Tag: check

CHECKING THE DEFAULT SELINUX CONTEXT

Use the matchpathcon command to check if files and directories have the correct SELinux context. From the matchpathcon(8) manual page: “matchpathcon queries the system policy and outputs the default security context associated with the file path”. The following example demonstrates using the matchpathcon command to verify that files in /var/www/html/ directory are labeled correctly:
  1. As the Linux root user, run the touch /var/www/html/file{1,2,3} command to create three files (file1file2, and file3). These files inherit the httpd_sys_content_t type from the /var/www/html/ directory:
    ~]# touch /var/www/html/file{1,2,3} ~]# ls -Z /var/www/html/ -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file1 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file2 -rw-r--r-- root root unconfined_u:object_r:httpd_sys_content_t:s0 file3
  2. As the Linux root user, run the chcon -t samba_share_t /var/www/html/file1command to change the file1 type to samba_share_t. Note that the Apache HTTP Server cannot read files or directories labeled with the samba_share_t type.
  3. The matchpathcon -V option compares the current SELinux context to the correct, default context in SELinux policy. Run the matchpathcon -V /var/www/html/*command to check all files in the /var/www/html/ directory:
    ~]$ matchpathcon -V /var/www/html/* /var/www/html/file1 has context unconfined_u:object_r:samba_share_t:s0, should be system_u:object_r:httpd_sys_content_t:s0 /var/www/html/file2 verified. /var/www/html/file3 verified.
The following output from the matchpathcon command explains that file1 is labeled with the samba_share_t type, but should be labeled with the httpd_sys_content_ttype:
/var/www/html/file1 has context unconfined_u:object_r:samba_share_t:s0, should be system_u:object_r:httpd_sys_content_t:s0
To resolve the label problem and allow the Apache HTTP Server access to file1, as the Linux root user, run the restorecon -v /var/www/html/file1 command:
~]# restorecon -v /var/www/html/file1 restorecon reset /var/www/html/file1 context unconfined_u:object_r:samba_share_t:s0->system_u:object_r:httpd_sys_content_t:s0

Cannot remove file: “Structure needs cleaning”

That is strongly indicative of file-system corruption. You should unmount, make a sector-level backup of your disk, and then run fsck to see what is up. If there is major corruption, you may later be happy that you did a sector-level backup before letting fsck tamper with the data.

How to Check for Errors on a Disk

Run fsck on the target disk, using the desired options. This example checks all file systems (-A) on /dev/sdb:

fsck -A /dev/sdb

Understand fsck Error Codes

The error codes that fsck returns can be understood with the following table from man7.org:

Code Error Code Meaning
0 No errors
1 Filesystem errors corrected
2 System should be rebooted
4 Filesystem errors left uncorrected
8 Operational error
16 Usage or syntax error
32 Checking canceled by user request
128 Shared-library error

Use fsck to Repair File System Errors

Use the -r option to use the interactive repair option.

This example uses fsck to check all file systems except the root, and will attempt repair using the interactive feature:

fsck -AR -y

To check and attempt to repair any errors on /dev/sdb, use this format:

fsck -y /dev/sdb