SELinux: chcon to a type, ls -Z shows another one

Question

When I do

chcon -v -t httpd_sys_script_ro_t a_folder_at_home/

And then:

ls -dZ

I got:

DACs user grp unconfined_u:object_r:httpd_sys_content_t:s0 a_folder_at_home/

In case of error I would have expected something like:

chcon -v -t httpd_sys_ro_content_t a_folder_at_home/
chcon: failed to change context of `a_folter_at_home/' to `unconfined_u:object_r:httpd_sys_ro_content_t:s0': Invalid argument

Is this some kind of alias?

I am using Scientific Linux 6

score 2 · Accepted Answer · answered May 22 '17 at 12:50

2

Yes, the line

typealias httpd_$1_content_t alias httpd_$1_script_ro_t;

in the reference policy defines the script_ro types as aliases of their respective content types.

The kernel will use the canonical types, ie the content types.

answered May 22 '17 at 12:50

micha137

136
6

SELinux: chcon to a type, ls -Z shows another one

1 Answers1