> On 7 Aug 2025, at 20:03, Jason Montleon <jmont...@redhat.com> wrote:
>
> On Thu, Aug 7, 2025 at 2:13 PM Barry Scott <ba...@barrys-emacs.org> wrote:
>>
>> A user on the Fedora users list reported that selinux relabelling
>> was not working.
>>
>> I can reproduce the problem in a F42 KDE aarch64 VM.
>> But it works fine on my x86_64 desktop, also F42 KDE.
>
> Is there anything like this in dmesg? If the file was created with an
> improper context (if selinux was completely disabled for instance) you
> may see something like:
> [ 7.492519] audit: type=1400 audit(1754591921.507:4): avc: denied
> { getattr } for pid=682 comm="selinux-autorel" path="/.autorelabel"
> dev="dm-0" ino=2370
> scontext=system_u:system_r:selinux_autorelabel_generator_t:s0
> tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file permissive=0
>
> You can reproduce this for yourself:
> # touch /.autorelabel
> # chcon -t unlabeled_t /.autorelabel
>
> Rebooting you will get an avc and it won't relabel. Booting with
> enforcing=0 on the kernel command line, or otherwise setting selinux
> permissive, will allow it to relabel.
>
> I just did this on an orange pi 5 (aarch64) running Fedora 42 and it
> relabeled fine, so I don't think anything is wrong/different with
> Fedora 42 aarch64.
>
>> I got as far as finding the generator script that triggers
>> the relabelling.
>>
>> How can I debug this script?
>>
>> My guess is that the generator is running in a sandbox.
>> Where can I write a log file with /usr/bin/echo to?
>> Or is there a better way to log messages?
>>
>> Barry
User raised a ticket for this problem:
https://bugzilla.redhat.com/show_bug.cgi?id=2387134
Barry
>>
>>
>>
>> --
>> _______________________________________________
>> devel mailing list -- devel@lists.fedoraproject.org
>> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
>> Do not reply to spam, report it:
>> https://pagure.io/fedora-infrastructure/new_issue
>
>
>
> --
> Jason Montleon | email: jmont...@redhat.com
> Red Hat, Inc. | gpg key: 0x069E3022
> Cell: 508-496-0663 | irc: jmontleo / jmontleon
>
> --
> _______________________________________________
> devel mailing list -- devel@lists.fedoraproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
