FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

LinkBack Thread Tools
Old 01-08-2012, 10:36 PM
Bennett Haselton
Default filesystem relabeling not working for /tmp after enabling SELinux

Quick version: Anyone know why, if you try to relabel your filesystem
for SELinux, files in /tmp do not get relabeled?

Detailed version:

I have a CentOS 5.7 machine where I am trying to enable SELinux to
improve the machine's security.

I specified "SELINUX=permissive" in /etc/selinux/config and rebooted,
and sestatus reports that it's on:

[root@g6950-21025 tmp]# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: permissive
Policy version: 21
Policy from config file: targeted

But when I try to relabel the filesystem, files in /tmp do not get
relabeled, although files everywhere except /tmp do get relabeled
properly. I relabeled by doing

# genhomedircon
# touch /.autorelabel
# reboot
in accordance with directions at
and the /.autorelabel was deleted after I rebooted (indicating that it
had been processed), and most files were relabeled correctly:

[root@g6950-21025 tmp]# ls -lZ /var/www/html/robots.txt
-rw-rw-rw- root root system_ubject_r:httpd_sys_content_t

However, the ones in /tmp were not:
[root@g6950-21025 tmp]# ls -lZ /tmp/hostname_SKYSLICE.INFO
-rw-r--r-- apache apache system_ubject_r:file_t


(sealert says that any file of type "file_t" means it was not relabeled
properly.) I have a number of CGI scripts that rely on reading and
writing to files in the /tmp directory and SELinux would block most of
them from working because of the labeling problem. (Plus PHP writes to
/tmp so I assume many PHP scripts would have errors as well.)

Any idea why the files in /tmp were not relabeled, and how to fix it?

My only guess is that since I think /tmp is a different partition, maybe
the relabeling relabeled everything on the "/" partition but not on
/tmp? If that's correct, how would I fix it? I tried creating a file
at /tmp/.autorelabel and rebooting, but that didn't work (and the file
did not get deleted, suggesting it wasn't processed at all).

selinux mailing list

Thread Tools

All times are GMT. The time now is 06:43 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org