File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be deleted
Jayson Hurst
swazup at hotmail.com
Tue Feb 11 21:05:09 UTC 2014
I don't think its is inheriting its file context from the parent directory. There is an explicit entry in the /etc/selinux/targeted/contexts/files/file_contexts for
/var/opt/quest/vas/vasd(/.*)?
So if I want to set my own file context on this directory via a SELinux module I cannot because it fails to install. How do I manage this problem for others who wish to install the module?
> Date: Tue, 11 Feb 2014 09:36:03 -0500
> From: dwalsh at redhat.com
> To: swazup at hotmail.com; selinux at lists.fedoraproject.org
> Subject: Re: File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot be deleted
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/10/2014 08:42 PM, Jayson Hurst wrote:
> > I am trying to create a policy for vasd but I cannot set my own fcontext
> > for /var/opt/quest/vas/vasd(/.*)? because I get the following error:
> >
> > /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
> > specifications for /var/opt/quest/vas/vasd(/.*)?
> > (system_u:object_r:qasd_var_auth_t:s0 and system_u:object_r:var_auth_t:s0)
> >
> > When I attempt to delete the file context I get:
> >
> > $ semanage fcontext -d "/var/opt/quest/vas/vasd(/.*)?" /usr/sbin/semanage:
> > File context for /var/opt/quest/vas/vasd(/.*)? is defined in policy, cannot
> > be deleted
> >
> > I don't know who or what has already installed this file context, but I am
> > not able to work around it and it is causing problems with my module who is
> > the true owner of the file directory in question.
> >
> > Is there was way to find out how this file context was created and by what?
> > Also how do I remove it so I can define the directories file context
> > correctly?
> >
> >
> > -- selinux mailing list selinux at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> >
> You could modify it, or work with Fedora/upstream to get your policy in.
> Basically this directory needs to be written to by login programs so we
> labeled it var_auth_t.
>
> I think
>
> semanage fcontext -m -t qasd_var_auth_t "/var/opt/quest/vas/vasd(/.*)?"
> Would work.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlL6NVMACgkQrlYvE4MpobNVzwCgk7wCVkGNCrtcxH+TjgBpeIFH
> tF4AnjXQWMGVGGgzKCWxPM2QQX12+woW
> =L+/4
> -----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20140211/11df94c4/attachment.html>
More information about the selinux
mailing list