* problem setting the security context of directories vs files
@ 2007-06-19 16:34 Clarkson, Mike R (US SSA)
2007-06-19 17:06 ` James Carter
0 siblings, 1 reply; 5+ messages in thread
From: Clarkson, Mike R (US SSA) @ 2007-06-19 16:34 UTC (permalink / raw)
To: selinux
I'm having trouble setting the security context of directories using
file contexts. It seems to be working fine for files, but not
directories.
I have a module named import. Here is a copy of my import.fc file:
/m2ds/import -- gen_context(system_u:object_r:import_dir_t,s0)
/m2ds/import/datasources --
gen_context(system_u:object_r:import_dir_t,s0)
/m2ds/import/stage --
gen_context(system_u:object_r:import_stage_t,s0)
/m2ds/import/junk --
gen_context(system_u:object_r:import_dir_t,s0)
/home/m2/SimulatedImport/bin/SimulatedImport --
gen_context(system_u:object_r:import_exec_t,s0)
/home/m2/SimulatedImport/bin/SimulatedImport_Server --
gen_context(system_u:object_r:import_exec_t,s0)
"/m2ds/import" is a directory.
"/m2ds/import/datasources" is a directory.
"/m2ds/import/junk" is a file.
In the /m2ds directory, I do the following sequence of commands:
> restorecon -R import
> ls -dZ import
drwxr-xr-x root root system_u:object_r:default_t:SystemLow import
> cd import
> ls -Z
drwxr-xr-x root root system_u:object_r:default_t:SystemLow datasources
-rw-r--r-- root root system_u:object_r:import_dir_t:SystemLow junk
drwxr-x--- root root system_u:object_r:default_t:SystemLow stage
As can be seen from the output above, the "/m2ds/import/junk" file has a
type of import_dir_t as specified in the file context file. But the
"/m2ds/import", "/m2ds/import/datasources", and "/m2ds/import/stage"
directories all have the default_t type, instead of the types specified
in the file context file.
Am I doing something wrong?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: problem setting the security context of directories vs files
2007-06-19 16:34 problem setting the security context of directories vs files Clarkson, Mike R (US SSA)
@ 2007-06-19 17:06 ` James Carter
2007-06-19 17:21 ` Daniel J Walsh
0 siblings, 1 reply; 5+ messages in thread
From: James Carter @ 2007-06-19 17:06 UTC (permalink / raw)
To: Clarkson, Mike R (US SSA); +Cc: selinux
On Tue, 2007-06-19 at 09:34 -0700, Clarkson, Mike R (US SSA) wrote:
> I'm having trouble setting the security context of directories using
> file contexts. It seems to be working fine for files, but not
> directories.
>
> I have a module named import. Here is a copy of my import.fc file:
>
> /m2ds/import -- gen_context(system_u:object_r:import_dir_t,s0)
> /m2ds/import/datasources --
> gen_context(system_u:object_r:import_dir_t,s0)
> /m2ds/import/stage --
> gen_context(system_u:object_r:import_stage_t,s0)
> /m2ds/import/junk --
> gen_context(system_u:object_r:import_dir_t,s0)
> /home/m2/SimulatedImport/bin/SimulatedImport --
> gen_context(system_u:object_r:import_exec_t,s0)
> /home/m2/SimulatedImport/bin/SimulatedImport_Server --
> gen_context(system_u:object_r:import_exec_t,s0)
>
>
Use "-d" for directories, instead of "--".
The obscure options available to use are:
-b block
-c character
-d directory
-p pipe
-l link
-s socket
-- regular
--
James Carter <jwcart2@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: problem setting the security context of directories vs files
2007-06-19 17:06 ` James Carter
@ 2007-06-19 17:21 ` Daniel J Walsh
2007-06-19 19:17 ` Clarkson, Mike R (US SSA)
0 siblings, 1 reply; 5+ messages in thread
From: Daniel J Walsh @ 2007-06-19 17:21 UTC (permalink / raw)
To: jwcart2; +Cc: Clarkson, Mike R (US SSA), selinux
James Carter wrote:
> On Tue, 2007-06-19 at 09:34 -0700, Clarkson, Mike R (US SSA) wrote:
>
>> I'm having trouble setting the security context of directories using
>> file contexts. It seems to be working fine for files, but not
>> directories.
