On 1/9/2012 8:05 PM, Marko Vojinovic wrote: > On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote: >> file_t means the file has no label, so the only way to create this >> type of file would be to remove the security attributes on the file. >> On an SELinux system, file_t should never be created, they are only >> created on a disabled SELinux system. I guess you could try to use >> chcon -t file_t on a file, but I believe the kernel will block that. >> Or you could attempt to delete the SELinux label, but that might also >> be denied. > Ok, now I think I understand. The OP has stale files in /tmp which are not > labelled, due to not purging /tmp on reboot. SELinux doesn't know how these > files should be labelled, so it doesn't even try, and gives them the type > file_t, which is a synonym for "this file doesn't have a type". > > So the answer for the OP is to use chcon on this file to label it somehow. If > that doesn't work, he should delete the file and recreate it (while SELinux is > active), so that it gets properly labelled. OK, I did delete the files in the /tmp/ directory, and as the running apache process re-created them, it created them with the correct type: [root at g6950-21025 tmp]# ls -lZ * -rw-r--r-- apache apache system_u:object_r:httpd_sys_script_rw_t hostname_ICECOOK.INFO -rw-r--r-- apache apache system_u:object_r:httpd_sys_script_rw_t hostname_LAZYFROG.INFO etc. So the documentation is missing something about clearing files out of /tmp/ (or they won't get relabeled properly and processes won't be able to access them under SELinux), but at least it's working now. Bennett > I learned something new today. :-) Thanks for the explanation! > > Best, :-) > Marko > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos