Bug 216807 - can't chcon files as root
Summary: can't chcon files as root
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 6
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-11-22 01:39 UTC by Evan Klitzke
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-12-13 21:09:29 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Evan Klitzke 2006-11-22 01:39:00 UTC
I am trying to change the security context of a package I manually installed. I
cannot become adm_r by using newrole, but I assume that this is not necessary
because that package is in Extras and I log into root with su -. I cannot find
any information in the Fedora documentation to suggest that I need to change
roles to chcon files as root, so I assume this behavior is a bug.

Here is the problem I have:
[root@localhost ~]# chcon -t procmail_t /usr/local/var/dspam/data/evan/evan.lock
chcon: failed to change context of /usr/local/var/dspam/data/evan/evan.lock to
user_u:object_r:procmail_t: Permission denied

And the AVC message is:

avc: denied { relabelto } for comm='"chcon"' dev='hda1' egid='0' euid='0'
exe='"/usr/bin/chcon"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0'
name='"evan.lock"' pid='11151' scontext=user_u:system_r:unconfined_t:s0 sgid='0'
subj='user_u:system_r:unconfined_t:s0' suid='0' tclass='file'
tcontext=user_u:object_r:procmail_t:s0 tty='pts0' uid='0'

Comment 1 Tim Waugh 2006-12-13 11:51:13 UTC
Confirmed.

selinux-policy-targeted-2.4.6-1.fc6

touch /tmp/foo
chcon -t procmail_t /tmp/foo


Comment 2 Daniel Walsh 2006-12-13 21:09:29 UTC
procmail_t is a domain context not a file_context.  You can only chcon file
contexts.

Please ask questions on fedora-selinux-list


Note You need to log in before you can comment on or make changes to this bug.