[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

file contexts change on reboot

From: "Johnson, Richard" <Richard Johnson stratus com>
To: <fedora-selinux-list redhat com>
Subject: file contexts change on reboot
Date: Wed, 13 Aug 2008 15:06:20 -0400

I'm not sure, but I think I'm hitting a precedence issue which is
causing files to be relabeled on boot.  The symptom is:

root lstlinux57 13:32:21 ~> restorecon -R /var/opt/ft/log
root lstlinux57 13:32:28 ~> ls -lZ
/var/opt/ft/log/libft_sra_alarm_server.log 
-rw-------  root root system_u:object_r:lsb-ft-asn_rw_t
/var/opt/ft/log/libft_sra_alarm_server.log
root lstlinux57 13:32:36 ~> init 6
root lstlinux57 13:32:40 ~> logout

Connection to 134.111.82.122 closed.
bash-3.1$ ssh 134.111.82.122 -l root
root 134 111 82 122's password: 
Last login: Wed Aug 13 13:08:02 2008 from rjlinux2.mno.stratus.com
root lstlinux57 13:39:22 ~> ls -lZ
/var/opt/ft/log/libft_sra_alarm_server.log 
-rw-------  root root system_u:object_r:var_log_t
/var/opt/ft/log/libft_sra_alarm_server.log
root lstlinux57 13:39:24 ~> restorecon -R /var/opt/ft/log
root lstlinux57 13:39:45 ~> ls -lZ
/var/opt/ft/log/libft_sra_alarm_server.log 
-rw-------  root root system_u:object_r:lsb-ft-asn_rw_t
/var/opt/ft/log/libft_sra_alarm_server.log


The situation is a standard RHEL5.2 with all errata applied; plus the
following modifications

I have a local policy modification introduced by one rpm:

    /usr/sbin/semanage fcontext -a -t var_log_t -s system_u
'/var/opt/ft/log'

And a separate policy module containing:

    /var/opt/ft/log/libft_.*	--
gen_context(system_u:object_r:lsb-ft-asn_rw_t,s0)

The net result is:

root lstlinux57 14:56:56 ~> semanage fcontext -l | grep '/opt/ft'

/var/opt/ft/asn(/.*)?                      all files
system_u:object_r:lsb-ft-asn_rw_t:s0 
/var/opt/ft/log/libft_.*                   regular file
system_u:object_r:lsb-ft-asn_rw_t:s0 
/opt/ft/sbin/sra_alarm                     regular file
system_u:object_r:lsb-ft-asn_exec_t:s0 
/etc/opt/ft/asn/sra_ppp/ASN_CallHome       regular file
system_u:object_r:lsb-ft-asn_script_t:s0 
/etc/opt/ft/asn/sra_ppp/SetUPCallHome      regular file
system_u:object_r:lsb-ft-asn_script_t:s0 
/var/opt/ft/log                            all files
system_u:object_r:var_log_t:s0 
/var/opt/ft/log/snmpd\.log                 all files
system_u:object_r:snmpd_log_t:s0

I suspect that the problem lies with the ordering of those
'/var/opt/ft/log' lines.  Am I on the right track?  How can I sort
things out?

Thx,
--rich

Follow-Ups:
- Re: file contexts change on reboot
  - From: Daniel J Walsh
- RE: file contexts change on reboot
  - From: Johnson, Richard

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]