On Fri, 07 Nov 2008 09:53:18 -0500 Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Jerry James wrote: > > 2008/11/7 yersinia <yersinia.spiros@xxxxxxxxx>: > >> Do look useful this docu ? > >> > >> http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules > > > > Thank you. That is a very useful document. However, it does not > > appear to answer my question. I need a non-default security context > > for binaries that are both built and executed in the %build script, > > when the policy module has not yet been installed. It appears to me > > that there are only two ways to accomplish this: keep abusing > > java_exec_t like I have been, or get a GCL policy incorporated into > > selinux-policy* prior to building GCL. Am I wrong? Is there some > > other option? Does anyone have any guidance to offer me on which > > option to pursue? Thanks, > I would go with the chcon solution you have but instead of hard coding > the java_exec_t, I would execute > > You can get the context of the final destination of the file using > > chcon `matchpathcon -n /usr/bin/gcl` LOCALPATH/gcl > > Which seems to be a fine way of doing. this. Indeed, but it needs the context type for /usr/bin/gcl to be set to java_exec_t or equivalent in the selinux-policy package before it'll work. Paul. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
