What's the proper way to set context on locally installed files?
Stephen Smalley
sds at tycho.nsa.gov
Thu Jun 30 15:10:05 UTC 2005
On Thu, 2005-06-30 at 10:04 -0500, Jason L Tibbitts III wrote:
> Matlab, it seems, puts shared libs and binaries in the same
> directory. I will freely admit that Matlab is a piece of crap, but I
> have no choice but to support it.
>
> Until recent policy updates the location of the libraries was not an
> issue, but under selinux-policy-targeted-1.17.30-3.15 Matlab fails to
> start at all because it can't load its libraries. On my system they
> live under /usr/lib/matlab-14.2/bin/glnx86, and I suppose due to that
> they end up with system_u:object_r:bin_t context. If I do
>
> chcon system_u:object_r:shlib_t /usr/lib/matlab-14.2/bin/glnx86/*.so
>
> everything is happy.
>
> I'm going to see if I can hack Matlab to look for its libraries
> elsewhere, but if I can't I wonder if there's any way for me to
> include local file context overrides for things like this.
In FC4, there is an
optional /etc/selinux/targeted/contexts/files/file_contexts.local file
that can be created for local overrides. I don't think that support is
in FC3, unless they back port the corresponding changes to
matchpathcon/setfiles.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list