跳至主要内容

chcon can not apply partial context to unlabeld file excerpt: fix broken selinux label

The broken selinux label and way to fix

Yesterday I work on a task of compress a qcow2 vm image. As usual I made a temp directory in the directory of the image, and fired the qemu-img convert and then virt-sparsify command to do the compression.

Soon, after some seconds, an unusual error occurred. My task received a mysterious signal 9 and exited.

As I am the only user of the machine at the time. A blind guess and some ls -lhz commands lead me to the broken selinux label problem.

It turns out that directory up to the second level of the directory are all unlabeled.

My first attempt with chcon -R -t virt_image_t <workdir> failed with some error messages looks like bellow: 

chcon: can't apply partial context to unlabeled file 'VERSION.png'
chcon: can't apply partial context to unlabeled file '1.1_V12'
chcon: can't apply partial context to unlabeled file 'pre-release'
chcon: can't apply partial context to unlabeled file 'hotfix_20200106_rollback'
chcon: can't apply partial context to unlabeled file 'statusmachine.properties'

solution from stackoverflow

To initialize selinux label on unlabeled files:

  1. run chcon -R -h <initial_selinux_label> <workdir>
  2. optionally run chcon -R -t <single_selinux_label> <workdir> if desired, label not in <initialselinuxlabel>
chcon -R -h system_u:object_r:home_root_t:s0 images/
chcon -R -t virt_image_t images/

 

标签:

评论

发表评论

此博客中的热门博文

Eglot and before/after-save-hook and use-package

In Emacs, when you try to automate some actions during every save action, you will surely get to the before-save-hook and the after-save-hook. Simply adding something like gofmt-before-save to before-save-hook will save you tons of time to do the go-fmt. And then, I meet eglot, and gopls will also save me tons of time doing googling and api documentation navigation. But eglot-ensure is not very friendly to the good old ways of how after-save-hooks were designed to work. It makes the before/after-save-hook a buffer local variable and it does not inherit the variable's global value. So, to make before/after-save-hook work again, experts start to adding hooks to major mode specific hooks like this: emacs.md - Go (opensource.google) """ ;; Optional: install eglot-format-buffer as a save hook. ;; The depth of -10 places this before eglot's willSave notification, ;; so that that notification reports the actual contents that will be saved. (defu...
发表评论
阅读全文

XEmacs 21.5 beta 35 "kohlrabi" has been released.

If you are an old XEmacs user, you may feel happy to see this from https://www.xemacs.org/.    After ten years, XEmacs released a new version 21.5. So there's still many people cares about XEmacs. The XEmacs' source repo have been moved from altassian Bitbucket to https://heptapod.net/. As Bitbucket have been dropped Mercurial support many years ago.
发表评论
阅读全文