From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Description of problem: The latest update to selinux-policy-targeted changed the type specified for /var/log from var_log_t to home_root_t. These changes occured in /etc/selinux/targeted/src/policy/file_contexts/file_contexts. Version-Release number of selected component (if applicable): selinux-policy-targeted-1.17.30-2.88 How reproducible: Always Steps to Reproduce: 1. Upgrade to selinux-policy-targeted-1.17.30-2.88 2. Run restorecon -R /var/log Actual Results: The type of /var/log was set to home_root_t. Expected Results: The type of /var/log should have been var_log_t. Additional info: This doesn't seem to be a problem for the policies set forth in the selinux-policy-targeted package, however it was an issue as we use a custom policy to govern snort.
I just pushed the update to another box, with a nearly identical configuration. The odd thing here is that this issue did not arise on this second system. The changes in question were nowhere to be found, and the labeling on /var/log remained as it should. Yet, on the first machine, this was not an issue until the upgrade. I'm not sure what's going on here...
Do you have a entry in /etc/passwd with an homedir in /var/log? Dan
One, the 'snort' user has a homedir at '/var/log/snort' -- however this user exists on both systems, and the sole difference between the two is the uid.
If the snort UID is > 500 and has a shell of something other than /sbin/nologin or /bin/false This could happen. Change the UID or the shell and reload policy, should clear it up. Dan
Ahh, that makes a lot sense! Thanks for the help, and sorry about bugging you with something so silly.