Hi!
I wanted to help resolving bug
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211767
During some investigation I found that after mounting ntfs partition
files have context set to unlabeled_t. I downloaded selinux-policy.srpm
and found in policy/modules/kernel/filesystem.te these lines:
#
# dosfs_t is the type for fat and vfat
# filesystems and their files.
#
type dosfs_t;
fs_noxattr_type(dosfs_t)
allow dosfs_t fs_t:filesystem associate;
genfscon fat / gen_context(system_u:object_r:dosfs_t,s0)
genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0)
genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0)
genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0)
I thought "Great, I need similar entry in my module!". I prepared this file:
[root@X ~]# cat ntfs3g.te
module ntfs3g 1.0;
require {
class chr_file { getattr read write };
class file execute_no_trans;
type device_t;
type dosfs_t;
type mount_exec_t;
type mount_t;
role system_r;
};
genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
allow mount_t device_t:chr_file { getattr read write };
allow mount_t mount_exec_t:file execute_no_trans;
[root@X ~]#
As you can guess it does not compile ;-)
[root@X ~]# checkmodule -M -m -o ntfs3g.mod ntfs3g.te
checkmodule: loading policy configuration from ntfs3g.te
(unknown source)::ERROR 'syntax error' at token 'genfscon' on line 13:
genfscon ntfs-3g / gen_context(system_u:object_r:dosfs_t,s0)
checkmodule: error(s) encountered while parsing configuration
[root@X ~]#
What I have done wrong?
(FC6, selinux-policy-targeted-2.4.1-3.fc6)
Regards,
Dawid
--
^_*
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
