user1141993 asked:
semanage fcontext -a -t puppet_etc_t "/etc/puppet/environments(/.*)?"
cat /etc/selinux/targeted/contexts/files/file_contexts.local
# This file is auto-generated by libsemanage
# Do not edit directly.
/etc/puppet/environments(/.*)? system_u:object_r:puppet_etc_t:s0
touch /etc/puppet/environments/hello1
ls -Z /etc/puppet/environments/hello1
-rw-r--r--. root root unconfined_u:object_r:puppet_etc_t:s0 /etc/puppet/environments/hello1
why is this file created as “unconfined_u” not as “system_u” ?
How can I change it? Thanks.
My answer:
Because you created the file while logged in as an unconfined user.
Since in the targeted policy the user is almost always ignored, this really isn’t an issue.
If you really want to change it, you can use chcon to do that. For instance:
# ls -Z /etc/nsswitch.conf.ipabkp
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/nsswitch.conf.ipabkp
# chcon -u system_u /etc/nsswitch.conf.ipabkp
# ls -Z /etc/nsswitch.conf.ipabkp
-rw-r--r--. root root system_u:object_r:etc_t:s0 /etc/nsswitch.conf.ipabkp
View the full question and any other answers on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.