Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 216807 - can't chcon files as root
can't chcon files as root
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-21 20:39 EST by Evan Klitzke
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-12-13 16:09:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Evan Klitzke 2006-11-21 20:39:00 EST 
I am trying to change the security context of a package I manually installed. I
cannot become adm_r by using newrole, but I assume that this is not necessary
because that package is in Extras and I log into root with su -. I cannot find
any information in the Fedora documentation to suggest that I need to change
roles to chcon files as root, so I assume this behavior is a bug.

Here is the problem I have:
[root@localhost ~]# chcon -t procmail_t /usr/local/var/dspam/data/evan/evan.lock
chcon: failed to change context of /usr/local/var/dspam/data/evan/evan.lock to
user_u:object_r:procmail_t: Permission denied

And the AVC message is:

avc: denied { relabelto } for comm='"chcon"' dev='hda1' egid='0' euid='0'
exe='"/usr/bin/chcon"' exit='-13' fsgid='0' fsuid='0' gid='0' items='0'
name='"evan.lock"' pid='11151' scontext=user_u:system_r:unconfined_t:s0 sgid='0'
subj='user_u:system_r:unconfined_t:s0' suid='0' tclass='file'
tcontext=user_u:object_r:procmail_t:s0 tty='pts0' uid='0'
Comment 1 Tim Waugh 2006-12-13 06:51:13 EST 
Confirmed.

selinux-policy-targeted-2.4.6-1.fc6

touch /tmp/foo
chcon -t procmail_t /tmp/foo
Comment 2 Daniel Walsh 2006-12-13 16:09:29 EST 
procmail_t is a domain context not a file_context.  You can only chcon file
contexts.

Please ask questions on fedora-selinux-list
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.