From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1 Description of problem: I keep noticing the following warning message in /var/log/messages Warning! Could not relabel /dev/pts/1 with user_u:object_r:devpts_t, not relabeling.Operation not permitted Sometimes the message has a different number eg. /dev/pts/2, /dev/pts/0. I think it is being caused by running a "fixfiles relabel" when "su -" as root at a terminal. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.90 How reproducible: Sometimes Steps to Reproduce: 1. Log in as normal user. 2. Open terminal. 3. su - 4. fixfiles relabel Actual Results: Sometimes the warning message appears. Expected Results: No warning message. Additional info:
First off why are you fixfiles relabeling all the time? This is denying you the right to relabel the terminal you are currently on. So this is expected and probably what you want. When you exit the su the terminal will get set back to the default. Dan
I'm probably going about it the wrong way, but the reason I've been doing a fixfiles relabel is if I've copied something say from root's directory to my home directory and set the permissions and ownership the same way I would do on a non SELinux system, you still need to change each files SELinux attributes in order to read them, the only reason I've been using fixfiles relabel for this is its quicker than going through each file individually... probably a misuse of the program, but it seems to do the job :-) This is probably not a bug then. Regards, Adam
You probably want to use restorecon for this. restorecon -R -v /home/USERNAME Would recursively walk the homedirectory and fix the context. restorecon -v /home/USERNAME/file_name Fixes it for a single file. cp should pick up the security context of the destination directory if it is not going across mount points. chcon also alows you to set the security context for an individual file. It has similar command to chmod. chcon -t user_home_t /home/USERNAME/file_name would change the type componant to user_home_t. fixfiles relabel will run through the entire file system and read every single file. Dan