From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAPLmoRb016547 for ; Tue, 25 Nov 2003 16:48:50 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hAPLmFp5003496 for ; Tue, 25 Nov 2003 21:48:15 GMT Received: from baitaca.ipen.br (baitaca.ipen.br [200.136.52.8]) by jazzswing.ncsc.mil with ESMTP id hAPLmEt0003475 for ; Tue, 25 Nov 2003 21:48:15 GMT Received: (from root@localhost) by baitaca.ipen.br (8.12.9/8.12.9) id hAPLnHk2008230 for selinux@tycho.nsa.gov; Tue, 25 Nov 2003 19:49:17 -0200 Received: from ipen.br ([10.0.12.47]) by baitaca.ipen.br (8.12.9/8.12.9) with ESMTP id hAPLnBeE007855 for ; Tue, 25 Nov 2003 19:49:11 -0200 Message-ID: <3FC3CE10.8020307@ipen.br> Date: Tue, 25 Nov 2003 19:48:00 -0200 From: =?ISO-8859-1?Q?Carlos_An=EDsio_Monteiro?= MIME-Version: 1.0 To: selinux Subject: genfs_contexts file Content-Type: multipart/alternative; boundary="------------000802040100090609040706" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov --------------000802040100090609040706 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi. I have a doubt about *genfs_contexts* file. For example, the statement below: *genfscon vfat / system_u:object_r:dosfs_t* I mounted the windows filesystem with: *mount -t vfat /dev/hda1 /mnt/win* I access with: *cd /mnt/win* and run *ls --context* The print out of the *ls --context* is: *-rwxr--r-- root root (null) 130700.htm drwxr--r-- root root (null) aaa -r-xr--r-- root root (null) admin.dll -rwxr--r-- root root (null) ajapaedi * Is correct the (null) for security context? If I note the line in the genfs_contexts file happen the same thing. The are not change. Thanks. -- Carlos Anisio Monteiro IPEN/CNEN-SP Sao Paulo - Brasil --------------000802040100090609040706 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Hi.

I have a doubt about genfs_contexts file. For example, the statement below:
          
genfscon vfat /                system_u:object_r:dosfs_t

I mounted the windows filesystem with: mount -t vfat /dev/hda1 /mnt/win
I access with: cd /mnt/win and run ls --context
The print out of the ls --context is:
-rwxr--r--  root     root     (null)                           130700.htm
drwxr--r--  root     root     (null)                           aaa
-r-xr--r--  root     root     (null)                           admin.dll
-rwxr--r--  root     root     (null)                           ajapaedi

Is correct the (null) for security context?

If I note the line in the genfs_contexts file happen the same thing. The are not change.

Thanks.

