How can I set label to symbolic link ?

Daniel J Walsh dwalsh at redhat.com
Mon Apr 20 13:45:06 UTC 2009 

On 04/20/2009 09:29 AM, Shintaro Fujiwara wrote:
> But, what does -- stands for, in regular Linux admin work ?
> I will forget it easily.
>
> Or am I dumb fool not knowing Linux commands?
>
>
> 2009/4/20 Daniel J Walsh<dwalsh at redhat.com>:
>> On 04/20/2009 08:47 AM, Shintaro Fujiwara wrote:
>>> Here it is , sir...
>>>
>>> Well, actually I'm trying to write my segatex policy.
>>> /usr/bin/segatex is actually link to /usr/bin/consolehelper
>>>
>>> In my INSTALL script I declared,
>>> ##################################
>>> ln -s /usr/bin/consolehelper /usr/bin/segatex
>>> ##################################
>>>
>>> I've been running my program in unconfined domain for several years,
>>> but I want to confine it now.
>>> So, I tried to label segatex_exec_t to /usr/bin/segatex.
>>>
>>> Made it fine, install all-right.
>>>
>>> I could find segatex module, you know...
>>> But alas,  I could not restorecon nor autorelabel.
>>>
>>> Why?
>>>
>>>
>>> # segatex executable will have:
>>> # label: system_u:object_r:segatex_exec_t
>>> # MLS sensitivity: s0
>>> # MCS categories:<none>
>>>
>>> /usr/bin/segatex         --
>>> gen_context(system_u:object_r:segatex_exec_t,s0)
>>> /usr/share/segatex(/.*)?         --
>>> gen_context(system_u:object_r:segatex_etc_t,s0)
>>>
>> The -- tells the system to only label standard files with the segatext
>> label.
>>
>> If you eliminate "--"  it will match everything.  If you want to match only
>> symbolic links you would use "-l", Directories "-d".  The same symbols that
>> ls uses at the begining of a ls line.
>>>
>>>
>>> 2009/4/20 Daniel J Walsh<dwalsh at redhat.com>:
>>>> On 04/20/2009 08:32 AM, Shintaro Fujiwara wrote:
>>>>> I wrote a policy which declares some label to symbolic link, and I
>>>>> restoreconed, but failed ?
>>>>>
>>>>> Am I stupid or what should I do to this ?
>>>>>
>>>>> Thanks.
>>>>>
>>>> What does you fc file look like?
>>>>
>>>
>>>
>>
>
>
>

The first "-", I believe, is just an indicator for the tools to use an 
option.  The second is the is just the "file type" as used in the ls 
command.  The first letter is the output of ls -l

ls -l /etc

...
lrwxrwxrwx.  1 root         root        22 2008-06-12 21:55 grub.conf -> 
../boot/grub/grub.conf
...
-rw-r--r--. 1 root root 3101 2009-03-30 10:55 /etc/passwd
...
drwxr-xr-x.  2 root         root      4096 2009-02-13 08:51 squid

More information about the fedora-selinux-list mailing list