* setfiles rootfs labeling
[not found] <1622272321.2871056.1537970133583.ref@mail.yahoo.com>
@ 2018-09-26 13:55 ` sajjad ahmed
2018-09-26 14:18 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: sajjad ahmed @ 2018-09-26 13:55 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 567 bytes --]
Hi all,
I'm trying to use the setfiles utility (v 2.7) from policycoreutils to label rootfs, it seems like setfiles exclude all the directories straight away and labels nothing. I tried an older version (< 2.6) that works fine. I'm using the yocto project to build packages and using native setfiles utility to "label rootfs on the build system". Is it utility who is not doing what is supposed to?
I'm using the following command to label rootfs, sudo setfiles -v -r /tmp/sid/ /etc/selinux/refpolicy/contexts/files/file_contexts /tmp/sid/
- Sajjad Ahmed
[-- Attachment #2: Type: text/html, Size: 5377 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: setfiles rootfs labeling
2018-09-26 13:55 ` setfiles rootfs labeling sajjad ahmed
@ 2018-09-26 14:18 ` Stephen Smalley
2018-09-26 14:37 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2018-09-26 14:18 UTC (permalink / raw)
To: sajjad ahmed, selinux
On 09/26/2018 09:55 AM, sajjad ahmed via Selinux wrote:
> Hi all,
>
> I'm trying to use the setfiles utility (v 2.7) from policycoreutils to
> label rootfs, it seems like setfiles exclude all the directories
> straight away and labels nothing. I tried an older version (< 2.6) that
> works fine. I'm using the yocto project to build packages and using
> native setfiles utility to "label rootfs on the build system". Is it
> utility who is not doing what is supposed to?
>
> I'm using the following command to label rootfs,
> /sudosetfiles -v -r /tmp/sid/
> /etc/selinux/refpolicy/contexts/files/file_contexts /tmp/sid//
> /
> /
I'll guess that your build host OS has SELinux disabled and that
consequently /proc/mounts does not show the seclabel option for the
filesystem. Trying using the -m option to setfiles to ignore /proc/mounts.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: setfiles rootfs labeling
2018-09-26 14:18 ` Stephen Smalley
@ 2018-09-26 14:37 ` Stephen Smalley
0 siblings, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2018-09-26 14:37 UTC (permalink / raw)
To: sajjad ahmed, selinux, Richard Haines
On 09/26/2018 10:18 AM, Stephen Smalley wrote:
> On 09/26/2018 09:55 AM, sajjad ahmed via Selinux wrote:
>> Hi all,
>>
>> I'm trying to use the setfiles utility (v 2.7) from policycoreutils to
>> label rootfs, it seems like setfiles exclude all the directories
>> straight away and labels nothing. I tried an older version (< 2.6)
>> that works fine. I'm using the yocto project to build packages and
>> using native setfiles utility to "label rootfs on the build system".
>> Is it utility who is not doing what is supposed to?
>>
>> I'm using the following command to label rootfs,
>> /sudosetfiles -v -r /tmp/sid/
>> /etc/selinux/refpolicy/contexts/files/file_contexts /tmp/sid//
>> /
>> /
>
> I'll guess that your build host OS has SELinux disabled and that
> consequently /proc/mounts does not show the seclabel option for the
> filesystem. Trying using the -m option to setfiles to ignore /proc/mounts.
I guess we should be enabling this option automatically if SELinux is
disabled on the host? Looks like we were skipping use of /proc/mounts
in setfiles until moving it to use selinux_restorecon()
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-26 14:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <1622272321.2871056.1537970133583.ref@mail.yahoo.com>
2018-09-26 13:55 ` setfiles rootfs labeling sajjad ahmed
2018-09-26 14:18 ` Stephen Smalley
2018-09-26 14:37 ` Stephen Smalley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).