search for: relabelto

...om typo3 I found this construct in the selinux policies "/var/www/html(/.*)?/uploads(/.*)?" but my is not working ? and I have only errors? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675 (allow restorecond_t non_auth_file_type (file (getattr relabelfrom relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 (allow systemd_tmpfiles_t non_...

...n I like to set this Rule ? semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" This Errors are displayd ? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675 (allow restorecond_t non_auth_file_type (file (getattr relabelfrom relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 (allow systemd_tmpfiles_t non_...

...passenger_t; type port_t; type proc_net_t; class process { getattr siginh setexec sigchld noatsecure transition rlimitinh }; class unix_stream_socket { getattr accept read write }; class capability { sys_resource sys_ptrace }; class file { entrypoint open create relabelfrom relabelto getattr setattr read write append ioctl lock rename link unlink }; class lnk_file { getattr read }; class udp_socket name_bind; class dir { getattr setattr add_name remove_name search open read write ioctl lock }; } #============= httpd_t ============== allow httpd_t port_t:udp_socket...

...uot; ino=67978294 scontext=system_u:system_r:sssd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=file permissive=0 The policy allows sssd_t to unlink user_tmp_type: sesearch -s sssd_t --allow: allow sssd_t user_tmp_type : file { ioctl read write create getattr setattr lock relabelfrom relabelto append unlink link rename open } ; Is the problem that the credential cache files in /tmp are being created with the wrong label, or is there some other problem I'm not seeing?