How can I set label to symbolic link ?

Shintaro Fujiwara shintaro.fujiwara at gmail.com
Mon Apr 20 16:40:46 UTC 2009 

Thank you, sir.

That'll make sense to me.


2009/4/20 Daniel J Walsh <dwalsh at redhat.com>:
> On 04/20/2009 09:29 AM, Shintaro Fujiwara wrote:
>>
>> But, what does -- stands for, in regular Linux admin work ?
>> I will forget it easily.
>>
>> Or am I dumb fool not knowing Linux commands?
>>
>>
>> 2009/4/20 Daniel J Walsh<dwalsh at redhat.com>:
>>>
>>> On 04/20/2009 08:47 AM, Shintaro Fujiwara wrote:
>>>>
>>>> Here it is , sir...
>>>>
>>>> Well, actually I'm trying to write my segatex policy.
>>>> /usr/bin/segatex is actually link to /usr/bin/consolehelper
>>>>
>>>> In my INSTALL script I declared,
>>>> ##################################
>>>> ln -s /usr/bin/consolehelper /usr/bin/segatex
>>>> ##################################
>>>>
>>>> I've been running my program in unconfined domain for several years,
>>>> but I want to confine it now.
>>>> So, I tried to label segatex_exec_t to /usr/bin/segatex.
>>>>
>>>> Made it fine, install all-right.
>>>>
>>>> I could find segatex module, you know...
>>>> But alas,  I could not restorecon nor autorelabel.
>>>>
>>>> Why?
>>>>
>>>>
>>>> # segatex executable will have:
>>>> # label: system_u:object_r:segatex_exec_t
>>>> # MLS sensitivity: s0
>>>> # MCS categories:<none>
>>>>
>>>> /usr/bin/segatex         --
>>>> gen_context(system_u:object_r:segatex_exec_t,s0)
>>>> /usr/share/segatex(/.*)?         --
>>>> gen_context(system_u:object_r:segatex_etc_t,s0)
>>>>
>>> The -- tells the system to only label standard files with the segatext
>>> label.
>>>
>>> If you eliminate "--"  it will match everything.  If you want to match
>>> only
>>> symbolic links you would use "-l", Directories "-d".  The same symbols
>>> that
>>> ls uses at the begining of a ls line.
>>>>
>>>>
>>>> 2009/4/20 Daniel J Walsh<dwalsh at redhat.com>:
>>>>>
>>>>> On 04/20/2009 08:32 AM, Shintaro Fujiwara wrote:
>>>>>>
>>>>>> I wrote a policy which declares some label to symbolic link, and I
>>>>>> restoreconed, but failed ?
>>>>>>
>>>>>> Am I stupid or what should I do to this ?
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>> What does you fc file look like?
>>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
> The first "-", I believe, is just an indicator for the tools to use an
> option.  The second is the is just the "file type" as used in the ls
> command.  The first letter is the output of ls -l
>
> ls -l /etc
>
> ...
> lrwxrwxrwx.  1 root         root        22 2008-06-12 21:55 grub.conf ->
> ../boot/grub/grub.conf
> ...
> -rw-r--r--. 1 root root 3101 2009-03-30 10:55 /etc/passwd
> ...
> drwxr-xr-x.  2 root         root      4096 2009-02-13 08:51 squid
>
>



-- 
http://intrajp.no-ip.com/ Home Page

More information about the fedora-selinux-list mailing list