Bug 120222

Summary: SELinux FAQ - how do you execute applications installed into e.g. /opt or /usr/local ?
Product: [Retired] Fedora Documentation Reporter: Karsten Wade <kwade>
Component: selinux-faqAssignee: Karsten Wade <kwade>
Status: CLOSED CURRENTRELEASE QA Contact: Tammy Fox <tammy.c.fox>
Severity: medium Docs Contact:
Priority: medium    
Version: develCC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://people.redhat.com/kwade/fedora-docs/selinux-faq-en/
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-04 14:26:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 118757    

Description Karsten Wade 2004-04-06 22:27:08 UTC 
Description of change/FAQ addition"

Basically I installed a piece of third part software in the /opt, 
/usr/local ... directory

When a user goes to execute the file he gets permission denied even 
though the protection is 755.

He will need to change the security context to a executable context. 

chmod -t bin_t /FULLPATH

Also they should add an entry to the 
/etc/security/selinux/src/policy/file_contexts/misc/ directory
that specifies the security context so a relabel will maintain the 
security context.



Version-Release of FAQ 

selinux-faq-1.0-4 (2004-04-05-T04:20-0800)
Comment 1 Karsten Wade 2004-04-06 22:32:00 UTC 
Two questions:

1. Should that be "chcon -t bin_t /FULLPATH"?

2. As a procedure, is this accurate:

   1. Install software
   2. chcon -t bin_t /path-to-executable
   3. add entry to
/etc/security/selinux/src/policy/file_contexts/misc/ specifying the
security contex
   4. run fixfiles /what/path?
Comment 2 Daniel Walsh 2005-01-03 21:16:03 UTC 
Is this bug still a problem?
Comment 3 Karsten Wade 2005-01-04 00:26:09 UTC 
This is from a pretty early version of the FAQ, making it probably a
FC 2 test 2 report, iirc that was before the strict/targeted split. 
But I haven't gone in to test, having lost the original context this
bug came from.

If you think it's resolved, I'm all for closing.
Comment 4 Daniel Walsh 2005-01-04 14:26:49 UTC 
This really does not apply to FC3.  So I am closing.  We have enough
other problems in the FAQ.

Dan