Policy not taking effect
Marko Rauhamaa
marko at pacujo.net
Wed Jun 10 13:52:26 UTC 2015
To learn about selinux, I am trying to create a policy that would assign
the file /etc/xyz the type tuned_log_t.
I have:
===begin xyz.te=========================================================
policy_module(xyz, 1.0.0)
===end xyz.te===========================================================
===begin xyz.fc=========================================================
/etc/xyz -- gen_context(system_u:object_r:tuned_log_t,s0)
===end xyz.fc===========================================================
Then I execute:
# rm -f /etc/xyz
# make -f /usr/share/selinux/devel/Makefile xyz.pp
Compiling targeted xyz module
/usr/bin/checkmodule: loading policy configuration from tmp/xyz.tmp
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 17) to
tmp/xyz.mod
Creating targeted xyz.pp policy package
rm tmp/xyz.mod.fc tmp/xyz.mod
# semodule -i xyz.pp
# touch /etc/xyz
# ls -Z /etc/xyz
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/xyz
# restorecon /etc/xyz
# ls -Z /etc/xyz
-rw-r--r--. root root unconfined_u:object_r:tuned_log_t:s0 /etc/xyz
Why is /etc/xyz not getting the correct type immediately as the policy
would dictate?
Marko
More information about the selinux
mailing list