5 thoughts on - Selinux-policy Update Resets /etc/selinux/targeted/contexts/files/file_contexts?

• yum install policycoreutils-python man audit2why man audit2allow man semodule

  If you have setroubleshoot installed then the avc message in /var/log/messages should tell you to run sealert with the requisite parameters. Then follow the instructions.

  You will likely find it advisable to post your proposed custom se policy changes here first and get feedback about anything that is too broadly permissive.

• Next time try putting the local policy into:
  /etc/selinux/targeted/contexts/files/file_contexts.local
  … which isn’t overwritten by package updates. This is what would have happened if you had used the ‘semanage fcontext’ command.

• This is incorrect.

  # semanage fcontext -a -t public_content_rw_t ‘/var/www/html(/.*?)’
  # restorecon -R -v /var/www/html

  Should change the label and it should survive relabel.

  After the latest round of updates (including selinux-policy.noarch
  0:3.7.19-260.el6_6.1 and selinux-policy-targeted.noarch
  0:3.7.19-260.el6_6.1) samba-access to /var/www/html was denied.

• Op 17-12-14 om 14:56 schreef Jonathan Billings:

  Thank you, it even makes sense :-)
  Troubleshooting selinux is still on my skills-wishlist.

• Op 17-12-14 om 15:12 schreef Daniel J Walsh:
  Thanks, I know I shouldn’t just follow serverfault instructions without complete understanding. One day I’ll have to learn to master selinux. (and rtfm)

  Patrick