SELinux labels and policies disappeared after update

Support for security such as Firewalls and securing linux
Post Reply
takane2
Posts: 2
Joined: 2015/04/06 14:26:13

SELinux labels and policies disappeared after update

Post by takane2 » 2015/04/06 14:31:56

Hello all,

This weekend I ran a yum update on my server and the selinux-policy and selinux-policy-targeted packages were updated from 3.12.1-153 to 3.13.1-23. After the update was complete I found that all the polices and labels that I had put in place myself were gone! Is this expected behavior?

aks
Posts: 2859
Joined: 2014/09/20 11:22:14

Re: SELinux labels and policies disappeared after update

Post by aks » 2015/04/07 19:04:53

Probably - if you didn't "tell" SElinux about your changes - if you just went in and modified the contexts on disk. On a relabel SElinux will re-label with what it know (not what's there already).

takane2
Posts: 2
Joined: 2015/04/06 14:26:13

Re: SELinux labels and policies disappeared after update

Post by takane2 » 2015/04/07 19:36:37

I used 'semanage fcontext' and restorecon to set them. Is there an additional step I am supposed to take?

aks
Posts: 2859
Joined: 2014/09/20 11:22:14

Re: SELinux labels and policies disappeared after update

Post by aks » 2015/04/08 16:17:43

I don't think so - semanage should update the contexts persistently. I'd guess that something got overwritten with the update - so check the actual files.
For more information about where to check see: https://access.redhat.com/documentation ... ntext.html

Post Reply

Return to “CentOS 7 - Security Support”