On Monday 13 February 2006 02:58, Valdis.Kletnieks@xxxxxx wrote: > On Sun, 12 Feb 2006 17:50:45 +1100, Russell Coker said: > > On Saturday 04 February 2006 05:46, Valdis.Kletnieks@xxxxxx wrote: > > > /usr/src(/.*)? system_u:object_r:src_t:s0 > > > /usr(/.*)?/lib(64)?(/.*)? > > > system_u:object_r:lib_t:s0 > > > > > > Guess what just happened to all the files under > > > /usr/src/linux-2.6.16-foo/lib/ > > > > The most specific entries now have the highest priority (IE they come > > last in the list). > > > > The solution is to add the following to the file_contexts: > > /usr/src/(.+/)?lib(64)?(/.*)? > > system_u:object_r:lib_t:s0 > > Won't this regexp relabel /usr/src/linux-2.6.16/lib to lib_t rather than > src_t, Sorry, I thought that's what you wanted! > which is the exact same problem? Or did you mean to have src_t in > that? Yes, src_t if that's what you want. But maybe the /usr(/.*) regex needs to be replaced by several less general regexes. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
