From: dwalsh@redhat.com (Daniel J Walsh) Date: Tue, 29 Mar 2011 09:56:57 -0400 Subject: [refpolicy] Two issues with restorecon In-Reply-To: <20110328221420.GG15708@hardeman.nu> References: <4D4C0538.3030904@redhat.com> <20110328221420.GG15708@hardeman.nu> Message-ID: <4D91E529.1090700@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/28/2011 06:14 PM, David H?rdeman wrote: > On Fri, Feb 04, 2011 at 08:55:04AM -0500, Daniel J Walsh wrote: >> On 02/04/2011 08:14 AM, David H?rdeman wrote: >>> Two related issues I just discovered with restorecon (sorry, I'm not close >>> to my private laptop so I can't provide patches): >>> >>> 1) When running "restorecon -r /", restorecon (setfiles) wants to write an >>> audit message that the whole fs is being relabeled (only happens when doing >>> it on /), but the refpolicy doesn't seem to give setfiles_t access to write >>> audit messages which I guess it should. >>> >>> 2) When running "restorecon -r -n /", restorecon (setfiles) wants to write >>> the same audit message as above - which would be misleading since it's not >>> actually changing any labels. >>> >> Could you open two bugzillas > > I'm sorry, you got me confused...bugzilla entries in the redhat bugzilla > database? I'm not a redhat user... (and apologies for not replying > straight away)... > Yes I was thinking the Red Hat bugzilla, but now that you mention it, we do allow the first in Red Hat/Fedora policy and the second is a bug in policycoreutils/restorecon. (But not sure whether I would say it is a high priority.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2R5SkACgkQrlYvE4MpobPOxwCgraDPXrKFxeGc+EDftq5kg5Jm vFgAoLzNaNLJBUAJswIbWdL3itkqlOfL =fTxr -----END PGP SIGNATURE-----