Red Hat Bugzilla – Bug 704189
Wrong label for /etc/selinux/$SELINUXTYPE/contexts
Last modified: 2012-10-16 08:27:12 EDT
Description of problem:
It seems that the /etc/selinux/$SELINUXTYPE/contexts directory and its contents are being labeled incorrectly to default_context_t instead of selinux_config_t.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
The policy tells me this is a correct label. Why do you think this is a bug?
(In reply to comment #1)
> The policy tells me this is a correct label. Why do you think this is a bug?
I think this directory and its contents should be selinux_config_t, as it contains SELinux configuration files.
It contains default contexts so I don't see this as bug.
I agree, this has always been labeled default_context, in that lots of domains need to read it that do not need to read other parts of SELinux config.
Then secadm_r also will need to have write permission to it.
Miroslav make sure RHEL5 and RHEL6 have
*** This bug has been marked as a duplicate of bug 704191 ***