File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be deleted
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 11 14:36:03 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 02/10/2014 08:42 PM, Jayson Hurst wrote:
> I am trying to create a policy for vasd but I cannot set my own fcontext
> for /var/opt/quest/vas/vasd(/.*)? because I get the following error:
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
> specifications for /var/opt/quest/vas/vasd(/.*)?
> (system_u:object_r:qasd_var_auth_t:s0 and system_u:object_r:var_auth_t:s0)
>
> When I attempt to delete the file context I get:
>
> $ semanage fcontext -d "/var/opt/quest/vas/vasd(/.*)?" /usr/sbin/semanage:
> File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot
> be deleted
>
> I don't know who or what has already installed this file context, but I am
> not able to work around it and it is causing problems with my module who is
> the true owner of the file directory in question.
>
> Is there was way to find out how this file context was created and by what?
> Also how do I remove it so I can define the directories file context
> correctly?
>
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
You could modify it, or work with Fedora/upstream to get your policy in.
Basically this directory needs to be written to by login programs so we
labeled it var_auth_t.
I think
semanage fcontext -m -t qasd_var_auth_t "/var/opt/quest/vas/vasd(/.*)?"
Would work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlL6NVMACgkQrlYvE4MpobNVzwCgk7wCVkGNCrtcxH+TjgBpeIFH
tF4AnjXQWMGVGGgzKCWxPM2QQX12+woW
=L+/4
-----END PGP SIGNATURE-----
More information about the selinux
mailing list