>>
>> I have a module named import. Here is a copy of my import.fc file:
>>
>> /m2ds/import -- gen_context(system_u:object_r:import_dir_t,s0)
>> /m2ds/import/datasources --
>> gen_context(system_u:object_r:import_dir_t,s0)
>> /m2ds/import/stage --
>> gen_context(system_u:object_r:import_stage_t,s0)
>> /m2ds/import/junk --
>> gen_context(system_u:object_r:import_dir_t,s0)
>> /home/m2/SimulatedImport/bin/SimulatedImport --
>> gen_context(system_u:object_r:import_exec_t,s0)
>> /home/m2/SimulatedImport/bin/SimulatedImport_Server --
>> gen_context(system_u:object_r:import_exec_t,s0)
>>
>>
>>
> Use "-d" for directories, instead of "--".
>
> The obscure options available to use are:
> -b block
> -c character
> -d directory
> -p pipe
> -l link
> -s socket
> -- regular
>
>
>
" " matches all.
"-" followed by the first character output by 'ls -l'.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: problem setting the security context of directories vs files
2007-06-19 17:21 ` Daniel J Walsh
@ 2007-06-19 19:17 ` Clarkson, Mike R (US SSA)
2007-06-19 19:43 ` Daniel J Walsh
0 siblings, 1 reply; 5+ messages in thread
From: Clarkson, Mike R (US SSA) @ 2007-06-19 19:17 UTC (permalink / raw)
To: Daniel J Walsh, jwcart2; +Cc: selinux
Is there a way to apply a context recursively to all subdirectories
below a directory?
For instance, I'd like to label all subdirectories below
"/m2ds/import/stage" as system_u:object_r:import_dir_t:s0, without
explicitly having to list each one (because I'm lazy)
> -----Original Message-----
> From: Daniel J Walsh [mailto:dwalsh@redhat.com]
> Sent: Tuesday, June 19, 2007 10:22 AM
> To: jwcart2@epoch.ncsc.mil
> Cc: Clarkson, Mike R (US SSA); selinux@tycho.nsa.gov
> Subject: Re: problem setting the security context of directories vs
files
>
> James Carter wrote:
> > On Tue, 2007-06-19 at 09:34 -0700, Clarkson, Mike R (US SSA) wrote:
> >
> >> I'm having trouble setting the security context of directories
using
> >> file contexts. It seems to be working fine for files, but not
> >> directories.
> >>
> >> I have a module named import. Here is a copy of my import.fc file:
> >>
> >> /m2ds/import --
gen_context(system_u:object_r:import_dir_t,s0)
> >> /m2ds/import/datasources --
> >> gen_context(system_u:object_r:import_dir_t,s0)
> >> /m2ds/import/stage --
> >> gen_context(system_u:object_r:import_stage_t,s0)
> >> /m2ds/import/junk --
> >> gen_context(system_u:object_r:import_dir_t,s0)
> >> /home/m2/SimulatedImport/bin/SimulatedImport --
> >> gen_context(system_u:object_r:import_exec_t,s0)
> >> /home/m2/SimulatedImport/bin/SimulatedImport_Server --
> >> gen_context(system_u:object_r:import_exec_t,s0)
> >>
> >>
> >>
> > Use "-d" for directories, instead of "--".
> >
> > The obscure options available to use are:
> > -b block
> > -c character
> > -d directory
> > -p pipe
> > -l link
> > -s socket
> > -- regular
> >
> >
> >
> " " matches all.
> "-" followed by the first character output by 'ls -l'.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: problem setting the security context of directories vs files
2007-06-19 19:17 ` Clarkson, Mike R (US SSA)
@ 2007-06-19 19:43 ` Daniel J Walsh
0 siblings, 0 replies; 5+ messages in thread
From: Daniel J Walsh @ 2007-06-19 19:43 UTC (permalink / raw)
To: Clarkson, Mike R (US SSA); +Cc: jwcart2, selinux
Clarkson, Mike R (US SSA) wrote:
> Is there a way to apply a context recursively to all subdirectories
> below a directory?
>
> For instance, I'd like to label all subdirectories below
> "/m2ds/import/stage" as system_u:object_r:import_dir_t:s0, without
> explicitly having to list each one (because I'm lazy)
>
>
/m2ds/import/stage(/.*)? gen_context(system_u:object_r:import_dir_t:s0)
Will get everything
/m2ds/import/stage(/.*)? -d gen_context(system_u:object_r:import_dir_t:s0)
Will get only directories.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-06-19 19:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-19 16:34 problem setting the security context of directories vs files Clarkson, Mike R (US SSA)
2007-06-19 17:06 ` James Carter
2007-06-19 17:21 ` Daniel J Walsh
2007-06-19 19:17 ` Clarkson, Mike R (US SSA)
2007-06-19 19:43 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.