On Tue, Dec 08, 2009 at 01:27:34PM -0500, Michael Madore wrote:
Hi,
I have been reading through the Fedora 12 selinux documentation:
http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/
In section 5.10.1 (Copying Files and Directories), the following
example is used to demonstrate changing the context of a file when
copying:
$ touch file1
$ cp -Z system_u:object_r:samba_share_t:s0 file1 file2
$ ls -Z file1 file2
-rw-rw-r-- user1 group1 unconfined_u:object_r:user_home_t:s0 file1
-rw-rw-r-- user1 group1 system_u:object_r:samba_share_t:s0 file2
However, when I try this on my Fedora 12 system i get the following:
ls -Z file1 file2
-rw-rw-r--. mmadore mmadore unconfined_u:object_r:user_home_t:s0 file1
-rw-rw-r--. mmadore mmadore unconfined_u:object_r:user_home_t:s0 file2
On CentOS 5.4 and Fedora 11, I see the documented behaviour. Is this
a bug, or am I doing something wrong?
I think this is due to restorecond -u running in f12. Restorecond -u checks files in the
home directory of a user and resets any files context that does not match the system wide
context specification.
[root@localhost Desktop]# cd /
[root@localhost /]# touch file1
[root@localhost /]# cp -Z system_u:object_r:samba_share_t:s0 file1 file2
[root@localhost /]# ls -Z file1 file2
-rw-r--r--. root root staff_u:object_r:etc_runtime_t:s0 file1
-rw-r--r--. root root system_u:object_r:samba_share_t:s0 file2
so the file does actually gets copied with the specified context, but restorecond -u
immeditiatly notices a file with a "wrong" context in your home dir and resets
it to the default context specified for files in your home dir.
It should work if you try it in runlevel 3 or if you try like my example above in a
location other then $home.
Thanks
Mike Madore
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list