* HOME_DIR in .fc works?
@ 2007-10-24 16:02 Ted X Toth
2007-10-24 18:43 ` Xavier Toth
0 siblings, 1 reply; 4+ messages in thread
From: Ted X Toth @ 2007-10-24 16:02 UTC (permalink / raw)
To: SE Linux
I put entries into an .fc file to not relabel polyinstantied instance
directories but they get relabeled, am I doing it right:
HOME_DIR/\.mlrc\.inst/.* <<none>>
I don't see anything about this directory when I do:
/usr/sbin/semanage fcontext -l | grep mlrc
I do see them in /etc/selinux/mls/contexts/files/homedir_templates.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: HOME_DIR in .fc works?
2007-10-24 16:02 HOME_DIR in .fc works? Ted X Toth
@ 2007-10-24 18:43 ` Xavier Toth
2007-10-25 15:06 ` Xavier Toth
0 siblings, 1 reply; 4+ messages in thread
From: Xavier Toth @ 2007-10-24 18:43 UTC (permalink / raw)
To: SE Linux
I'm getting the impression that genhomedircon is involved with the
solution to my problem. Maybe you can't use HOME_DIR in a policy
module? If I can then maybe I need to run genhomedircon to get
homedir_templates processed into file_contexts.homedirs?
On 10/24/07, Ted X Toth <txtoth@gmail.com> wrote:
> I put entries into an .fc file to not relabel polyinstantied instance
> directories but they get relabeled, am I doing it right:
> HOME_DIR/\.mlrc\.inst/.* <<none>>
>
> I don't see anything about this directory when I do:
> /usr/sbin/semanage fcontext -l | grep mlrc
>
> I do see them in /etc/selinux/mls/contexts/files/homedir_templates.
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: HOME_DIR in .fc works?
2007-10-24 18:43 ` Xavier Toth
@ 2007-10-25 15:06 ` Xavier Toth
2007-10-25 15:10 ` Daniel J Walsh
0 siblings, 1 reply; 4+ messages in thread
From: Xavier Toth @ 2007-10-25 15:06 UTC (permalink / raw)
To: SE Linux; +Cc: Daniel J Walsh
On RHEL5 genhomedircon is not processing my fc entries because they
are specifying "<<none>>" for the context. In the getHomeDirContext
function there is a call to security_check_context which fails for
"<<none>>" so the substituted string is not appended to the output.
Maybe this check should be something like:
if selinux.security_check_context(scon) == 0 or scon == "<<none>>":
On 10/24/07, Xavier Toth <txtoth@gmail.com> wrote:
> I'm getting the impression that genhomedircon is involved with the
> solution to my problem. Maybe you can't use HOME_DIR in a policy
> module? If I can then maybe I need to run genhomedircon to get
> homedir_templates processed into file_contexts.homedirs?
>
> On 10/24/07, Ted X Toth <txtoth@gmail.com> wrote:
> > I put entries into an .fc file to not relabel polyinstantied instance
> > directories but they get relabeled, am I doing it right:
> > HOME_DIR/\.mlrc\.inst/.* <<none>>
> >
> > I don't see anything about this directory when I do:
> > /usr/sbin/semanage fcontext -l | grep mlrc
> >
> > I do see them in /etc/selinux/mls/contexts/files/homedir_templates.
> >
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: HOME_DIR in .fc works?
2007-10-25 15:06 ` Xavier Toth
@ 2007-10-25 15:10 ` Daniel J Walsh
0 siblings, 0 replies; 4+ messages in thread
From: Daniel J Walsh @ 2007-10-25 15:10 UTC (permalink / raw)
To: Xavier Toth; +Cc: SE Linux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Xavier Toth wrote:
> On RHEL5 genhomedircon is not processing my fc entries because they
> are specifying "<<none>>" for the context. In the getHomeDirContext
> function there is a call to security_check_context which fails for
> "<<none>>" so the substituted string is not appended to the output.
> Maybe this check should be something like:
> if selinux.security_check_context(scon) == 0 or scon == "<<none>>":
>
>
> On 10/24/07, Xavier Toth <txtoth@gmail.com> wrote:
>> I'm getting the impression that genhomedircon is involved with the
>> solution to my problem. Maybe you can't use HOME_DIR in a policy
>> module? If I can then maybe I need to run genhomedircon to get
>> homedir_templates processed into file_contexts.homedirs?
>>
>> On 10/24/07, Ted X Toth <txtoth@gmail.com> wrote:
>>> I put entries into an .fc file to not relabel polyinstantied instance
>>> directories but they get relabeled, am I doing it right:
>>> HOME_DIR/\.mlrc\.inst/.* <<none>>
>>>
>>> I don't see anything about this directory when I do:
>>> /usr/sbin/semanage fcontext -l | grep mlrc
>>>
>>> I do see them in /etc/selinux/mls/contexts/files/homedir_templates.
>>>
Seems reasonable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHILHxrlYvE4MpobMRArgPAJ9lFBhv9VHRroSQ6OzrnFZAqOqCRQCguy1z
LP3oCDbEqvZlF7G5iXCA79g=
=VUfA
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-10-25 15:10 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-24 16:02 HOME_DIR in .fc works? Ted X Toth
2007-10-24 18:43 ` Xavier Toth
2007-10-25 15:06 ` Xavier Toth
2007-10-25 15:10 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.