SElinux doesn't work as should be ?

Latest response

Hello,

I have a problem w SElinux, my contexts dont't want to be set. I take some example from RedHat documentation and check:

~~
[root@localhost /]# mkdir /web
[root@proton html]# ls -lZ
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 1
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 2
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 3
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 4
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 blog
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 test
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 test1
[root@localhost web]# semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
~~
And now:
~~
[root@localhost web]# restorecon -R -v /web
restorecon reset /web context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/1 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/2 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/3 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/4 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/5 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/test context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/test1 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/test2 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
restorecon reset /web/test3 context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:httpd_sys_content_t:s0
[root@localhost web]# ls -lZ
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 1
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 2
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 3
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 4
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 5
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 test
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 test1
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 test2
drwxr-xr-x. root root unconfined_u:object_r:httpd_sys_content_t:s0 test3
~~
Heh, it doesn't work !
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-SELinux_Contexts_Labeling_Files-Persistent_Changes_semanage_fcontext.html

On RedHat site works like a charm but why ? Where is and why i dont get system_u ? I have a still unconfined.
Someone can explain to me ?
Thanks,

MB

Responses