Daniel J Walsh wrote:
Steve Brueckner wrote:
> Daniel J Walsh wrote:
>> Steve Brueckner wrote:
>>> I have a file
>>> /etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc
>>> that contains the following line only:
>>>
>>> /tspi/usr/local/bin/dillo -- system_u:object_r:tspi_dillo_exec_t
>>>
>>> When I do # make reload and then # make relabel the system
>>> correctly labels the file and adds the above line to the master
>>> file_contexts file.
>>>
>>> However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
>>> the file's type reverts to default_t
>>>
>>> Any ideas on why this is happening?
>>>
>> I take it you have a domains/program/tspi_dillo.te file?
>>
>> grep dillo /etc/selinux/targeted/context/files/*
>>
> Yes, I have
> /etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
> which declares the tspi_dillo_exec_t.
>
> However, I think your grep showed me where the problem lies. There
> are two file_contexts files:
> /etc/selinux/targeted/src/policy/file_contexts/file_contexts
> /etc/selinux/targeted/context/files/file_contexts
>
> And a diff shows that the former has the context for dillo and the
> latter does not. I was apparently mistaken earlier when I said that
> the "master" file_contexts file contains the line in question.
>
> So my question now becomes how does the former get updated? I've
> done make reload and make relabel but it seems that neither is
> updating /etc/selinux/targeted/context/files/file_contexts.
>
That is strange. Make reload should have copied the your
file_context over.
Try make -W users load
See if the file_context gets replaced. Any chance of clock skew on
your machine.
Fooling make into thinking users had been updated did the trick, thanks. My
clock, logs, and file times all look fine, so I don't think clock skew is
the problem.
I am, however, running (last week's) rawhide SELinux and rawhide kernel on
an othewise FC3 install, so maybe there's something not meshing in there.
Am I correct in thinking that the rawhide SELinux packages are currently
being written and tested on FC4?
Anyway, I appreciate the assist.
- Steve Brueckner, ATC-NY