[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to get an SELinux policy change



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Howarth wrote:
> On Fri, 07 Nov 2008 09:53:18 -0500
> Daniel J Walsh <dwalsh redhat com> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Jerry James wrote:
>>> 2008/11/7 yersinia <yersinia spiros gmail com>:
>>>> Do look useful this docu ?
>>>>
>>>> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
>>> Thank you.  That is a very useful document.  However, it does not
>>> appear to answer my question.  I need a non-default security context
>>> for binaries that are both built and executed in the %build script,
>>> when the policy module has not yet been installed.  It appears to me
>>> that there are only two ways to accomplish this: keep abusing
>>> java_exec_t like I have been, or get a GCL policy incorporated into
>>> selinux-policy* prior to building GCL.  Am I wrong?  Is there some
>>> other option?  Does anyone have any guidance to offer me on which
>>> option to pursue?  Thanks,
>> I would go with the chcon solution you have but instead of hard coding
>> the java_exec_t, I would execute
>>
>> You can get the context of the final destination of the file using
>>
>> chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl
>>
>> Which seems to be a fine way of doing. this.
> 
> Indeed, but it needs the context type for /usr/bin/gcl to be set to
> java_exec_t or equivalent in the selinux-policy package before it'll
> work.
> 
> Paul.
> 

+/usr/bin/gcl 		       --	gen_context(system_u:object_r:execmem_exec_t,s0)


Will be in selinux-policy-3.5.13-19.fc10
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkkUY5UACgkQrlYvE4MpobNcZwCffDDyogNaxP/4ozZE0omAJ5N5
pjcAnijuOdoAT67e5eD2RVHiiED6p5Gv
=86wN
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]