I‘ve created a file as follows:
ls -l -Z /etc/cron.d/vnstat
-rw-r–r–. root root system_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat
I’ve created a new file /etc/cron.d/vnstat.custom.interface:
ls -l -Z /etc/cron.d/vnstat.custom.interface
-rw-r–r–. root root unconfined_u:object_r:system_cron_spool_t:s0 /etc/cron.d/vnstat.custom.interface
The /etc/cron.d/vnstat is part of default vnstat package. I’ve installed my own version of the same. But, due to SELinux security cron job is not running. How do I change file SELinux security contex under RHEL / CentOS 6 Linux server to system_u:object_r:system_cron_spool_t:s0 from unconfined_u:object_r:system_cron_spool_t:s0 for /etc/cron.d/vnstat.custom.interface file?
You need to use the chcon command to change the SELinux security context of FILE. The syntax is as follows:
chcon --reference=/path/to/existingfile /path/to/a/newfile |
OR
chcon CONTEXT /path/to/a/newfile |
Syntax #1 Example
The first syntax is easy to use and recommend for all users:
# cd /etc/cron.d/
# chcon --reference=vnstat vnstat.custom.interface
Verify new context, type:
# ls -Z vnstat*
Sample outputs:
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat -rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat.custom.interface
Syntax #2 Example
First, see existing context, enter:
# cd /etc/cron.d/
# ls -Z vnstat
Sample outputs:
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstatUse the following syntax to copy system_u:object_r:system_cron_spool_t:s0 context:
# chcon system_u:object_r:system_cron_spool_t:s0 vnstat.custom.interface
Verify the same, enter:
# ls -Z vnstat*
Sample outputs:
-rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat -rw-r--r--. root root system_u:object_r:system_cron_spool_t:s0 vnstat.custom.interface
ADVERTISEMENTS