Re: setfiles rootfs labeling
On 09/26/2018 10:18 AM, Stephen Smalley wrote: On 09/26/2018 09:55 AM, sajjad ahmed via Selinux wrote: Hi all, I'm trying to use the setfiles utility (v 2.7) from policycoreutils to label rootfs, it seems like setfiles exclude all the directories straight away and labels nothing. I tried an older version (< 2.6) that works fine. I'm using the yocto project to build packages and using native setfiles utility to "label rootfs on the build system". Is it utility who is not doing what is supposed to? I'm using the following command to label rootfs, /sudosetfiles -v -r /tmp/sid/ /etc/selinux/refpolicy/contexts/files/file_contexts /tmp/sid// / / I'll guess that your build host OS has SELinux disabled and that consequently /proc/mounts does not show the seclabel option for the filesystem. Trying using the -m option to setfiles to ignore /proc/mounts. I guess we should be enabling this option automatically if SELinux is disabled on the host? Looks like we were skipping use of /proc/mounts in setfiles until moving it to use selinux_restorecon() ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: setfiles rootfs labeling
On 09/26/2018 09:55 AM, sajjad ahmed via Selinux wrote: Hi all, I'm trying to use the setfiles utility (v 2.7) from policycoreutils to label rootfs, it seems like setfiles exclude all the directories straight away and labels nothing. I tried an older version (< 2.6) that works fine. I'm using the yocto project to build packages and using native setfiles utility to "label rootfs on the build system". Is it utility who is not doing what is supposed to? I'm using the following command to label rootfs, /sudosetfiles -v -r /tmp/sid/ /etc/selinux/refpolicy/contexts/files/file_contexts /tmp/sid// / / I'll guess that your build host OS has SELinux disabled and that consequently /proc/mounts does not show the seclabel option for the filesystem. Trying using the -m option to setfiles to ignore /proc/mounts. ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
setfiles rootfs labeling
Hi all, I'm trying to use the setfiles utility (v 2.7) from policycoreutils to label rootfs, it seems like setfiles exclude all the directories straight away and labels nothing. I tried an older version (< 2.6) that works fine. I'm using the yocto project to build packages and using native setfiles utility to "label rootfs on the build system". Is it utility who is not doing what is supposed to? I'm using the following command to label rootfs, sudo setfiles -v -r /tmp/sid/ /etc/selinux/refpolicy/contexts/files/file_contexts /tmp/sid/ - Sajjad Ahmed___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
