[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: How can I set label to symbolic link ?
- From: Shintaro Fujiwara <shintaro fujiwara gmail com>
- To: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Cc:
- Subject: Re: How can I set label to symbolic link ?
- Date: Mon, 20 Apr 2009 22:20:59 +0900
Yeha!
These days, I've been writing my program and discarded contrivances
that you invented...
That reminds me old book that Yuichi wrote several years ago.
And also thanks to your documentation on web recently.
I will ship my segatex with its own policy in a few days.
THKS!
2009/4/20 Daniel J Walsh <dwalsh redhat com>:
> On 04/20/2009 08:47 AM, Shintaro Fujiwara wrote:
>>
>> Here it is , sir...
>>
>> Well, actually I'm trying to write my segatex policy.
>> /usr/bin/segatex is actually link to /usr/bin/consolehelper
>>
>> In my INSTALL script I declared,
>> ##################################
>> ln -s /usr/bin/consolehelper /usr/bin/segatex
>> ##################################
>>
>> I've been running my program in unconfined domain for several years,
>> but I want to confine it now.
>> So, I tried to label segatex_exec_t to /usr/bin/segatex.
>>
>> Made it fine, install all-right.
>>
>> I could find segatex module, you know...
>> But alas, I could not restorecon nor autorelabel.
>>
>> Why?
>>
>>
>> # segatex executable will have:
>> # label: system_u:object_r:segatex_exec_t
>> # MLS sensitivity: s0
>> # MCS categories:<none>
>>
>> /usr/bin/segatex --
>> gen_context(system_u:object_r:segatex_exec_t,s0)
>> /usr/share/segatex(/.*)? --
>> gen_context(system_u:object_r:segatex_etc_t,s0)
>>
>
> The -- tells the system to only label standard files with the segatext
> label.
>
> If you eliminate "--" it will match everything. If you want to match only
> symbolic links you would use "-l", Directories "-d". The same symbols that
> ls uses at the begining of a ls line.
>>
>>
>>
>> 2009/4/20 Daniel J Walsh<dwalsh redhat com>:
>>>
>>> On 04/20/2009 08:32 AM, Shintaro Fujiwara wrote:
>>>>
>>>> I wrote a policy which declares some label to symbolic link, and I
>>>> restoreconed, but failed ?
>>>>
>>>> Am I stupid or what should I do to this ?
>>>>
>>>> Thanks.
>>>>
>>> What does you fc file look like?
>>>
>>
>>
>>
>
>
--
http://intrajp.no-ip.com/ Home Page
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]