From: Timothy Wood <timothy@hallcomp.com>
To: Stephen Smalley <sds@tislabs.com>
Cc: SELinux <SELinux@tycho.nsa.gov>
Subject: Re: new file contexts
Date: 23 Aug 2002 10:47:15 -0400 [thread overview]
Message-ID: <1030114035.16278.31.camel@phobos> (raw)
In-Reply-To: <Pine.GSO.4.33.0208231010230.20183-100000@raven>
В Птн, 23.08.2002, в 10:14, Stephen Smalley написал:
>
> On 23 Aug 2002, Timothy Wood wrote:
>
> > So then I am required to have a corresponding .te for my new .fc file
> > correct?
>
> Yes, and this is typically what you want - there should be no reason to
> have a program .fc file if there is no corresponding program .te file
> (Where else would the program's domain and types be defined in the
> policy?). If for some reason you do not have any corresponding program
> .te file (this would be odd, and I'd be interested in the explanation),
> you could directly edit file_contexts/type.fc to add your entries or you
> could add your new .fc file to the FCFILES= definition in the
> policy/Makefile.
>
> --
> Stephen D. Smalley, NAI Labs
> ssmalley@nai.com
I have a Window Manager that installs itself in /usr/apps (ROX
http://rox.sourceforge.net ). I need to label all of the AppRun files
in the subdirectories, as well as a few other files, in the
system_u:object_r:bin_t context. I don't really need to change anything
else for it to work because I relabeled them and everything runs ok.
What I did was when remaking the policy didn't seem to pickup the new
.fc I appended it to an existing .fc to see if it would read the changes
from there. The relabeling worked after that, obviously, but I couldn't
figure out why it didn't pickup my new .fc file. Though now I know it
needs a .te file to look for a .fc file. At any rate, the changes I
made just relabel the ROX executable files as if they were installed in
the /usr/bin directory, so they really don't need their own domain
(gnome doesn't so I don't see why ROX would). So should I just append
these changes to the types.fc since that is where the generic /usr/bin
type is located or would it be better to leave them in the already
seperate rox.fc and change the Makefile?
here are my changes:
# ROX
/usr/apps/ROX-Filer/Linux-ix86/ROX-Filer system_u:object_r:bin_t
/usr/apps/ROX-Session/Linux-ix86/ROX-Session system_u:object_r:bin_t
/usr/apps/(.*)/AppRun system_u:object_r:bin_t
Timothy,
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next parent reply other threads:[~2002-08-23 14:47 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.GSO.4.33.0208231010230.20183-100000@raven>
2002-08-23 14:47 ` Timothy Wood [this message]
2002-08-23 14:52 ` new file contexts Stephen Smalley
2002-08-23 16:10 ` Russell Coker
2002-08-23 17:03 ` Timothy Wood
2002-08-23 13:46 Timothy Wood
2002-08-23 13:50 ` Stephen Smalley
2002-08-23 14:17 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1030114035.16278.31.camel@phobos \
--to=timothy@hallcomp.com \
--cc=SELinux@tycho.nsa.gov \
--cc=sds@tislabs.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.