How can I set label to symbolic link ?
Daniel J Walsh
dwalsh at redhat.com
Mon Apr 20 12:57:11 UTC 2009
On 04/20/2009 08:47 AM, Shintaro Fujiwara wrote:
> Here it is , sir...
>
> Well, actually I'm trying to write my segatex policy.
> /usr/bin/segatex is actually link to /usr/bin/consolehelper
>
> In my INSTALL script I declared,
> ##################################
> ln -s /usr/bin/consolehelper /usr/bin/segatex
> ##################################
>
> I've been running my program in unconfined domain for several years,
> but I want to confine it now.
> So, I tried to label segatex_exec_t to /usr/bin/segatex.
>
> Made it fine, install all-right.
>
> I could find segatex module, you know...
> But alas, I could not restorecon nor autorelabel.
>
> Why?
>
>
> # segatex executable will have:
> # label: system_u:object_r:segatex_exec_t
> # MLS sensitivity: s0
> # MCS categories:<none>
>
> /usr/bin/segatex --
> gen_context(system_u:object_r:segatex_exec_t,s0)
> /usr/share/segatex(/.*)? --
> gen_context(system_u:object_r:segatex_etc_t,s0)
>
The -- tells the system to only label standard files with the segatext
label.
If you eliminate "--" it will match everything. If you want to match
only symbolic links you would use "-l", Directories "-d". The same
symbols that ls uses at the begining of a ls line.
>
>
>
> 2009/4/20 Daniel J Walsh<dwalsh at redhat.com>:
>> On 04/20/2009 08:32 AM, Shintaro Fujiwara wrote:
>>> I wrote a policy which declares some label to symbolic link, and I
>>> restoreconed, but failed ?
>>>
>>> Am I stupid or what should I do to this ?
>>>
>>> Thanks.
>>>
>> What does you fc file look like?
>>
>
>
>
More information about the fedora-selinux-list
mailing list