),
but if a root-owned process later re-creates the file, then it will end
up with root.
--
Stephen Smalley
National Security Agency