Strange restriction for setfiles_t
Robert Nichols
rnicholsNOSPAM at comcast.net
Tue Jan 6 01:45:38 UTC 2015
I find it odd that a setfiles_t process is allowed to read user_home_t
files but not admin_home_t. So, to use "semanage -i ..." I need to
store the file in a less protected location?
(Or use "cat xxx | semanage -i", of course.)
type=AVC msg=audit(1420507367.059:518): avc: denied { read } for pid=13112
comm="setfiles" path="/root/SElinux/contexts" dev=dm-0 ino=560291
scontext=unconfined_u:unconfined_r:setfiles_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file
selinux-policy-3.7.19-260.el6_6.1.noarch
selinux-policy-targeted-3.7.19-260.el6_6.1.noarch
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the selinux
mailing list