-- 
Carlos Anisio Monteiro  <monteiro@ipen.br>
IPEN/CNEN-SP
Sao Paulo - Brasil
--------------000802040100090609040706-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAQ0ZKRb017271 for ; Tue, 25 Nov 2003 19:35:20 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hAQ0Ykp5012789 for ; Wed, 26 Nov 2003 00:34:46 GMT Received: from ns.sws.net.au (ns.sws.net.au [61.95.69.3]) by jazzswing.ncsc.mil with ESMTP id hAQ0Yit0012780 for ; Wed, 26 Nov 2003 00:34:45 GMT From: Russell Coker Reply-To: russell@coker.com.au To: Carlos =?iso-8859-1?q?An=EDsio=20Monteiro?= , selinux Subject: Re: genfs_contexts file Date: Wed, 26 Nov 2003 11:35:09 +1100 References: <3FC3CE10.8020307@ipen.br> In-Reply-To: <3FC3CE10.8020307@ipen.br> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Message-Id: <200311261135.09128.russell@coker.com.au> Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wed, 26 Nov 2003 08:48, Carlos Anísio Monteiro wrote: > I have a doubt about *genfs_contexts* file. For example, the statement > below: > > *genfscon vfat / system_u:object_r:dosfs_t* > > I mounted the windows filesystem with: *mount -t vfat /dev/hda1 /mnt/win* > I access with: *cd /mnt/win* and run *ls --context* > The print out of the *ls --context* is: > *-rwxr--r-- root root (null) 130700.htm Files/directories that are assigned contexts with genfscon do not have an xattr, so "ls --context" can not show their context. This is a known issue. I don't know if there are plans to change it. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAQDWZRb019207 for ; Wed, 26 Nov 2003 08:32:35 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hAQDW0p5013564 for ; Wed, 26 Nov 2003 13:32:00 GMT Received: from epoch.ncsc.mil (facesaver.epoch.ncsc.mil [144.51.25.10]) by jazzswing.ncsc.mil with ESMTP id hAQDVxt0013561 for ; Wed, 26 Nov 2003 13:31:59 GMT Subject: Re: genfs_contexts file From: Stephen Smalley To: Russell Coker Cc: Carlos =?ISO-8859-1?Q?An=EDsio?= Monteiro , selinux In-Reply-To: <200311261135.09128.russell@coker.com.au> References: <3FC3CE10.8020307@ipen.br> <200311261135.09128.russell@coker.com.au> Content-Type: text/plain Message-Id: <1069853537.30315.8.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Date: Wed, 26 Nov 2003 08:32:18 -0500 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Tue, 2003-11-25 at 19:35, Russell Coker wrote: > Files/directories that are assigned contexts with genfscon do not have an > xattr, so "ls --context" can not show their context. > > This is a known issue. I don't know if there are plans to change it. It would be possible to implement a "pseudo" xattr handler for such filesystems, as we have already done for devpts. But that has to be done for every filesystem type where you want to export the labels to userspace. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzswing.ncsc.mil (jazzswing.ncsc.mil [144.51.68.65]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAQDgmRb019275 for ; Wed, 26 Nov 2003 08:42:48 -0500 (EST) Received: from jazzswing.ncsc.mil (localhost [127.0.0.1]) by jazzswing.ncsc.mil with ESMTP id hAQDgCp7014409 for ; Wed, 26 Nov 2003 13:42:13 GMT Message-ID: <3FC4ADD3.9040505@redhat.com> Date: Wed, 26 Nov 2003 08:42:43 -0500 From: Daniel J Walsh MIME-Version: 1.0 To: Stephen Smalley CC: russell@coker.com.au, =?ISO-8859-1?Q?Carlos_An=EDsio_Monteiro?= , selinux Subject: Re: genfs_contexts file References: <3FC3CE10.8020307@ipen.br> <200311261135.09128.russell@coker.com.au> In-Reply-To: <200311261135.09128.russell@coker.com.au> Content-Type: multipart/alternative; boundary="------------000702040801050805040608" Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov This is a multi-part message in MIME format. --------------000702040801050805040608 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Russell Coker wrote: >On Wed, 26 Nov 2003 08:48, Carlos Anísio Monteiro wrote: > > >>I have a doubt about *genfs_contexts* file. For example, the statement >>below: >> >>*genfscon vfat / system_u:object_r:dosfs_t* >> >>I mounted the windows filesystem with: *mount -t vfat /dev/hda1 /mnt/win* >>I access with: *cd /mnt/win* and run *ls --context* >>The print out of the *ls --context* is: >>*-rwxr--r-- root root (null) 130700.htm >> >> > >Files/directories that are assigned contexts with genfscon do not have an >xattr, so "ls --context" can not show their context. > >This is a known issue. I don't know if there are plans to change it. > > Steven, Is there a way to change libselinux to return this data, ie if getfilecon is going to return NULL, then have it return the genfscon value? Dan --------------000702040801050805040608 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Russell Coker wrote:
On Wed, 26 Nov 2003 08:48, Carlos Anísio Monteiro <monteiro@ipen.br> wrote:
  
I have a doubt about *genfs_contexts* file. For example, the statement
below:

*genfscon vfat /                system_u:object_r:dosfs_t*

I mounted the windows filesystem with: *mount -t vfat /dev/hda1 /mnt/win*
I access with: *cd /mnt/win* and run *ls --context*
The print out of the *ls --context* is:
*-rwxr--r--  root     root     (null)                           130700.htm
    

Files/directories that are assigned contexts with genfscon do not have an 
xattr, so "ls --context" can not show their context.

This is a known issue.  I don't know if there are plans to change it.
Steven,

Is there a way to change libselinux to return this data, ie if getfilecon is going to return NULL, then have it return the genfscon value?

Dan
--------------000702040801050805040608-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzband.ncsc.mil (jazzband.ncsc.mil [144.51.5.4]) by tycho.ncsc.mil (8.12.8/8.12.8) with ESMTP id hAQDkRRb019338 for ; Wed, 26 Nov 2003 08:46:28 -0500 (EST) Received: from jazzband.ncsc.mil (localhost [127.0.0.1]) by jazzband.ncsc.mil with ESMTP id hAQDkQqY003135 for ; Wed, 26 Nov 2003 13:46:27 GMT Received: from epoch.ncsc.mil (facesaver.epoch.ncsc.mil [144.51.25.10]) by jazzband.ncsc.mil with ESMTP id hAQDkQ0o003132 for ; Wed, 26 Nov 2003 13:46:26 GMT Subject: Re: genfs_contexts file From: Stephen Smalley To: Daniel J Walsh Cc: Russell Coker , Carlos =?ISO-8859-1?Q?An=EDsio?= Monteiro , selinux In-Reply-To: <3FC4ADD3.9040505@redhat.com> References: <3FC3CE10.8020307@ipen.br> <200311261135.09128.russell@coker.com.au> <3FC4ADD3.9040505@redhat.com> Content-Type: text/plain Message-Id: <1069854373.30315.25.camel@moss-spartans.epoch.ncsc.mil> Mime-Version: 1.0 Date: Wed, 26 Nov 2003 08:46:13 -0500 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov On Wed, 2003-11-26 at 08:42, Daniel J Walsh wrote: > Is there a way to change libselinux to return this data, ie if > getfilecon is going to return NULL, then have it return the genfscon > value? libselinux is the wrong place. If userspace needs access to the labels, then the filesystem needs to export an xattr handler. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.