[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: kmod-nvidia-1.0.8178-6.2.6.16_1.2080_FC5



On Thu, 2006-03-30 at 09:13 -0800, alan wrote:
> On Thu, 30 Mar 2006, Stephen Smalley wrote:
> 
> >> In FC5 we have
> >>
> >> /usr(/.*)?/nvidia/.*\.so(\..*)?        --
> >> gen_context(system_u:object_r:textrel_shlib_t,s0)
> >
> > Looks like it is being overriden by a later entry in file_contexts:
> > /usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)*            --      system_u:object_r:shlib_t
> 
> Is there a way to log an error when an overlap like this occurs?

Such overlap is a normal part of file_contexts; you put more general
expressions first to provide defaults (e.g. mapping everything with no
matching spec to default_t via /.*, mapping all .so files under /usr/lib
not otherwise specified to lib_t via the regex above, etc) and then
provide more specific refinements.  There is an improved sorting
algorithm coming for file_contexts, but it can't do much when you have
two roughly equally generic regexes like the above two - which is more
specific?  Fully specified paths (no regexes) always win, of course.
  
-- 
Stephen Smalley
National Security Agency


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]