Hello I have a few files/directories in /run (or /var/run) that do not have the correct selinux contexts. Notably, files belonging to samba and fail2ban, but there may be others.
I thought this might be related to the /run migration bug (424173) but it seems to restore to the correct contexts, just that the files are not created with the correct contexts. How are the contexts of these files usually managed? #output from matchpathcon: /run/dbus.pid has context system_u:object_r:system_dbusd_var_run_t, should be <<none>> /run/fail2ban has context system_u:object_r:initrc_var_run_t, should be system_u:object_r:fail2ban_var_run_t /run/lvm has context system_u:object_r:initrc_var_run_t, should be system_u:object_r:var_run_t /run/ntpd.pid has context system_u:object_r:initrc_var_run_t, should be system_u:object_r:ntpd_var_run_t /run/privoxy-tor.pid has context system_u:object_r:privoxy_var_run_t, should be <<none>> /run/samba has context system_u:object_r:initrc_var_run_t, should be system_u:object_r:smbd_var_run_t /run/saslauthd has context system_u:object_r:initrc_var_run_t, should be system_u:object_r:var_run_t /run/sepermit has context system_u:object_r:initrc_var_run_t, should be system_u:object_r:pam_var_run_t /run/sshd.pid has context system_u:object_r:sshd_var_run_t, should be <<none>> /run/syslog-ng.ctl has context system_u:object_r:devlog_t, should be system_u:object_r:syslogd_var_run_t #output from restorcon -rv /run restorecon: Warning no default label for /run/sshd.pid restorecon: Warning no default label for /run/privoxy-tor.pid restorecon reset /run/ntpd.pid context system_u:object_r:initrc_var_run_t->system_u:object_r:ntpd_var_run_t restorecon reset /run/fail2ban context system_u:object_r:initrc_var_run_t->system_u:object_r:fail2ban_var_run_t restorecon reset /run/fail2ban/fail2ban.sock context system_u:object_r:initrc_var_run_t->system_u:object_r:fail2ban_var_run_t restorecon reset /run/fail2ban/fail2ban.pid context system_u:object_r:initrc_var_run_t->system_u:object_r:fail2ban_var_run_t restorecon reset /run/syslog-ng.ctl context system_u:object_r:devlog_t->system_u:object_r:syslogd_var_run_t restorecon: Warning no default label for /run/dbus.pid restorecon reset /run/sepermit context system_u:object_r:initrc_var_run_t->system_u:object_r:pam_var_run_t restorecon reset /run/samba context system_u:object_r:initrc_var_run_t->system_u:object_r:smbd_var_run_t restorecon reset /run/samba/nmbd.pid context system_u:object_r:initrc_var_run_t->system_u:object_r:nmbd_var_run_t restorecon reset /run/samba/smbd.pid context system_u:object_r:initrc_var_run_t->system_u:object_r:smbd_var_run_t restorecon reset /run/lvm context system_u:object_r:initrc_var_run_t->system_u:object_r:var_run_t restorecon reset /run/saslauthd context system_u:object_r:initrc_var_run_t->system_u:object_r:var_run_t restorecon reset /run/lock/lvm context system_u:object_r:var_lock_t->system_u:object_r:lvm_lock_t #from the mount command: tmpfs on /run type tmpfs (rw,rootcontext=system_u:object_r:var_run_t,seclabel,nosuid,nodev,relatime,mode=755) Thanks -- Ben Pritchard [email protected]
