How can I set label to symbolic link ?
Shintaro Fujiwara
shintaro.fujiwara at gmail.com
Mon Apr 20 13:29:14 UTC 2009
But, what does -- stands for, in regular Linux admin work ?
I will forget it easily.
Or am I dumb fool not knowing Linux commands?
2009/4/20 Daniel J Walsh <dwalsh at redhat.com>:
> On 04/20/2009 08:47 AM, Shintaro Fujiwara wrote:
>>
>> Here it is , sir...
>>
>> Well, actually I'm trying to write my segatex policy.
>> /usr/bin/segatex is actually link to /usr/bin/consolehelper
>>
>> In my INSTALL script I declared,
>> ##################################
>> ln -s /usr/bin/consolehelper /usr/bin/segatex
>> ##################################
>>
>> I've been running my program in unconfined domain for several years,
>> but I want to confine it now.
>> So, I tried to label segatex_exec_t to /usr/bin/segatex.
>>
>> Made it fine, install all-right.
>>
>> I could find segatex module, you know...
>> But alas, I could not restorecon nor autorelabel.
>>
>> Why?
>>
>>
>> # segatex executable will have:
>> # label: system_u:object_r:segatex_exec_t
>> # MLS sensitivity: s0
>> # MCS categories:<none>
>>
>> /usr/bin/segatex --
>> gen_context(system_u:object_r:segatex_exec_t,s0)
>> /usr/share/segatex(/.*)? --
>> gen_context(system_u:object_r:segatex_etc_t,s0)
>>
>
> The -- tells the system to only label standard files with the segatext
> label.
>
> If you eliminate "--" it will match everything. If you want to match only
> symbolic links you would use "-l", Directories "-d". The same symbols that
> ls uses at the begining of a ls line.
>>
>>
>>
>> 2009/4/20 Daniel J Walsh<dwalsh at redhat.com>:
>>>
>>> On 04/20/2009 08:32 AM, Shintaro Fujiwara wrote:
>>>>
>>>> I wrote a policy which declares some label to symbolic link, and I
>>>> restoreconed, but failed ?
>>>>
>>>> Am I stupid or what should I do to this ?
>>>>
>>>> Thanks.
>>>>
>>> What does you fc file look like?
>>>
>>
>>
>>
>
>
--
http://intrajp.no-ip.com/ Home Page
More information about the fedora-selinux-list
mailing list