FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 11-28-2007, 02:12 AM
"Roger Salisbury"
 
Default selinux out smarted itself. "Multiple different specifications" One FILE But two types labled ------------- (system_u:object_r:home_root_t:s0 and system_u:object_r:boot_t:s0).

----------- a
challenge for selinux------------

Hi fellow selinux uses ...

How
can you fix labeling when the* selinux tools don't allow you
to.

Selinux commands complain & refuse to work.

Tradition
selinux commands don't work. IE chcon, restorecon ,
fixfiles,

setfiles* etc..I Need an *expert* here,
..........

PROBLEM is :

my /boot directory has
:

:boot_t:

and

:home_root_t:

.......... together
labled --- see below.

and I can't fix it.* do we have to edit the
"inode" directly??

Having two types on one file I believe should *never*
happen but -- it has.

Should be one* ":boot_t:"* or the other
":home_root_t:"* but never *both*!

I think I know how it happened --
but that's not the issue right now --
how do you fix it??
The security of
selinux normaly is designed to prevent adhoc changes --- so
this is why it
is difficult... but with root password their would be a
solution
somehow.

Thx
Roger Salisbury


Below is the setfiles
display:


/etc/selinux/targeted/contexts/files/file_contexts: Multiple
same

specifications for
/boot/lost+found/.*.

/etc/selinux/targeted/contexts/files/file_contexts:
Multiple different

specifications for /boot*
(system_ubject_r:home_root_t:s0
and

system_ubject_r:boot_t:s0).

/etc/selinux/targeted/contexts/files/file_contexts:
Multiple same

specifications for
/boot/.journal.

/etc/selinux/targeted/contexts/files/file_contexts:
Multiple same

specifications for /boot/lost+found.

setfiles:
labeling files under /boot

setfiles:* labeling files under
/boot

matchpathcon_filespec_eval:* hash table stats: 28 elements,
28/65536 buckets

used, longest chain length 1

setfiles:*
Done.

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 12-03-2007, 03:03 PM
Daniel J Walsh
 
Default selinux out smarted itself. "Multiple different specifications" One FILE But two types labled ------------- (system_u:object_r:home_root_t:s0 and system_u:object_r:boot_t:s0).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Roger Salisbury wrote:
> ----------- a challenge for selinux------------
>
> Hi fellow selinux uses ...
>
> How can you fix labeling when the selinux tools don't allow you to.
>
> Selinux commands complain & refuse to work.
>
> Tradition selinux commands don't work. IE chcon, restorecon , fixfiles,
>
> setfiles etc..I Need an *expert* here, ..........
>
> PROBLEM is :
>
> my /boot directory has :
>
> :boot_t:
>
> and
>
> :home_root_t:
>
> .......... together labled --- see below.
>
> and I can't fix it. do we have to edit the "inode" directly??
>
> Having two types on one file I believe should *never* happen but -- it has.
>
> Should be one ":boot_t:" or the other ":home_root_t:" but never *both*!
>
> I think I know how it happened -- but that's not the issue right now --
> how do you fix it??
> The security of selinux normaly is designed to prevent adhoc changes --- so
> this is why it is difficult... but with root password their would be a
> solution somehow.
>
> Thx
> Roger Salisbury
>
>
> Below is the setfiles display:
>
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
>
> specifications for /boot/lost+found/.*.
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple different
>
> specifications for /boot (system_ubject_r:home_root_t:s0 and
>
> system_ubject_r:boot_t:s0).
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
>
> specifications for /boot/.journal.
>
> /etc/selinux/targeted/contexts/files/file_contexts: Multiple same
>
> specifications for /boot/lost+found.
>
> setfiles: labeling files under /boot
>
> setfiles: labeling files under /boot
>
> matchpathcon_filespec_eval: hash table stats: 28 elements, 28/65536 buckets
>
> used, longest chain length 1
>
> setfiles: Done.
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
This looks like selinux is confused and thinks you have a homedirectory
under /boot? Or someone added a context for /boot as home_root_t.

is there an entry in /etc/passwd with a homedir of /boot in the path?

grep /boot /etc/selinux/targeted/contexts/files/*


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFHVCjYrlYvE4MpobMRAiu6AKDIFAL2HPrWHG5c9ddNbd 3aYX3HDwCgwSZC
FX8YhLW0aRFlO60gSchwDZg=
=Kf2p
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 05:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org