| 1 |
On Wed, Nov 17, 2010 at 09:41:49PM +0100, luc nac wrote: |
| 2 |
> Now I am trying to use SELinux (targeted policy) in a brand new Gentoo |
| 3 |
> stage3 (Kernel 2.6.32-hardened-r9), I tried all versions of |
| 4 |
> selinux-base-policy available, but relabeling the file system always |
| 5 |
> fails with the same error: "filespec_add: Conflicting specifications |
| 6 |
> for ...". |
| 7 |
> Am I still doing something wrong? The only thing that I can do to run |
| 8 |
> SELinux in Gentoo is try to make my own ebuild? |
| 9 |
|
| 10 |
This is a cosmetic error and shouldn't really be an issue (though I don't |
| 11 |
have it myself with a more recent policy snapshot). It means that there are |
| 12 |
multiple rules that match the given file, and that the rules might apply a |
| 13 |
different label to the inode. |
| 14 |
|
| 15 |
You can see the matching rule(s) using matchpathcon I think: |
| 16 |
|
| 17 |
~# matchpathcon /usr/lib/misc/glibc/getconf |
| 18 |
/usr/lib/misc/glibc/getconf system_u:object_r:lib_t |
| 19 |
|
| 20 |
> # rlpkg -a -r |
| 21 |
> Relabeling filesystem types: ext2 ext3 jfs xfs |
| 22 |
> filespec_add: conflicting specifications for /usr/bin/getconf and |
| 23 |
> /usr/lib/misc/glibc/getconf/POSIX_V6_ILP32_OFFBIG, using |
| 24 |
> system_u:object_r:lib_t. |
| 25 |
|
| 26 |
Looks like it got the right one (unless I'm also running the wrong one ;-) |
| 27 |
|
| 28 |
Wkr, |
| 29 |
Sven Vermeulen |
Archives