files without SE Linux labels on a default install - no Anaconda labeling

Ronny Buchmann ronny-vlug at vlugnet.org
Mon May 16 16:49:49 UTC 2005


On Monday 16 May 2005 16:11, Russell Coker wrote:
> On an SE Linux system barring file system corruption and quota issues every
> file on a regular file system (Ext3 etc) should have a SE Linux label.
>
> As a test I did a default install of FC4T3 in the "Personal Workstation"
> configuration and checked this.  Below is the relevant output from setfiles
> -v when relabelling the root file system.
This was after the first start I assume (= at the second reboot)?

> setfiles:  relabeling /usr/share/apps/ksplash from system_u:object_r:file_t
> to system_u:object_r:usr_t
> setfiles:  relabeling /usr/share/apps/ksplash/Themes from
> system_u:object_r:file_t to system_u:object_r:usr_t
owned by kdebase

> setfiles:  relabeling /usr/share/anaconda from system_u:object_r:file_t to
> system_u:object_r:usr_t
> setfiles:  relabeling /usr/share/anaconda/pixmaps from
> system_u:object_r:file_t to system_u:object_r:usr_t
> setfiles:  relabeling /usr/lib/anaconda-runtime from
> system_u:object_r:file_t to system_u:object_r:lib_t
> setfiles:  relabeling /usr/lib/anaconda-runtime/boot from
> system_u:object_r:file_t to system_u:object_r:lib_t
owned by anaconda, anaconda-runtime

rpm issue?

> setfiles:  relabeling /usr/X11R6/lib/X11/locale/pt_BR.UTF-8 from
> system_u:object_r:file_t to system_u:object_r:lib_t
should be owned by xorg-x11-libs

> setfiles:  relabeling /root/install.log from system_u:object_r:file_t to
> root:object_r:user_home_t
> setfiles:  relabeling /root/install.log.syslog from
> system_u:object_r:file_t to root:object_r:user_home_t
this is from anaconda

> setfiles:  relabeling /etc/ssh/ssh_host_key from
> system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
> setfiles:  relabeling /etc/ssh/ssh_host_rsa_key from 
> system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
> setfiles:  relabeling /etc/ssh/ssh_host_dsa_key from
> system_u:object_r:etc_runtime_t to system_u:object_r:sshd_key_t
these are generated on first start of sshd

> setfiles:  relabeling /etc/asound.conf from system_u:object_r:etc_runtime_t 
to system_u:object_r:etc_t
kudzu or firstboot?

> setfiles:  relabeling /etc/shadow from system_u:object_r:etc_t to 
system_u:object_r:shadow_t
> setfiles:  relabeling /etc/gshadow- from system_u:object_r:etc_t to 
system_u:object_r:shadow_t
anaconda

> setfiles:  relabeling /etc/cups/cupsd.conf from 
system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
> setfiles:  relabeling /etc/cups/printers.conf from 
system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
> setfiles:  relabeling /etc/cups/cupsd.conf.save from 
system_u:object_r:cupsd_etc_t to system_u:object_r:cupsd_rw_etc_t
?

> setfiles:  relabeling /etc/aliases.db from system_u:object_r:etc_t to 
system_u:object_r:etc_aliases_t
sendmail init script?

> setfiles:  relabeling /etc/shadow- from system_u:object_r:etc_t to 
system_u:object_r:shadow_t
> setfiles:  relabeling /etc/gshadow from system_u:object_r:etc_t to 
system_u:object_r:shadow_t
anaconda

> setfiles:  relabeling /etc/.pwd.lock from system_u:object_r:etc_t to 
system_u:object_r:shadow_t
?
> setfiles:  relabeling /etc/dhclient-eth0.conf from 
system_u:object_r:etc_runtime_t to system_u:object_r:dhcp_etc_t
anaconda?
> setfiles:  relabeling /etc/sysconfig/mouse from 
system_u:object_r:etc_runtime_t to system_u:object_r:etc_t
anaconda?

> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.dep from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.ieee1394map 
from system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.usbmap from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.inputmap from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.isapnpmap from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.symbols from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.ccwmap from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.alias from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /lib/modules/2.6.11-1.1286_FC4/modules.pcimap from 
system_u:object_r:modules_object_t to system_u:object_r:modules_dep_t
> setfiles:  relabeling /home/rjc from system_u:object_r:home_root_t to 
user_u:object_r:user_home_dir_t
firstboot?

> setfiles:  relabeling /var/run/sm-client.pid from 
system_u:object_r:initrc_var_run_t to system_u:object_r:sendmail_var_run_t
sendmail init script

> setfiles:  relabeling /var/log/lastlog from system_u:object_r:var_log_t to 
system_u:object_r:lastlog_t
> setfiles:  relabeling /var/log/btmp from system_u:object_r:var_log_t to 
system_u:object_r:faillog_t
initscripts?

> setfiles:  relabeling /var/log/mail from system_u:object_r:var_log_t to 
system_u:object_r:sendmail_log_t
should be owned by some package (i.e. sendmail)

-- 
http://LinuxWiki.org/RonnyBuchmann




More information about the fedora-devel-list mailing list