On Fri, 2023-12-08 at 23:42 +1000, Michael D. Setzer II: > Problem was a bunch of the selinux errors it was showing talked > about resetting things but it mentions FILETYPE and then gave a > ton of options for that value, and I had no clue which one should be > applied.
Generally, if it's just that the SELinux contexts are missing, restorecon along with the filepath sets them to what they need to be (most contexts are based on file location, your files in home should normally get a certain type of context, a web server's files in the standard location should get a web serving type of context, etc). If someone's developed a new type of context, it ought to get applied in the same way (automatically when created, or when restorecon is used, based on the filepath). And relabelling does that. After installing some new SELinux rules, the procedure sets a flag to cause relabelling, and that'll take done after the next boot. Exceptions occur when you want a different type of context in an usual place. Such as you might be serving web pages from a different file path. You need to create your own rules so files get given the necessary contexts automatically, and you need to set the contexts on any existing files (there). Alerts about things are (allegedly) faults. Such as right now I have an alert that: The source process: cups-pk-helper- (with a truncated name, grrr!) Attempted this access: read On this sock_file: cups.sock If I look more into the logs the full name is listed: comm=cups-pk-helper- exe=/usr/libexec/cups-pk-helper-mechanism So... Is it supposed to be able to read that file? My guess would be yes, based on the names. Why isn't it getting it right by itself? Dunno, my guess would be a bug. Can I fix it? Perhaps. The file could be randomly stuffed due to a crash, or power outage. But if it keeps creating it wrong, perhaps not. Does it matter? Dunno, printing was working last time I tried it. But printing is always fickle. -- uname -rsvp Linux 3.10.0-1160.102.1.el7.x86_64 #1 SMP Tue Oct 17 15:42:21 UTC 2023 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
