Backing out of changes to file contexts specification

Daniel J Walsh dwalsh at redhat.com
Mon Apr 23 15:25:40 UTC 2007 

Al Pacifico wrote:
>
> On 4/23/07, *Daniel J Walsh* <dwalsh at redhat.com 
> <mailto:dwalsh at redhat.com>> wrote:
>
>     Al Pacifico wrote:
>     > This is related to the daemon question I asked earlier.
>     >
>     > I created a problem using policygentool by specifying that a log
>     file
>     > is written to by two different binaries with different policies. My
>     > thread about "Helper program for a daemon" provides some context (no
>     > pun intended).
>     >
>     > I didn't realize that installing the policy would change the file
>     > context specification database (although it makes perfect sense in
>     > retrospect). Now, I've inadvertently specified that
>     > /var/log/slimserver be labelled under two different contexts in
>     > /etc/selinux/targeted/contexts/files/file_contexts and wish to
>     remove
>     > the second set of entries.
>     >
>     > Output of setfiles -n
>     > /etc/selinux/targeted/contexts/files/file_contexts $filename
>     includes
>     > several messages of the form:
>     >
>     > /etc/selinux/targeted/contexts/files/file_contexts: Multiple
>     different
>     > specifications for /var/log/slimserver
>     > (system_u:object_r:slimserver_scanner_var_log_t and
>     > system_u:object_r:slimserver_var_log_t).
>     >
>     > My policy module didn't install correctly because of this error,
>     but
>     > the file contexts specification is now incorrect. What is the
>     best way
>     > to correct this?
>     > 1. Just use sed or vi to eliminate the second specification?
>     > 2.Remove both installed policies that I wrote (which are the only
>     > non-stock policy modules installed on my FC5 box) using semodule and
>     > restore /etc/selinux/targeted/contexts/files/file_contexts from the
>     > rpm package file?
>     >
>     > Keep in mind I'm doing this over ssh to a box with no GUI, so I
>     must
>     > use the command line, vi, etc.
>     semanage fcontext -d /var/log/slimserver
>
>
> If I reboot, does the file 
> /etc/selinux/targeted/contexts/files/file_contexts get automatically 
> rewritten? If so, where does the information that it's filled with 
> come from and what process rewrites it?
>  
No, Only time these files get modified is by the semanage or semodule 
command.  (rpm installations, often execute these commands. )  All the 
data used to build this file is in /etc/selinux/targeted/modules/active/

>
>     > -al
>     > --
>     > Al Pacifico
>     > Seattle, WA
>     >
>     ------------------------------------------------------------------------
>
>     >
>     > --
>     > fedora-selinux-list mailing list
>     > fedora-selinux-list at redhat.com
>     <mailto:fedora-selinux-list at redhat.com>
>     > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
>
>
>
> -- 
> Al Pacifico
> Seattle, WA

More information about the fedora-selinux-list mailing list