* Where's the class defined in file_contexts*
@ 2014-07-01 8:47 dE
2014-07-01 10:36 ` Sven Vermeulen
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: dE @ 2014-07-01 8:47 UTC (permalink / raw)
To: selinux
The default security context of a object also depends on it's class.
I was looking at
etc/selinux/<SELINUXTYPE>/contexts/files/file_contexts*, but I couldn't
see any definition of a class.
Also semanage fcontext doesn't have an option define a class. Entries
are based only on files and directories.
If you get red text in this email please notify.
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Where's the class defined in file_contexts* 2014-07-01 8:47 Where's the class defined in file_contexts* dE @ 2014-07-01 10:36 ` Sven Vermeulen 2014-07-01 10:42 ` Daniel J Walsh 2014-07-01 10:45 ` Dominick Grift 2 siblings, 0 replies; 5+ messages in thread From: Sven Vermeulen @ 2014-07-01 10:36 UTC (permalink / raw) To: dE; +Cc: SELinux [-- Attachment #1: Type: text/plain, Size: 837 bytes --] It is defined through the "middle" column. For instance, -- is a regular file, -l a symlink, etc. These can de defined with "semanage fcontext" as well. Wkr, Sven On Jul 1, 2014 10:57 AM, "dE" <de.techno@gmail.com> wrote: > The default security context of a object also depends on it's class. > > I was looking at etc/selinux/<SELINUXTYPE>/contexts/files/file_contexts*, > but I couldn't see any definition of a class. > > Also semanage fcontext doesn't have an option define a class. Entries are > based only on files and directories. > > If you get red text in this email please notify. > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to > Selinux-request@tycho.nsa.gov. > [-- Attachment #2: Type: text/html, Size: 1407 bytes --] ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Where's the class defined in file_contexts* 2014-07-01 8:47 Where's the class defined in file_contexts* dE 2014-07-01 10:36 ` Sven Vermeulen @ 2014-07-01 10:42 ` Daniel J Walsh 2014-07-01 17:57 ` dE 2014-07-01 10:45 ` Dominick Grift 2 siblings, 1 reply; 5+ messages in thread From: Daniel J Walsh @ 2014-07-01 10:42 UTC (permalink / raw) To: dE, selinux On 07/01/2014 04:47 AM, dE wrote: > The default security context of a object also depends on it's class. > > I was looking at > etc/selinux/<SELINUXTYPE>/contexts/files/file_contexts*, but I > couldn't see any definition of a class. > > Also semanage fcontext doesn't have an option define a class. Entries > are based only on files and directories. > > If you get red text in this email please notify. > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to > Selinux-request@tycho.nsa.gov. I believe the answer to your question is: man semanage-fcontext ... -f [{a,f,d,c,b,s,l,p}], --ftype [{a,f,d,c,b,s,l,p}] File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use 'd' to match only directories or 'f' to match only regular files. The following file type options can be passed: f (regular file),d (directory),c (character device), b (block device),s (socket),l (symbolic link),p (named pipe). If you do not specify a file type, the file type will default to "all files". ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Where's the class defined in file_contexts* 2014-07-01 10:42 ` Daniel J Walsh @ 2014-07-01 17:57 ` dE 0 siblings, 0 replies; 5+ messages in thread From: dE @ 2014-07-01 17:57 UTC (permalink / raw) To: selinux On 07/01/14 16:12, Daniel J Walsh wrote: > On 07/01/2014 04:47 AM, dE wrote: >> The default security context of a object also depends on it's class. >> >> I was looking at >> etc/selinux/<SELINUXTYPE>/contexts/files/file_contexts*, but I >> couldn't see any definition of a class. >> >> Also semanage fcontext doesn't have an option define a class. Entries >> are based only on files and directories. >> >> If you get red text in this email please notify. >> _______________________________________________ >> Selinux mailing list >> Selinux@tycho.nsa.gov >> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. >> To get help, send an email containing "help" to >> Selinux-request@tycho.nsa.gov. > I believe the answer to your question is: > > man semanage-fcontext > ... > -f [{a,f,d,c,b,s,l,p}], --ftype [{a,f,d,c,b,s,l,p}] > File Type. This is used with fcontext. Requires a file > type as shown in the mode field by ls, e.g. use 'd' to match only > directories > or 'f' to match only regular files. The following > file type options can be passed: f (regular file),d (directory),c (character > device), b (block device),s (socket),l (symbolic link),p > (named pipe). If you do not specify a file type, the file type will > default to "all files". Thanks everyone for clarifying this. I didnt know there existed man pages for semanage-*. It's not there in Fedora 19. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Where's the class defined in file_contexts* 2014-07-01 8:47 Where's the class defined in file_contexts* dE 2014-07-01 10:36 ` Sven Vermeulen 2014-07-01 10:42 ` Daniel J Walsh @ 2014-07-01 10:45 ` Dominick Grift 2 siblings, 0 replies; 5+ messages in thread From: Dominick Grift @ 2014-07-01 10:45 UTC (permalink / raw) To: dE; +Cc: selinux On Tue, 2014-07-01 at 14:17 +0530, dE wrote: > The default security context of a object also depends on it's class. > > I was looking at > etc/selinux/<SELINUXTYPE>/contexts/files/file_contexts*, but I couldn't > see any definition of a class. > > Also semanage fcontext doesn't have an option define a class. Entries > are based only on files and directories. semanage support -f only file object classes apply to file object context specifications obviously. file: -- dir: -d symbolic link: -l named pipe: -p sock file: -s semanage fcontext -a ... -f -d "/test/mydir" semanage fcontext -a ...-f -s "/test/mysocket" semanage fcontext -a ... -f -- "/test/myfile" ... etc ... if the file object context spec applies to any file object then you need not specify the class: semanage fcontext -a ... "/test/anyfileobjects(/.*)?" So in file_contexts look for -- -d -s -l -p, if none of those are specified then the spec applies to any file object class > > If you get red text in this email please notify. > _______________________________________________ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to Selinux-leave@tycho.nsa.gov. > To get help, send an email containing "help" to Selinux-request@tycho.nsa.gov. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-07-01 18:00 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-07-01 8:47 Where's the class defined in file_contexts* dE 2014-07-01 10:36 ` Sven Vermeulen 2014-07-01 10:42 ` Daniel J Walsh 2014-07-01 17:57 ` dE 2014-07-01 10:45 ` Dominick Grift
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.