[CentOS] SELinux and access across 'similar types'
Marko Vojinovic
vvmarko at gmail.com
Tue Jan 10 04:05:43 UTC 2012
On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
> file_t means the file has no label, so the only way to create this
> type of file would be to remove the security attributes on the file.
> On an SELinux system, file_t should never be created, they are only
> created on a disabled SELinux system. I guess you could try to use
> chcon -t file_t on a file, but I believe the kernel will block that.
> Or you could attempt to delete the SELinux label, but that might also
> be denied.
Ok, now I think I understand. The OP has stale files in /tmp which are not
labelled, due to not purging /tmp on reboot. SELinux doesn't know how these
files should be labelled, so it doesn't even try, and gives them the type
file_t, which is a synonym for "this file doesn't have a type".
So the answer for the OP is to use chcon on this file to label it somehow. If
that doesn't work, he should delete the file and recreate it (while SELinux is
active), so that it gets properly labelled.
I learned something new today. :-) Thanks for the explanation!
Best, :-)
Marko
More information about the CentOS
mailing list