File contexts and how are files labeled?
Timothy Renner
timothy.renner at gmail.com
Mon Oct 27 21:34:40 UTC 2008
First off, thanks for the answers about finding out the SELinux
transactions... autrace was the way to go.... Now I have a more
fundamental problem... In the file context labels, there are two rules
that conflict:
/sbin/.* all files system_u:object_r:bin_t:s0
and
/sbin/mount.mymounter regular file system_u:object_r:myfile_exec_t:s0
The problem though is that the file gets labeled under the blanket
/sbin/.* context, rather than the more specific one:
> ls -lZ /sbin/mount.mymounter
lrwxrwxrwx root root system_u:object_r:bin_t
/sbin/mount.mymounter -> /myproject/sbin/mymounter
Any thoughts on this? Can someone explain how the file context is
derived from the rules? Is it as simple as whichever matches first?
And does anyone know a way around this labeling problem, assuming I
cannot remove the /sbin/.* rule, but can only add rules through a policy
module.
Thanks again,
-Tim
More information about the fedora-selinux-list
mailing list