selinux, file not matching file_contexts.local

user1141993 asked:

semanage fcontext  -a -t puppet_etc_t "/etc/puppet/environments(/.*)?"
cat  /etc/selinux/targeted/contexts/files/file_contexts.local
# This file is auto-generated by libsemanage
# Do not edit directly.

/etc/puppet/environments(/.*)?    system_u:object_r:puppet_etc_t:s0

 touch /etc/puppet/environments/hello1
 ls -Z /etc/puppet/environments/hello1 
 -rw-r--r--. root root unconfined_u:object_r:puppet_etc_t:s0 /etc/puppet/environments/hello1

why is this file created as “unconfined_u” not as “system_u” ?
How can I change it? Thanks.

My answer:


Because you created the file while logged in as an unconfined user.

Since in the targeted policy the user is almost always ignored, this really isn’t an issue.

If you really want to change it, you can use chcon to do that. For instance:

# ls -Z /etc/nsswitch.conf.ipabkp
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0   /etc/nsswitch.conf.ipabkp
# chcon -u system_u /etc/nsswitch.conf.ipabkp 
# ls -Z /etc/nsswitch.conf.ipabkp
-rw-r--r--. root root system_u:object_r:etc_t:s0       /etc/nsswitch.conf.ipabkp

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.