[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: SELinux and RPM verification
- From: Stephen Smalley <sds tycho nsa gov>
- To: Göran Uddeborg <goeran uddeborg se>
- Cc: fedora-selinux-list redhat com
- Subject: Re: SELinux and RPM verification
- Date: Thu, 09 Jun 2005 16:11:40 -0400
On Thu, 2005-06-09 at 21:51 +0200, Göran Uddeborg wrote:
> Some days ago it was explained here that RPM packages do not include
> the context information for the files it contains. Rather it sets
> context according to the current policy.
>
> Occasionally "rpm --verify" puts a "C" in the list of attribute
> checks:
>
> ........C c /root/.bash_logout
>
> That bit isn't documented in the manual page for RPM. My assumption
> was that it meant that the context differed from what the package
> said.
>
> But if the package doesn't say what the context should be, then what
> does it mean?
It means that the context stored in the file's extended attribute on
disk is inconsistent with the file_contexts configuration. To fix,
run /sbin/restorecon on the file(s) in question.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]