Hi all,
I just installed a CentOS 5 machine from Kickstart. I configure NSS
and PAM to lookup and authenticate users from LDAP with authconfig. On
my LDAP I also have some automount configuration, but I'm not running
automount on this server. SELinux is installed and enforcing.
Whenever I try to install an RPM (and in other occasions during boot)
I see those messages:
# rpm -Uvh ... .rpm
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost+found.
The RPM installs fine, I guess those are just warnings. (Actually,
/usr/local is practically empty, and there are no lost+found or
.journal there, so I guess those are really innocuous.)
I dug in deeper and I found out that the source of the problem is most
probably in this file:
/etc/selinux/targeted/contexts/files/file_contexts.homedirs
Among its contents are these lines:
/usr/local/[^/]*/.+ user_u
bject_r:user_home_t:s0
/usr/local/[^/]*/.*/plugins/nprhapengine.so.* --
user_u
bject_r:textrel_shlib_t:s0
/usr/local/[^/]*/.*/plugins/libflashplayer.so.* --
user_u
bject_r:textrel_shlib_t:s0
/usr/local/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u
bject_r:httpd_user_content_t:s0
/usr/local/[^/]*/.mozilla(/.*)?/plugins/libflashplayer.so.* --
user_u
bject_r:textrel_shlib_t:s0
/usr/local/[^/]* -d user_u
bject_r:user_home_dir_t:s0
/usr/local/lost+found/.* <<none>>
/usr/local -d system_u
bject_r:home_root_t:s0
/usr/local/.journal <<none>>
/usr/local/lost+found -d system_u
bject_r:lost_found_t:s0
I saw that /home and /root are there, since they are really home
directories. But /usr/local shouldn't be there! And there's a fourth
directory there, which is based on the name of our NFS fileserver:
/colossus/users/[^/]*/.+ user_u
bject_r:user_home_t:s0
/colossus/users/[^/]*/.*/plugins/nprhapengine.so.* --
user_u
bject_r:textrel_shlib_t:s0
/colossus/users/[^/]*/.*/plugins/libflashplayer.so.* --
user_u
bject_r:textrel_shlib_t:s0
/colossus/users/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u
bject_r:httpd_user_content_t:s0
/colossus/users/[^/]*/.mozilla(/.*)?/plugins/libflashplayer.so.*
-- user_u
bject_r:textrel_shlib_t:s0
/colossus/users/[^/]* -d user_u
bject_r:user_home_dir_t:s0
/colossus/users/lost+found/.* <<none>>
/colossus/users -d system_u
bject_r:home_root_t:s0
/colossus/users/.journal <<none>>
/colossus/users/lost+found -d system_u
bject_r:lost_found_t:s0
I tried to edit the file to remove the offending entries, but after I
installed another RPM I saw that the file was regenerated with the
other entries.
So, I would like to know: Where is this coming from? How is this file
being generated? What's the command that generates it? Which command
(semanage?) apart from rpm can I use to reproduce and test the
problem? (In other words, another command that won't install or change
anything on the system but check the integrity of this file.) How can
I tweak or control the way this file is generated?
Thanks a lot!
Filipe
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
SELinux error message on CentOS 5: "multiple same specifications"
