[CentOS] selinux problem policies

Hello,

On Sonntag, 30. April 2017 18:40:23 CEST Gordon Messmer wrote:
> On 04/30/2017 07:03 AM, Günther J. Niederwimmer wrote:
> >   I write this!
> > 
> > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
> > typo3conf(/.*)?"
> 
> OK.  Did you get an error?
I have only Errors ;-).

when I like to set this Rule ?
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
typo3conf(/.*)?" 

This Errors are displayd ?
neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/
cil:244
  (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto)))
    <root>
    allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675
      (allow restorecond_t non_auth_file_type (file (getattr relabelfrom 
relabelto)))
    <root>
    allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108
      (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom 
relabelto)))

But the Rule are not added/set ?

> > I have more instances from typo3
> > I found this construct in the selinux policies
> > "/var/www/html(/.*)?/uploads(/.*)?"
> > 
> > but my is not working ?
> 
> Can you be specific about what "not working" means?  Did you get an
> error from the semanage command?  Are files not labeled correctly?
> 
> After setting context rules, you can "restorecon -R -v /var/www/html/"
> to fix the labels of any existing files.  You can see their current
> labels using "ls -lZ /var/www/html".
> 
> > and I have only errors?
> > 
> > neverallow check failed at
> > /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244
> 
> When do you see that error?
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos


-- 
mit freundlichen Grüssen / best regards

  Günther J. Niederwimmer