How to get an SELinux policy change
Daniel J Walsh
dwalsh at redhat.com
Fri Nov 7 14:53:18 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jerry James wrote:
> 2008/11/7 yersinia <yersinia.spiros at gmail.com>:
>> Do look useful this docu ?
>>
>> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules
>
> Thank you. That is a very useful document. However, it does not
> appear to answer my question. I need a non-default security context
> for binaries that are both built and executed in the %build script,
> when the policy module has not yet been installed. It appears to me
> that there are only two ways to accomplish this: keep abusing
> java_exec_t like I have been, or get a GCL policy incorporated into
> selinux-policy* prior to building GCL. Am I wrong? Is there some
> other option? Does anyone have any guidance to offer me on which
> option to pursue? Thanks,
I would go with the chcon solution you have but instead of hard coding
the java_exec_t, I would execute
You can get the context of the final destination of the file using
chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl
Which seems to be a fine way of doing. this.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkUVl4ACgkQrlYvE4MpobN7FgCfQYUN5Xeui9NAYfyaDGisUqKV
hyYAoJbnNpRFq4hsVhClKDDysq+CBPJ7
=GYSP
-----END PGP SIGNATURE-----
More information about the fedora-devel-list
mailing list