Root user unable to change type

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/10/2013 12:36 PM, Eric Chennells wrote:
> Hello,
> 
> I must be missing something in my understanding of selinux but I'm having 
> problem where the root user can not change the selinux type of a directory.
> I am running in targeted mode.
> 
> I was experimenting and changed the type of /tmp/bah to "unconfined_t".   I
> am now unable to either delete the directory or to change the type back to
> "tmp_t "
> 
> chcon -R -t tmp_t /tmp/bah/
> 
> Results in:
> 
> chcon: failed to change context of `/tmp/bah/' to 
> `unconfined_u:object_r:tmp_t:s0': Permission denied
> 
> Audit2allow is suggesting "allow unconfined_t self:dir relabelfrom;"  but
> I don't want to apply that because it seems that would allow all
> unconfined files/processes to relabel themselves, is that correct?
> 
> Thanks for any tips.
> 
> Eric
> 
> 
> Notice of Confidentiality: The information transmitted is intended only for
> the person or entity to which it is addressed and may contain confidential
> and/or privileged material. Any review, re-transmission, dissemination or
> other use of or taking of any action in reliance upon this information by
> persons or entities other than the intended recipient is prohibited. If you
> received this in error please contact the sender immediately by return
> electronic transmission and then immediately delete this transmission
> including all attachments without copying, distributing or disclosing the
> same.
> 
> 
> -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 


I had written a blog on this previously.

http://danwalsh.livejournal.com/54803.html


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlHd1xEACgkQrlYvE4MpobPVVACg0AqFoNGCnnoqSSEfJeCL1K8A
9MMAn1/gxYBYVbEW7KVBV0txHxz7sIwj
=ASei
-----END PGP SIGNATURE-----