On Fri, Sep 21, 2018 at 3:58 AM Petr Lautrbach <[email protected]> wrote:
> > Ted Toth <[email protected]> writes: > > > I have something very much like the following in an fc file: > > /usr/lib64/python2\.(6|7)/site-packages/xyz/paste -- > > gen_context(system_u:object_r:jxyz_exec_t,s0) > > > > and I use the same file on el6 and el7. On el6 the file is > > labeled as > > specified in the python2.6 directory. However on el7 where the > > file gets > > installed into python2.7 the file is not labeled correctly. On > > el7 > > `semanage fcontext -l | grep xyz` shows the file context > > expected but > > `matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste` does > > not return > > the expected context and `restorecon -RFv > > /usr/lib64/python2.7/site-packages/xyz` has no affect. The type > > xyz_exec_t > > exists on both systems. It's probably something stupid I'm doing > > but I'm > > just not seeing it. Has anyone else experienced similar issues? > > > > There's equivalency rule /usr/lib64 -> /usr/lib on el7: > > # semanage fcontext -a -t tmp_t > '/usr/lib64/python2\.(6|7)/site-packages/xyz/paste' > > ValueError: File spec > /usr/lib64/python2\.(6|7)/site-packages/xyz/paste conflicts with > equivalency rule '/usr/lib64 /usr/lib'; Try adding > '/usr/lib/python2\.(6|7)/site-packages/xyz/paste' instead > > > # semanage fcontext -a -t tmp_t > '/usr/lib/python2\.(6|7)/site-packages/xyz/paste' > > # matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste > /usr/lib64/python2.7/site-packages/xyz/paste > system_u:object_r:tmp_t:s0 > > > Petr > Thanks, where is this equivalency rule defined/documented?
_______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
