Bug 835102 - User defined SELinux label resets
User defined SELinux label resets
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
17
i686 Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-25 10:35 EDT by ZiN
Modified: 2012-06-27 11:09 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-27 03:07:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description ZiN 2012-06-25 10:35:33 EDT
Description of problem:
Cannot set SELinux label for eclipse from off. site.

Version-Release number of selected component (if applicable):

How reproducible:
Download eclipse from official site (eg. Classic). Unpack to /opt.
Set java_exec_t label for eclipse executable.
It resets to bin_t

Steps to Reproduce:
1.semanage fcontext -a -t java_exec_t -f -- '/opt/eclipse/eclipse'
2.restorecon -v /opt/eclipse/eclipse
  
Actual results:
ls -Z /opt/eclipse/eclipse
system_u:object_r:bin_t:s0       /opt/eclipse/eclipse

Expected results:
ls -Z /opt/eclipse/eclipse
system_u:object_r:java_exec_t:s0       /opt/eclipse/eclipse

Additional info:
I know about Fedora Eclipse and use it at work in a multiuser environment, but there is some need to use the official version at home. For I began to use it since 2009, on a Slackware Linux. So when I'd switched to Fedora it was easier to continue with official version.
Also neither Fedora nor official Eclipse could work with Sun or Oracle Java without this label. I use self-made RPMS for Java that are based on Paul Howarth's from http://www.city-fan.org/tips/SunJava6OnFedora and http://www.city-fan.org/tips/OracleJava7OnFedora.
I have doubts about which component is responsible for such SELinux behavior, so I've specified policycoreutils.
Comment 1 Miroslav Grepl 2012-06-27 03:07:47 EDT
This is expected. We use java policy no longer. We define

type bin_t alias { java_exec_t };

which is a reason why you get bin_t.
Comment 2 ZiN 2012-06-27 11:09:53 EDT
Thank you. Now I see.

Note You need to log in before you can comment on or make changes to this bug.