Ask Your Question

Inconsistent behavior with semanage

asked 2012-12-15 17:38:32 -0500

DJon gravatar image

updated 2012-12-17 08:15:50 -0500

Jomoos gravatar image

Why is that if I use "chcon -t slapd_db_t file" to change the type context of a file, it reverts with "restorecon file", but if I use "chcon -u system_u" to change the user context, restorecon has no effect.

When I try to use semanage to set the user context permanently, e.g.,

semanage fcontext -m -s system_u file;
restorecon -R -v file

it has no effect at all. But if I use chcon to do it, the user context is changed, and the change is persistent.

I expect this kind of "i before e except after c" stuff in spoken languages that evolved over thousands of years, but not in software where every aspect has been deliberately engineered. Am I missing something here?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2013-02-07 08:23:11 -0500

Dan Walsh gravatar image

updated 2013-02-07 08:27:39 -0500

restorecon does not effect User component of the SELinux context unless you specify the -f flag.

semanage fcontext -m -t TYPE file

is the proper command, it is really used to set the file type not the file SELinux user. I am surprised the semanage command you specified even works. I would bet the -s command is ignored.

BTW SELinux user component on file is totally ignored by SELinux as far as enforcement of rules. The Type field is the important field.

On Fedora 18 this would give you an error.

semanage fcontext -a -s system_u /dan

/sbin/semanage: SELinux Type is required

edit flag offensive delete link more

Question Tools


Asked: 2012-12-15 17:38:32 -0500

Seen: 277 times

Last updated: Feb 07 '13