From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050323 Firefox/1.0.2 Fedora/1.0.2-1.3.1
Description of problem:
I keep noticing the following warning message in /var/log/messages
Warning! Could not relabel /dev/pts/1 with user_u:object_r:devpts_t, not relabeling.Operation not permitted
Sometimes the message has a different number eg. /dev/pts/2, /dev/pts/0.
I think it is being caused by running a "fixfiles relabel" when "su -" as root at a terminal.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Log in as normal user.
2. Open terminal.
3. su -
4. fixfiles relabel
Actual Results: Sometimes the warning message appears.
Expected Results: No warning message.
First off why are you fixfiles relabeling all the time?
This is denying you the right to relabel the terminal you are currently on. So
this is expected and probably what you want. When you exit the su the terminal
will get set back to the default.
I'm probably going about it the wrong way, but the reason I've been doing a
fixfiles relabel is if I've copied something say from root's directory to my
home directory and set the permissions and ownership the same way I would do on
a non SELinux system, you still need to change each files SELinux attributes in
order to read them, the only reason I've been using fixfiles relabel for this is
its quicker than going through each file individually... probably a misuse of
the program, but it seems to do the job :-)
This is probably not a bug then.
You probably want to use restorecon for this.
restorecon -R -v /home/USERNAME
Would recursively walk the homedirectory and fix the context.
restorecon -v /home/USERNAME/file_name
Fixes it for a single file.
cp should pick up the security context of the destination directory if it is not
going across mount points.
chcon also alows you to set the security context for an individual file. It has
similar command to chmod. chcon -t user_home_t /home/USERNAME/file_name would
change the type componant to user_home_t.
fixfiles relabel will run through the entire file system and read every single file.