set/getxattrs - I am badly struck ..

Luke Kenneth Casson Leighton lkcl at lkcl.net
Tue Nov 2 09:17:11 UTC 2004 

jaspreet, hi,

it sounds like you're endeavouring to do _exactly_ what i have been
trying to do: making a filesystem simultaneously available at a second
location.

realistically, you will need to examine types/files.fc and modify
genhomedircon.

i recommend you cut/paste genhomedircon's use of HOME_ROOT and HOME_DIR
to create a second set of macro substitutions VIRTUAL_HOME_ROOT and
VIRTUAL_HOME_DIR.

then, cut/paste the three or so lines in types/files.fc that use
HOME_ROOT and HOME_DIR, prepending VIRTUAL_ in the right places.

and you make sure that genhomedircon prepends /var/ whereever the new
substitutions VIRTUAL_ are used.

in this way, you will end up with a file_contexts that has
double-entries for /home and /var/home.

alternatively, ignore the above and hack genhomedircon to double-output
its lines: outputting both a line for /home and also an identical context
line for /var/home.


what _i_ did was restrict the system to only having one user: therefore
i can get away with using fusexmp to proxy mount /home/sez to
/Documents.

therefore, in the file contexts, i can get away without having to hack
genhomedircon, i can just add a hacked-up entry like this
files/misc/hack.sez.fc:

			/Documents 		sez:object_r:user_t.

l.

On Tue, Nov 02, 2004 at 12:21:45PM +0530, Jaspreet Singh wrote:
> Hi,
> 
> Thanx for the mail .. i have corrected the problem using audit2allow ..
> basically the domain needed permissions to access file-system.
> 
> Could you please help in this case .. I am struck in kernel space
> get/setxattrs (FC3-2.6.8-541 fs=etx3)
> 
> Should there be a difference between using user-space and kernel-space
> get/setxattrs to get/set file xattrs ...
> 
> 
> I have some trouble with using inode->i_op->get/setxattrs ...
> 
> i getxattr from /home and set it to /var/home using inode operations and
> get this -
> 
> ls -Zd /home /var/home
> drwxr-xr-x+ root     root  system_u:object_r:home_root_t    /home/
> drwxr-xr-x+ root     root  system_u:object_r:home_root_t    /var/home/
> 
> perfect till now .. but now when i try and create files inside /var/home
> they get the "root:object_r:var_t" unlike /home where i get
> "root:object_r:user_home_dir_t"  :-(
> 
> and on the contrary if i create /var/home and tag with "home_root_t"
> using setfiles it works perfectly fine ... any clues 
> 
> I cant use user-space get/setxattr coz I am writing a overlay
> file-system ... so ....
> 
> Does selinux intercept (and probably note down ) get/setxattrs syscalls
> or any of the type_tranistions.
> 
> any suggestions ....
> 
> Jaspreet Singh
> 

-- 
--
you don't have to BE MAD   | this space    | my brother wanted to join mensa,
  to work, but   IT HELPS  |   for rent    | for an ego trip - and get kicked 
 you feel better!  I AM    | can pay cash  | out for a even bigger one.
--

More information about the fedora-selinux-list mailing list