标题: 如何修改一个文件的SELinux security categories ? [打印本页] 作者: richardhesidu 时间: 2008-10-25 22:37 标题: 如何修改一个文件的SELinux security categories ? 按照Redhat的文档,用chcat -- +Marketing filename 把filename文件添加到Marketing这个categories。但是无论使用在Marketing这个categories的hesidu用户还是root都不能添加。提示:
chcon: failed to change context of financerecords.txt to user_u:object_r:user_home_t:s0:c0: 权限不够
Summary
SELinux is preventing /usr/bin/chcon (unconfined_t) "relabelto" to financerecord.txt (bin_t).
Detailed Description
SELinux denied access requested by /usr/bin/chcon. It is not expected that this access is required by /usr/bin/chcon and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for financerecord.txt, restorecon -v financerecord.txt If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package.
Additional Information
Source Context: user_u:system_r:unconfined_t
Target Context: user_u:object_r:bin_t:Marketing
Target Objects: financerecord.txt [ file ]
Affected RPM Packages: coreutils-5.97-12.1.el5 [application]
Policy RPM: selinux-policy-2.4.6-30.el5
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: plugins.catchall_fileHost Name: localhost.localdomain
Platform: Linux localhost.localdomain 2.6.18-8.el5 #1 SMP Fri Jan 26 14:15:21 EST 2007 i686 i686
Alert Count: 3
Line Numbers:
Raw Audit Messages :avc: denied { relabelto } for comm="chcon" dev=dm-0 egid=0 euid=0 exe="/usr/bin/chcon" exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name="financerecord.txt" pid=23994 scontext=user_u:system_r:unconfined_t:s0 sgid=0 subj=user_u:system_r:unconfined_t:s0 suid=0 tclass=file tcontext=user_u:object_r:bin_t:s0:c0 tty=pts0 uid=0