On 1/9/2012 8:05 PM, Marko Vojinovic wrote:
On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
file_t means the file has no label, so the only way to create this type of file would be to remove the security attributes on the file. On an SELinux system, file_t should never be created, they are only created on a disabled SELinux system. I guess you could try to use chcon -t file_t on a file, but I believe the kernel will block that. Or you could attempt to delete the SELinux label, but that might also be denied.
Ok, now I think I understand. The OP has stale files in /tmp which are not labelled, due to not purging /tmp on reboot. SELinux doesn't know how these files should be labelled, so it doesn't even try, and gives them the type file_t, which is a synonym for "this file doesn't have a type".
So the answer for the OP is to use chcon on this file to label it somehow. If that doesn't work, he should delete the file and recreate it (while SELinux is active), so that it gets properly labelled.
OK, I did delete the files in the /tmp/ directory, and as the running apache process re-created them, it created them with the correct type: [root@g6950-21025 tmp]# ls -lZ * -rw-r--r-- apache apache system_u:object_r:httpd_sys_script_rw_t hostname_ICECOOK.INFO -rw-r--r-- apache apache system_u:object_r:httpd_sys_script_rw_t hostname_LAZYFROG.INFO etc.
So the documentation is missing something about clearing files out of /tmp/ (or they won't get relabeled properly and processes won't be able to access them under SELinux), but at least it's working now.
Bennett
I learned something new today. :-) Thanks for the explanation!
Best, :-) Marko
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos