[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to get an SELinux policy change



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jerry James wrote:
> 2008/11/7 yersinia <yersinia spiros gmail com>:
>> Do look useful this docu ?
>>
>> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
> 
> Thank you.  That is a very useful document.  However, it does not
> appear to answer my question.  I need a non-default security context
> for binaries that are both built and executed in the %build script,
> when the policy module has not yet been installed.  It appears to me
> that there are only two ways to accomplish this: keep abusing
> java_exec_t like I have been, or get a GCL policy incorporated into
> selinux-policy* prior to building GCL.  Am I wrong?  Is there some
> other option?  Does anyone have any guidance to offer me on which
> option to pursue?  Thanks,
I would go with the chcon solution you have but instead of hard coding
the java_exec_t, I would execute

You can get the context of the final destination of the file using

chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl

Which seems to be a fine way of doing. this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkUVl4ACgkQrlYvE4MpobN7FgCfQYUN5Xeui9NAYfyaDGisUqKV
hyYAoJbnNpRFq4hsVhClKDDysq+CBPJ7
=GYSP
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]