Inconsistent Reporting of SELinux Security Levels

Latest response

Hopefully this is an easy one...

As I'm going through our Satellite server and trying to resolve config file diffs, some of the files are being flagged because the reported SELinux context differs from the managed files. The only difference seems to be that with some servers, it's reporting the context including the security level (s0) and some are not.

I verified that there is an entry in the file_contexts ( '/etc/httpd(/.*?)' ) which sets the file context to system_u:object_r:httpd_config_t:s0 on both systems. But on one system, ls -lZ shows the context of these files as:

system_u:object_r:httpd_config_t:s0

And on the other server, it shows it as:

system_u:object_r:httpd_config_t

This is causing Satellite to think that there is a config file difference. A restorecon on both servers didn't seem to change anything.

What am I missing? Is there something SELinux that's enabled on one that is not on the other?

Thanks for any suggestions!

Responses