[CentOS] SELinux and access across 'similar types'

Tue Jan 10 08:41:23 UTC 2012
Tony Molloy <tony.molloy at ul.ie>

On Tuesday 10 January 2012 04:05:43 Marko Vojinovic wrote:
> On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
> > file_t means the file has no label, so the only way to create
> > this type of file would be to remove the security attributes on
> > the file. On an SELinux system, file_t should never be created,
> > they are only created on a disabled SELinux system.  I guess you
> > could try to use chcon -t file_t on a file, but I believe the
> > kernel will block that. Or you could attempt to delete the
> > SELinux label, but that might also be denied.
> 
> Ok, now I think I understand. The OP has stale files in /tmp which
> are not labelled, due to not purging /tmp on reboot. SELinux
> doesn't know how these files should be labelled, so it doesn't
> even try, and gives them the type file_t, which is a synonym for
> "this file doesn't have a type".
> 
> So the answer for the OP is to use chcon on this file to label it
> somehow. If that doesn't work, he should delete the file and
> recreate it (while SELinux is active), so that it gets properly
> labelled.
> 
> I learned something new today. :-) Thanks for the explanation!
> 
> Best, :-)
> Marko
> 
+1

I think I'm finally getting the hang of this SELinux.

Tony
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos