unlabeled_t types for files
Anamitra Dutta Majumdar (anmajumd)
anmajumd at cisco.com
Thu Oct 18 19:49:54 UTC 2012
Hi Stephen,
Alternatively can we set the filesystem type to start with? So that the
initial label is not
unlabeled_t. If so where can we do this?
Thanks,
Anamitra
On 10/18/12 12:44 PM, "Stephen Smalley" <sds at tycho.nsa.gov> wrote:
>On 10/18/2012 03:36 PM, Anamitra Dutta Majumdar (anmajumd) wrote:
>> Hi Stephen,
>>
>> In the dmesg output we see the following selinux messages.
>>
><snip>
>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
>> SELinux: initialized (dev dbcfs, type dbcfs), uses mountpoint labeling
>
>I assume that dbcfs is the relevant filesystem? So you are using
>mountpoint labeling, i.e. passing context= to the mount command with a
>specific security context to use, and the policy doesn't know anything
>about this filesystem type. So its initial label is unlabeled_t, and by
>passing a context= option, you are triggering a relabelfrom check to see
>if the mount program is authorized to set the context. You can just
>allow it in your policy. Should have been present even in RHEL5, I think.
>
>
More information about the selinux
mailing list