An interesting restorecon mislabel from selinux-policy-strict...
Russell Coker
russell at coker.com.au
Sun Feb 12 22:25:27 UTC 2006
On Monday 13 February 2006 02:58, Valdis.Kletnieks at vt.edu wrote:
> On Sun, 12 Feb 2006 17:50:45 +1100, Russell Coker said:
> > On Saturday 04 February 2006 05:46, Valdis.Kletnieks at vt.edu wrote:
> > > /usr/src(/.*)? system_u:object_r:src_t:s0
> > > /usr(/.*)?/lib(64)?(/.*)?
> > > system_u:object_r:lib_t:s0
> > >
> > > Guess what just happened to all the files under
> > > /usr/src/linux-2.6.16-foo/lib/
> >
> > The most specific entries now have the highest priority (IE they come
> > last in the list).
> >
> > The solution is to add the following to the file_contexts:
> > /usr/src/(.+/)?lib(64)?(/.*)?
> > system_u:object_r:lib_t:s0
>
> Won't this regexp relabel /usr/src/linux-2.6.16/lib to lib_t rather than
> src_t,
Sorry, I thought that's what you wanted!
> which is the exact same problem? Or did you mean to have src_t in
> that?
Yes, src_t if that's what you want.
But maybe the /usr(/.*) regex needs to be replaced by several less general
regexes.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list