Re: how to safely remove an acl: user_u:object_r:user_home_dir_t
On Thu, 10 May 2012 20:28:33 +0100, Berni Elbourn wrote:
> On 10/05/12 19:59, Berni Elbourn wrote:
>> On 10/05/12 18:43, Camaleón wrote:
(...)
>>> The final dot catched my attention :-)
(...)
>> Something like "setfattr -x security.selinux /home/manager.gwcc" ???
Yes. But let's see what the manual says on this:
***
man setfattr
-x name, --remove=name
Remove the named extended attribute entirely.
***
It sounds like a logical approach with no other side effects :-?
>> Trouble is selinux is off:
>>
>> $ sudo sestatus
>> SELinux status: disabled
Mmm... weird. True is that Debian does not enable SELinux by default
(AFAIK) but maybe is that there's some kind of relation between SELinux
and the usage of extended attributes.
Here there's some explanation on this:
http://fedoraproject.org/wiki/Security_context
>> Also the attr package is not installed...
>>
>> $ apt-cache policy attr
>> attr:
>> Installed: (none)
>> Candidate: 1:2.4.44-2
>> Version table:
>> 1:2.4.44-2 0
>> 500 http://ftp.uk.debian.org/debian/ squeeze/main amd64 Packages
>>
>> so no setfattr???
Then you will have to install it :-)
> :-) But wow, bite the bullet and install attr:
>
> $ sudo getfattr -n security.selinux /home/manager.gwcc/
> getfattr: Removing leading '/' from absolute path names
> # file: home/manager.gwcc/
> security.selinux="user_u:object_r:user_home_dir_t
>
> $ sudo setfattr -x security.selinux /home/manager.gwcc/
> $ ls -lZd /home/manager.gwcc/
> drwxr-x--- 2 manager.gwcc e-manager ? 4096 May 10 20:14 /home/manager.gwcc/
> $ ls -ld /home/manager.gwcc/
> drwxr-x--- 2 manager.gwcc e-manager 4096 May 10 20:14 /home/manager.gwcc/
>
> Huge thanks !
Hey, perfect! No more "trailing dots" ;-)
And thanks for sharing. I will annotate your solution so I can recall it
as a future reference.
Greetings,
--
Camaleón
Reply to: