Inconsistent behavior with semanage

asked 2012-12-15 17:38:32 -0600

DJon
146 ●4 ●8 ●14

updated 2012-12-17 08:15:50 -0600

Why is that if I use "chcon -t slapd_db_t file" to change the type context of a file, it reverts with "restorecon file", but if I use "chcon -u system_u" to change the user context, restorecon has no effect.

When I try to use semanage to set the user context permanently, e.g.,

semanage fcontext -m -s system_u file;
restorecon -R -v file

it has no effect at all. But if I use chcon to do it, the user context is changed, and the change is persistent.

I expect this kind of "i before e except after c" stuff in spoken languages that evolved over thousands of years, but not in software where every aspect has been deliberately engineered. Am I missing something here?

edit retag flag offensive close merge delete

add a comment

answered 2013-02-07 08:23:11 -0600

Dan Walsh

351 ●5 ●10 ●9

updated 2013-02-07 08:27:39 -0600

restorecon does not effect User component of the SELinux context unless you specify the -f flag.

semanage fcontext -m -t TYPE file

is the proper command, it is really used to set the file type not the file SELinux user. I am surprised the semanage command you specified even works. I would bet the -s command is ignored.

BTW SELinux user component on file is totally ignored by SELinux as far as enforcement of rules. The Type field is the important field.

On Fedora 18 this would give you an error.

semanage fcontext -a -s system_u /dan

/sbin/semanage: SELinux Type is required

edit flag offensive delete link

add a comment

Inconsistent behavior with semanage

1 Answer

Question Tools

Stats

Related questions

Inconsistent behavior with semanage edit

1 Answer

Question Tools

Stats

Related questions

Inconsistent behavior with semanage