restorecon vs. setfiles
Gary Peck
gbpeck at sbcglobal.net
Sun Jun 27 00:12:34 UTC 2004
On Fri, Jun 25, 2004 at 01:44:15PM -0400, Stephen Smalley wrote:
> rpm source code appears to be passing the mode as part of the lookup,
> so I don't think that is the issue.
>
> rpm -Uvh --force libselinux*.rpm keeps the correct security context on
> /lib/libselinux.so.1 for me, both on a strict policy machine and a
> targeted policy machine. rpm is 4.3.2-0.4; I haven't updated to -1
> yet.
Could this be an issue with apt? I'm actually using apt-get to install
these packages. When I tried using "rpm -Uvh ..." directly, it seemed to
set the contexts correctly as you say. However, when I did it with
apt-get again, I saw the same problem. Here's some files from the
mozilla package with their correct contexts:
system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libaccessibility.so
system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libaddrbook.so
system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libappcomps.so
system_u:object_r:shlib_t /usr/lib/mozilla-1.7/components/libautoconfig.so
Then I run "apt-get install mozilla", which upgrades mozilla from
1.7-0.3.1 to 1.7-0.3.2. Afterwards, these same files (but from the new
version of mozilla) have the following contexts:
root:object_r:lib_t /usr/lib/mozilla-1.7/components/libaccessibility.so
root:object_r:lib_t /usr/lib/mozilla-1.7/components/libaddrbook.so
root:object_r:lib_t /usr/lib/mozilla-1.7/components/libappcomps.so
root:object_r:lib_t /usr/lib/mozilla-1.7/components/libautoconfig.so
I assumed that apt's behaviour should be the same since it's just using
rpm underneath, but maybe there's extra rpm API calls that need to be
made by apt when it's running on a SELinux system?
This is with apt-0.5.15cnc6-0.fdr.11.2, rpm-4.3.2-0.4.
gary
More information about the fedora-selinux-list
mailing list