Seek for help

su heng ste.suheng at gmail.com
Tue Oct 19 13:33:33 UTC 2010 

Hi,

I have two problem want to fix.

Firstly,

[root at localhost tmp]# mkdir test
[root at localhost tmp]# ls -dZ test
drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 test
[root at localhost tmp]# semanage fcontext -a -t samba_share_t
"/tmp/test(/.*)?"
[root at localhost tmp]# restorecon -R -v /tmp/test/
restorecon reset /tmp/test context
unconfined_u:object_r:user_tmp_t:s0->system_u:object_r:samba_share_t:s0
[root at localhost tmp]# ls -dZ test
drwxr-xr-x. root root system_u:object_r:samba_share_t:s0 test
------------------------------------------------------------------
When I tried to delete the type, an error happened. 
[root at localhost tmp]# semanage fcontext -d /tmp/test/
Can't create lock file '/var/cache/abrt/pyhook-1287493825-3446.lock':
Permission denied
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 501, in <module>
    process_args(sys.argv[1:])
  File "/usr/sbin/semanage", line 437, in process_args
    OBJECT.delete(target, ftype)
  File "/usr/lib/python2.6/site-packages/seobject.py", line 1623, in
delete
    self.__delete( target, ftype)
  File "/usr/lib/python2.6/site-packages/seobject.py", line 1594, in
__delete
    if target in self.equiv.keys():
AttributeError: fcontextRecords instance has no attribute 'equiv'


And I have searched from Google, there is a bug has been reported. So I
update it to the latest selinux-policy. The error still. How should I
do?

Secondly,
   I have read the document which resided on fedora site. I have a
question. 
We can change the type or the domain of a file or process which can let
us pass through the check of se-linux. 
And we also can write a policy file to pass through se-linux.

   These two methods are the same destination? If so, which one is
better when we try to use and why? 
If not, Please give me some suggestion about the difference and when we
should to use for them?
   

Thanks & Best Regards,
Su Heng
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/selinux/attachments/20101019/23ac0a69/attachment.html

More information about the selinux mailing list