Incorrect SELinux Context (Fedora)

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
mikey_189763
Junior Member
Posts: 8
Joined: 16 Jul 2017, 20:26

Incorrect SELinux Context (Fedora)

Post by mikey_189763 »

Hello all,

I tried Fedora for the first time today, and CSF failed to install correctly (I've been successful with Centos for quite some time).

Basically the systemd unit files, and the binaries get placed with incorrect SELinux context. I fixed the contexts in /usr/lib/systemd/system/ before I could copy them, but in /usr/sbin they were erroneously:

"unconfined_u:object_r:user_home_t:s0"

The incorrect contexts in the systemd directory caused the CSF and LFD services to not be recognized. The incorrect contexts in /usr/sbin caused the services to fail to start.

Once I fixed the contexts with chcon in both the systemd unit and bin directories, the CSF and LFD services began to start and function normally.

Uname --all = Linux myhostname 4.11.9-300.fc26.x86_64 #1 SMP Wed Jul 5 16:21:56 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
And my operating system is: Fedora release 26 (Twenty Six)

One thing to point out is that I did not run install.sh as root. I simply used sudo while in the home directory of regular user. Although I feel this shouldn't matter, and it's worked before under Centos.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: Incorrect SELinux Context (Fedora)

Post by ForumAdmin »

Thank you for reporting this. The SELinux security context will be resolved in the next release of csf.
mikey_189763
Junior Member
Posts: 8
Joined: 16 Jul 2017, 20:26

Re: Incorrect SELinux Context (Fedora)

Post by mikey_189763 »

My pleasure. Thank you for making a great product !
mikey_189763
Junior Member
Posts: 8
Joined: 16 Jul 2017, 20:26

Re: Incorrect SELinux Context (Fedora)

Post by mikey_189763 »

So I came back to respond while installing CSF on another new Fedora install. It appears the SELinux context in /usr/lib/systemd/system is correct, but the username still defaulted to my personal username, instead of root, for both lfd.service and csf.service

Now inside the /usr/sbin directory, the contexts appear to be correct "system_u:object_r:bin_t:s0", but the user also defaults to my personal username instead of root.

Fixing username ownership to root:root seemed to fix it this time.
Post Reply