[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: selinux-policy-targeted

Hash: SHA1

Michal Schmidt wrote:
> On Thu, 13 Mar 2008 11:46:58 -0600
> "Nathanael D. Noblet" <nathanael gnat ca> wrote:
>> Hello,
>>    I have a machine with F8, selinux-policy-targeted 
>> enforcing=permissive. Lots of things I do tend to throw this message 
>> into the console. I've tried auto relabeling, restorecon etc. I've 
>> removed the targeted policy and re-installed it. I searched bugzilla
>> but found no one else with this issue. I'm not sure if it is the
>> policy or just me. In any case I get the following in my console
>> often, and while running many programs such as yum.
>> /etc/selinux/targeted/contexts/files/file_contexts: Multiple
>> different specifications for /opt  (system_u:object_r:home_root_t:s0
>> and system_u:object_r:usr_t:s0).
>> Ideas why that is the case?
> /opt is normally usr_t. I don't why you have home_root_t there.
> Have you played with semanage(8) ?
> restorecon used the information in /etc/.../file_contexts. Your
> file_contexts apparently contains contradictory declarations for /opt.
> Michal
grep /opt /etc/selinux/targeted/context/files/files_context

I would guess this is happening for one of two reasons.

One you have a service account in /etc/passwd or NIS which has a homedir
in /opt.  SELinux has mistakenly seen this as a login account, because
the account has a UID > 500 and a valid shell.  If you change the shell
to /sbin/nologin or /bin/false and run genhomedircon, the duplicate file
context will go away.

The second way this could happen is you or some application/rpm added a
file context via semanage  that matches a definition from the base.

You can use semanage fcontext -d FILECONTEXT to remove the file context
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]