[CentOS] SELinux and access across 'similar types'
Tony Molloy
tony.molloy at ul.ie
Tue Jan 10 08:41:23 UTC 2012
On Tuesday 10 January 2012 04:05:43 Marko Vojinovic wrote:
> On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
> > file_t means the file has no label, so the only way to create
> > this type of file would be to remove the security attributes on
> > the file. On an SELinux system, file_t should never be created,
> > they are only created on a disabled SELinux system. I guess you
> > could try to use chcon -t file_t on a file, but I believe the
> > kernel will block that. Or you could attempt to delete the
> > SELinux label, but that might also be denied.
>
> Ok, now I think I understand. The OP has stale files in /tmp which
> are not labelled, due to not purging /tmp on reboot. SELinux
> doesn't know how these files should be labelled, so it doesn't
> even try, and gives them the type file_t, which is a synonym for
> "this file doesn't have a type".
>
> So the answer for the OP is to use chcon on this file to label it
> somehow. If that doesn't work, he should delete the file and
> recreate it (while SELinux is active), so that it gets properly
> labelled.
>
> I learned something new today. :-) Thanks for the explanation!
>
> Best, :-)
> Marko
>
+1
I think I'm finally getting the hang of this SELinux.
Tony
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list