make relabel > restorecon

Richard Hally rhally at mindspring.com
Tue May 3 15:58:23 UTC 2005 

Steve Brueckner wrote:

>Daniel J Walsh wrote:
>  
>
>>Steve Brueckner wrote:
>>    
>>
>>>Daniel J Walsh wrote:
>>>      
>>>
>>>>Steve Brueckner wrote:
>>>>        
>>>>
>>>>>I have a file
>>>>>/etc/selinux/targeted/src/policy/file_contexts/programs/tspi_dillo.fc
>>>>>that contains the following line only:
>>>>>
>>>>>/tspi/usr/local/bin/dillo	--	system_u:object_r:tspi_dillo_exec_t
>>>>>
>>>>>When I do # make reload and then # make relabel the system
>>>>>correctly labels the file and adds the above line to the master
>>>>>file_contexts file. 
>>>>>
>>>>>However, if I then run # /sbin/restorecon /tspi/usr/local/bin/dillo
>>>>>the file's type reverts to default_t
>>>>>
>>>>>Any ideas on why this is happening?
>>>>>
>>>>>          
>>>>>
>>>>I take it you have a domains/program/tspi_dillo.te file?
>>>>
>>>>grep dillo /etc/selinux/targeted/context/files/*
>>>>
>>>>        
>>>>
>>>Yes, I have
>>>/etc/selinux/targeted/src/policy/domains/program/tspi_dillo.te
>>>which declares the tspi_dillo_exec_t.
>>>
>>>However, I think your grep showed me where the problem lies.  There
>>>are two file_contexts files:
>>>/etc/selinux/targeted/src/policy/file_contexts/file_contexts
>>>/etc/selinux/targeted/context/files/file_contexts 
>>>
>>>And a diff shows that the former has the context for dillo and the
>>>latter does not.  I was apparently mistaken earlier when I said that
>>>the "master" file_contexts file contains the line in question.
>>>
>>>So my question now becomes how does the former get updated?  I've
>>>done make reload and make relabel but it seems that neither is
>>>updating /etc/selinux/targeted/context/files/file_contexts.
>>>
>>>      
>>>
>>That is strange.  Make reload should have copied the your
>>file_context over. 
>>
>>Try make -W users load
>>See if the file_context gets replaced.  Any chance of clock skew on
>>your machine.
>>    
>>
>
>Fooling make into thinking users had been updated did the trick, thanks.  My
>clock, logs, and file times all look fine, so I don't think clock skew is
>the problem.
>
>I am, however, running (last week's) rawhide SELinux and rawhide kernel on
>an othewise FC3 install, so maybe there's something not meshing in there.
>Am I correct in thinking that the rawhide SELinux packages are currently
>being written and tested on FC4?
>
>Anyway, I appreciate the assist.
>
> - Steve Brueckner, ATC-NY
>
>--
>fedora-selinux-list mailing list
>fedora-selinux-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>  
>
Wasn't there a change a while back(3-4 weeks) to the make file that 
requires 'make install' to update the file_contexts? I've been using 
'make clean install reload' to do a complete update from source policy.

Richard Hally

More information about the fedora-selinux-list mailing list