Root user unable to change type
Daniel J Walsh
dwalsh at redhat.com
Wed Jul 10 21:50:10 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/10/2013 12:36 PM, Eric Chennells wrote:
> Hello,
>
> I must be missing something in my understanding of selinux but I'm having
> problem where the root user can not change the selinux type of a directory.
> I am running in targeted mode.
>
> I was experimenting and changed the type of /tmp/bah to "unconfined_t". I
> am now unable to either delete the directory or to change the type back to
> "tmp_t "
>
> chcon -R -t tmp_t /tmp/bah/
>
> Results in:
>
> chcon: failed to change context of `/tmp/bah/' to
> `unconfined_u:object_r:tmp_t:s0': Permission denied
>
> Audit2allow is suggesting "allow unconfined_t self:dir relabelfrom;" but
> I don't want to apply that because it seems that would allow all
> unconfined files/processes to relabel themselves, is that correct?
>
> Thanks for any tips.
>
> Eric
>
>
> Notice of Confidentiality: The information transmitted is intended only for
> the person or entity to which it is addressed and may contain confidential
> and/or privileged material. Any review, re-transmission, dissemination or
> other use of or taking of any action in reliance upon this information by
> persons or entities other than the intended recipient is prohibited. If you
> received this in error please contact the sender immediately by return
> electronic transmission and then immediately delete this transmission
> including all attachments without copying, distributing or disclosing the
> same.
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
I had written a blog on this previously.
http://danwalsh.livejournal.com/54803.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHd1xEACgkQrlYvE4MpobPVVACg0AqFoNGCnnoqSSEfJeCL1K8A
9MMAn1/gxYBYVbEW7KVBV0txHxz7sIwj
=ASei
-----END PGP SIGNATURE-----
More information about the selinux
mailing list