Improper labelling on creation.
Erinn Looney-Triggs
erinn.looneytriggs at gmail.com
Fri May 8 23:59:45 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I have a passenger app that is installed on the system. I have the
following in file_contexts.local:
/var/www/foo/releases/.*/tmp(/.*)?
unconfined_u:object_r:httpd_sys_rw_content_t:s0
However, on creating the tmp directory:
releases $ sudo mkdir -p foo/tmp/
releases $ cd foo/
foo $ ls -lZ
drwxr-sr-x. root developers
unconfined_u:object_r:httpd_sys_content_t:s0 tmp
But matchpathcon returns the right label:
matchpathcon tmp/
tmp unconfined_u:object_r:httpd_sys_rw_content_t:s0
And a restorecon sets it properly to rw.
So, umm, what is the deal here? There is something I am missing for
sure. This is on RHEL 7.1 with the latest and greatest everything.
Oddly I think, but am not sure, that this wasn't a problem with 7.0.
Thoughts? Thanks.
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVTU3sAAoJEFg7BmJL2iPOdSQH/jdMxAyv/TdAN7UMZ0/TwClM
tpWJJavK5lVsHdtI/XP271yHbCFReCf3d9YZ0zUcoI+Njsw5epFVzcVVQy9xDnaU
Ql6d6TZFc+d/57MmAjCq0OzGpor30qS7Np0cLTUHmhEl8mVJZ0LJ7OREgpFLEKyH
DKTJO6g01IqGPOjHvSF8naAPLTXQaHafsZHrpVZclhvcoU/RVsWdX+hNtNfwlgY1
Vd7bh5u2fR0cNtajQ12Y2/mLUZjM8nTWUvkviFExKv67IfVrtk+2Zsmb6OPaSOQc
y4dfl3F5D9CsFaUOGXKr8ZHNjRlrilJ/C0NsvgqKF/rTw3BassYoxDJQ3cHTsEg=
=qFFD
-----END PGP SIGNATURE-----
More information about the selinux
mailing list