Bug 145359

Summary: inconsistent chcon failure: can't apply partial context to unlabeled file
Product: [Fedora] Fedora Reporter: Tom Lane <tgl>
Component: coreutilsAssignee: Tim Waugh <twaugh>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: dwalsh, hhorak
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-01-18 06:34:44 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Tom Lane 2005-01-17 14:04:49 EST
Description of problem:
I'm currently testing a new init script for postgresql that does
this to create a log file that's not known to selinux-policy-targeted:

touch "$PGLOG" || exit 1
chown postgres:postgres "$PGLOG"
chmod go-rwx "$PGLOG"
[ -x /usr/bin/chcon ] && /usr/bin/chcon -t postgresql_log_t "$PGLOG"

This works fine for me, but I have a report that someone else running
the same coreutils release gets

/usr/bin/chcon: can't apply partial context to unlabeled file

Any idea why it fails for him, and what I can do about it?

Version-Release number of selected component (if applicable):

How reproducible:
100% for him, 0% for me

Steps to Reproduce:
1.  See above, or install postgresql-8.0.0rc5-0.3 from fc4-scratch
Actual results:

Expected results:

Additional info:
See thread beginning at
Comment 1 Tim Waugh 2005-01-18 06:34:44 EST
Well, like the error says, you can't have a partial label.  Your
/var/lib/pgsql/pgstartup.log file is already labelled and so it makes sense to
change part of the label.  Their file has no pre-existing label, and so what
you're trying to do doesn't make sense.

(Dan, is that right?)
Comment 2 Tom Lane 2005-01-18 08:31:27 EST
Hm ... so how do I find out what label is on a file?  I've looked through the man pages for the selinux 
commands I know about, and found nothing :-(
Comment 3 Tim Waugh 2005-01-18 08:37:01 EST
ls -Z
Comment 4 Daniel Walsh 2005-01-18 17:42:06 EST
This says the file has no label to start, so you can specify just a partial
context.  So I believe the user is running on a unlabeled system.

ls -Z shows no label.

so chcon -t XYZ fails because there is no User or Role section.