[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: Re: semodule and fixfiles
From: Robin Lee Powell <rlpowell () digitalkingdom ! org>
Date: 2023-06-07 21:05:23
Message-ID: ZIDxEwNwxWq3EPYo () stodi ! digitalkingdom ! org
[Download RAW message or body]
It depends on what you want things to be able to do with files in
that directory. If they're only being used by normal users to do
normal user things, you might not need to give them a file context
at all.
As I said, you want to manage it with `semanage fcontext`.
On Wed, Jun 07, 2023 at 01:55:27PM -0700, Henry Zhang wrote:
> Robin,
>
> The "/run/media/mmcblk0p2" is not listed in the file file_contexts.
> 1. Should I update file_contexts?
> 2. Where does the file_contexts come from and intialized?
>
> ---henry
>
> On Wed, Jun 7, 2023 at 11:26 AM Robin Lee Powell <
> rlpowell@digitalkingdom.org> wrote:
>
> > Exactly what it says; the system stores a list of what files should
> > have which labels, and it doesn't know about that path. You can see
> > the raw data on what's currently defined at
> > /etc/selinux/targeted/contexts/files/file_contexts and
> > /etc/selinux/targeted/contexts/files/file_contexts.local , although
> > you really should managed them with `semanage fcontext`.
> >
> > On Wed, Jun 07, 2023 at 09:33:21AM -0700, Henry Zhang wrote:
> > > Vit,
> > >
> > > When I do relabel with setfiles and see:
> > > "Warning no default label for /run/media/mmcblk0p2"
> > >
> > > What is wrong?
> > >
> > > ---henry
> > >
> > > On Wed, Jun 7, 2023 at 4:59 AM Vit Mojzis <vmojzis@redhat.com> wrote:
> > >
> > > >
> > > >
> > > > On 6/6/23 23:13, Henry Zhang wrote:
> > > > > Zdenek,
> > > > >
> > > > > fixfiles are used for relabeling.
> > > > > Relabel hints the system was labeled before.
> > > > > But when the system is labeled initially?
> > > > After selinux-policy-targeted (or minimum/mls) is installed. These
> > > > packages contain distribution policy modules (including file context
> > > > definitions).
> > > >
> > > > >
> > > > > In which cases
> > > > > 1. semodule should be called?
> > > > "semodule" is for managing policy modules (install, remove, list,
> > > > enable, disable), so for example when you want to add a custom policy
> > > > module, or list which modules are present in your system.
> > > >
> > > > > 2. fixfiles should be executed?
> > > > After a policy change (new policy module is installed/removed, or new
> > > > file context definition is added using "semanage fcontext"), or after
> > > > mounting a new filesystem.
> > > > Note that relabeling can be done using "fixfiles", "setfiles", or
> > > > "restorecon", all of which use the same underlying code (each is just
> > > > aimed at different use-case).
> > > >
> > > > Hope this helps.
> > > > Vit
> > > > >
> > > > > Thanks.
> > > > >
> > > > > ----henry
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > selinux mailing list -- selinux@lists.fedoraproject.org
> > > > > To unsubscribe send an email to
> > selinux-leave@lists.fedoraproject.org
> > > > > Fedora Code of Conduct:
> > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > > > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > > > List Archives:
> > > >
> > https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
> > > > > Do not reply to spam, report it:
> > > > https://pagure.io/fedora-infrastructure/new_issue
> > > > _______________________________________________
> > > > selinux mailing list -- selinux@lists.fedoraproject.org
> > > > To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
> > > > Fedora Code of Conduct:
> > > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > > List Guidelines:
> > https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > > List Archives:
> > > >
> > https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
> > > > Do not reply to spam, report it:
> > > > https://pagure.io/fedora-infrastructure/new_issue
> > > >
> >
> > > _______________________________________________
> > > selinux mailing list -- selinux@lists.fedoraproject.org
> > > To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
> > > Fedora Code of Conduct:
> > https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> > > List Archives:
> > https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
> > > Do not reply to spam, report it:
> > https://pagure.io/fedora-infrastructure/new_issue
> >
> >
_______________________________________________
selinux mailing list -- selinux@lists.fedoraproject.org
To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic