LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-07-2012, 03:17 AM   #1
parthipan
LQ Newbie
 
Registered: May 2012
Posts: 11

Rep: Reputation: Disabled
what do selinux can't apply partial context to unlabeled file /usr/local/nagios/sbin/


Instead of disabling SELinux or setting it to permissive mode, you can use the following command to run the CGIs under SELinux enforcing/targeted mode:

[root@localhost ~]# chcon -R -t httpd_sys_content_t /usr/local/nagios/sbin/

chcon: can't apply partial context to unlabeled file /usr/local/nagios/sbin/

how to solve this problem?

when i provide
Code:
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]# setenforce 0
setenforce: SELinux is disabled
i tried in many ways
Code:
[root@localhost ~]# cd /usr/local/nagios/sbin
[root@localhost sbin]# ls -Z
-rwxrwxr-x  nagios nagios                                  avail.cgi
-rwxrwxr-x  nagios nagios                                  cmd.cgi
-rwxrwxr-x  nagios nagios                                  config.cgi
-rwxrwxr-x  nagios nagios                                  extinfo.cgi
-rwxrwxr-x  nagios nagios                                  histogram.cgi
-rwxrwxr-x  nagios nagios                                  history.cgi
-rwxrwxr-x  nagios nagios                                  notifications.cgi
-rwxrwxr-x  nagios nagios                                  outages.cgi
-rwxrwxr-x  nagios nagios                                  showlog.cgi
-rwxrwxr-x  nagios nagios                                  status.cgi
-rwxrwxr-x  nagios nagios                                  statusmap.cgi
-rwxrwxr-x  nagios nagios                                  statuswml.cgi
-rwxrwxr-x  nagios nagios                                  statuswrl.cgi
-rwxrwxr-x  nagios nagios                                  summary.cgi
-rwxrwxr-x  nagios nagios                                  tac.cgi
-rwxrwxr-x  nagios nagios                                  trends.cgi
[root@localhost sbin]# chcon -t httpd_sys_script_exec_t *.cgi
chcon: can't apply partial context to unlabeled file avail.cgi
chcon: can't apply partial context to unlabeled file cmd.cgi
chcon: can't apply partial context to unlabeled file config.cgi
chcon: can't apply partial context to unlabeled file extinfo.cgi
chcon: can't apply partial context to unlabeled file histogram.cgi
chcon: can't apply partial context to unlabeled file history.cgi
chcon: can't apply partial context to unlabeled file notifications.cgi
chcon: can't apply partial context to unlabeled file outages.cgi
chcon: can't apply partial context to unlabeled file showlog.cgi
chcon: can't apply partial context to unlabeled file status.cgi
chcon: can't apply partial context to unlabeled file statusmap.cgi
chcon: can't apply partial context to unlabeled file statuswml.cgi
chcon: can't apply partial context to unlabeled file statuswrl.cgi
chcon: can't apply partial context to unlabeled file summary.cgi
chcon: can't apply partial context to unlabeled file tac.cgi
chcon: can't apply partial context to unlabeled file trends.cgi
[root@localhost sbin]# ls -Z
-rwxrwxr-x  nagios nagios                                  avail.cgi
-rwxrwxr-x  nagios nagios                                  cmd.cgi
-rwxrwxr-x  nagios nagios                                  config.cgi
-rwxrwxr-x  nagios nagios                                  extinfo.cgi
-rwxrwxr-x  nagios nagios                                  histogram.cgi
-rwxrwxr-x  nagios nagios                                  history.cgi
-rwxrwxr-x  nagios nagios                                  notifications.cgi
-rwxrwxr-x  nagios nagios                                  outages.cgi
-rwxrwxr-x  nagios nagios                                  showlog.cgi
-rwxrwxr-x  nagios nagios                                  status.cgi
-rwxrwxr-x  nagios nagios                                  statusmap.cgi
-rwxrwxr-x  nagios nagios                                  statuswml.cgi
-rwxrwxr-x  nagios nagios                                  statuswrl.cgi
-rwxrwxr-x  nagios nagios                                  summary.cgi
-rwxrwxr-x  nagios nagios                                  tac.cgi
-rwxrwxr-x  nagios nagios                                  trends.cgi
[root@localhost sbin]# 
[root@localhost sbin]# 
[root@localhost sbin]# 
[root@localhost sbin]# chcon -t httpd_sys_script_exec_t *.cgi
chcon: can't apply partial context to unlabeled file avail.cgi
chcon: can't apply partial context to unlabeled file cmd.cgi
chcon: can't apply partial context to unlabeled file config.cgi
chcon: can't apply partial context to unlabeled file extinfo.cgi
chcon: can't apply partial context to unlabeled file histogram.cgi
chcon: can't apply partial context to unlabeled file history.cgi
chcon: can't apply partial context to unlabeled file notifications.cgi
chcon: can't apply partial context to unlabeled file outages.cgi
chcon: can't apply partial context to unlabeled file showlog.cgi
chcon: can't apply partial context to unlabeled file status.cgi
chcon: can't apply partial context to unlabeled file statusmap.cgi
chcon: can't apply partial context to unlabeled file statuswml.cgi
chcon: can't apply partial context to unlabeled file statuswrl.cgi
chcon: can't apply partial context to unlabeled file summary.cgi
chcon: can't apply partial context to unlabeled file tac.cgi
chcon: can't apply partial context to unlabeled file trends.cgi
[root@localhost sbin]#
 
Old 06-07-2012, 03:32 AM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,758

Rep: Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644Reputation: 644
Try editing /etc/sysconfig/selinux and changing it to 'permissive', then
Code:
touch /.autorelabel
reboot
Once rebooted you probably want to add the file context using
Code:
semanage fcontext -a -t httpd_sys_content_t /usr/local/nagios/sbin
then
Code:
restorecon -r /usr/local/nagios/sbin
 
Old 06-07-2012, 04:39 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928
A partial context can't be set if a file is unlabeled. So without setting SELinux to permissive, without autorelabeling and without first setting a fcontext, I would first run 'restorecon -FRvvn /usr/local/nagios/sbin/' to make it show what it would set the context to. (It'll probably default to system_u:object_r:usr_t.) If that's the case then you should be able to 'chcon -u system_u -r object_r -t usr_t -R /usr/local/nagios' and 'chcon -u system_u -r object_r -t httpd_sys_script_exec_t /usr/local/nagios/sbin/*.cgi' before storing changes with 'semanage'. Also note that you shouldn't 'semanage fcontext' "httpd_sys_content_t" on /usr/local/nagios/sbin if the directory contains more than only CGI files and to apply to a context to CGI files alone IIRC the right invocation would be
'semanage fcontext -a -f -- -t httpd_sys_content_t /usr/local/nagios/sbin/.*\.cgi'. Running 'semanage fcontext -l |grep 'local/nagios/sbin';' afterwards should show if it stuck.
 
Old 06-07-2012, 08:15 AM   #4
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 6.5
Posts: 483

Rep: Reputation: 85
You are getting the error probably because you have disabled SElinux. So all labels are removed. This is shown by your ls command as well since there is not a period after the permissions. (e.g. rwxrwxrwx.) Since the files do not have labels, how can you add a label. You will have to enable selinux and then relable all files (auto way is to reboot) note this may take a while. After it is re enabled, you should be able to set the labels again.



Moderator note: merged from OP's duplicate thread.

Last edited by colucix; 06-07-2012 at 02:33 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ould not create external command file '/usr/local/nagios/var/rw/nagios.cmd gerard.zapata Linux - Newbie 2 09-14-2012 02:57 PM
Dansguardian binary file in /usr/local/sbin dies out from time to time? linuxlover.chaitanya Linux - Server 3 05-21-2010 03:01 AM
making files available in /usr/local/bin and /usr/sbin reakinator Linux - Newbie 1 10-14-2006 06:09 PM
chcon: can't apply partial context to unlabeled file... DevNRG Linux - General 7 10-12-2005 05:01 PM


All times are GMT -5. The time now is 01:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration