errors with labels after running for a while

[Russell Coker]

On Thu, 11 Mar 2004 06:18, Bill Nottingham <notting at redhat.com> wrote:
> /usr/sbin/setfiles:  relabeling /etc/modules.conf from
> system_u:object_r:etc_t to system_u:object_r:modules_conf_t

This is a problem.  Do you know what might have created that file?

> /usr/sbin/setfiles:  relabeling /etc/auto.master from root:object_r:etc_t
> to system_u:object_r:etc_t /usr/sbin/setfiles:  relabeling

When you re-create a file the identity will match the identity of the creating 
process.  Presumably you edited the file as root:sysadm_r:sysadm_t.  When you 
relabel /etc after running for some time you see all the files you modified 
as root.

> /etc/ptal/ptal-printd-like from system_u:object_r:etc_runtime_t to
> system_u:object_r:etc_t /usr/sbin/setfiles:  relabeling

How is this file created?  Maybe we should put in a file_contexts entry for 
it?  What package(s) use it?

> /etc/hotplug/usb.usermap from system_u:object_r:etc_t to
> system_u:object_r:hotplug_etc_t 

I guess that some script created that file.

/etc/hotplug(/.*)?              system_u:object_r:hotplug_etc_t

I'll change the hotplug.fc file to have the above and the directory will be 
labelled as hotplug_etc_t to solve this.

> /usr/sbin/setfiles:  relabeling /etc/.pwd.lock from
> system_u:object_r:shadow_t to system_u:object_r:etc_t

/etc/\.pwd\.lock        --      system_u:object_r:shadow_t
I'll add the above to types.fc.

> /usr/sbin/setfiles:  relabeling /etc/rndc.key from system_u:object_r:etc_t
> to system_u:object_r:rndc_conf_t make: *** [checklabels] Error 1

This is a serious problem.  How was the rndc.key file created?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page