Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 467420

Summary: sys-apps/policycoreutils-2.1.14-r1 can't set a default label for several files
Product: Gentoo Linux Reporter: Hinnerk van Bruinehsen <h.v.bruinehsen>
Component: SELinuxAssignee: SE Linux Bugs <selinux>
Status: RESOLVED INVALID    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Hinnerk van Bruinehsen 2013-04-26 23:02:13 UTC 
After updating selinux userland and running rlpkg -a -r -v (the -v is important as the warning is dropped otherwise) I get a bunch of warnings about setfiles to being able to find a default label for a bunch of files:

/usr/sbin/setfiles:  Warning no default label for /var/spool/cron/lastrun/.keep_sys-process_cronbase-0
/usr/sbin/setfiles:  Warning no default label for /var/spool/cron/lastrun/cron.monthly
/usr/sbin/setfiles:  Warning no default label for /var/spool/cron/lastrun/cron.weekly
/usr/sbin/setfiles:  Warning no default label for /var/spool/cron/lastrun/cron.daily
/usr/sbin/setfiles:  Warning no default label for /var/spool/cron/lastrun/cron.hourly
/usr/sbin/setfiles:  Warning no default label for /var/spool/cron/.keep_sys-process_cronbase-0
/usr/sbin/setfiles:  Warning no default label for /var/spool/cron/crontabs/.keep_sys-process_vixie-cron-0
/usr/sbin/setfiles:  Warning no default label for /var/tmp/.keep
/usr/sbin/setfiles:  Warning no default label for /var/tmp/kdecache-kdm
/usr/sbin/setfiles:  Warning no default label for /var/tmp/kdecache-kdm/icon-cache.kcache

The list is much longer though for me all such warnings are about files in /var/<some subdirectory>. My /var is part of my root and other parts of var get their labels correctly.

matchpathcon gives:

matchpathcon /var/spool/cron/.keep_sys-process_cronbase-0 
/var/spool/cron/.keep_sys-process_cronbase-0    <<none>>


Reproducible: Always
Comment 1 Amadeusz Sławiński 2013-04-26 23:59:56 UTC 
I also see this, however this may be correct behaviour considering that they seem to be set explicitly in the policy to be <<none>>
for example from cron.fc
/var/spool/cron/lastrun	-d		gen_context(system_u:object_r:crond_tmp_t,s0)
/var/spool/cron/lastrun/[^/]*	--	<<none>>
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2013-04-27 07:49:31 UTC 
That's correct; the new utilities might be more strict, or the warnings weren't as obvious in the past. Normally, when they are defined with <<none>>, the contexts remain as-is (portage_tmp_t?)
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2013-05-03 17:46:58 UTC 
I'm going to mark this as INVALID, the method is working as designed (if the target file is marked as <<none>>).