Le mardi 20 novembre 2007 à 08:39 -0500, Daniel J Walsh a écrit : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Laurent Jacquot wrote: > > Hello, > > I am sure this is a FAQ or a feature, but I want to know how to work > > around: > > > > I have cxoffice installed in my F8 home dir and I want some lib labeled > > as textrel_shlib_t, but I cannot override the default user_home_t home > > label via a policy module. > > > > NOTE1 it works if the directory is not under /home > > NOTE2 there is nothing in the logs if it fails > > NOTE3 It has been so since the introduction of modular policy in selinux > > > > What is what I have tried so far in F8. > > [root@jack sel]#cat local.fc > > #cxoffice > > #/home/alex/.cxoffice/dotwine/drive_c(/.*)?/.*\.exe -- > > system_u:object_r:textrel_shlib_t:s0 > > > > /home/alex/cxoffice/lib/wine/kernel32.dll.so -- > > system_u:object_r:textrel_shlib_t:s0 > > > > [root@jack sel]#semodule_package -o local.pp -m local.mod -f local.fc > > [root@jack sel]#semodule -i local.pp > > [root@jack sel]#ls -Z /home/alex/cxoffice/lib/wine/kernel32.dll.so > > -rwxr-xr-x alex alex > > system_u:object_r:user_home_t:s0 /home/alex/cxoffice/lib/wine/kernel32.dll.so > > [root@jack sel]#restorecon /home/alex/cxoffice/lib/wine/kernel32.dll.so > > [root@jack sel]#ls -Z /home/alex/cxoffice/lib/wine/kernel32.dll.so > > -rwxr-xr-x alex alex > > system_u:object_r:user_home_t:s0 /home/alex/cxoffice/lib/wine/kernel32.dll.so > > > > > > (If i use the system-config-selinux UI, I can see the new entry in the > > tab context among all the regexp) > > > > Using semanage, it works: > > [root@jack sel]#semodule -r local > > [root@jack sel]#semanage fcontext -a -t > > textrel_shlib_t /home/alex/cxoffice/lib/wine/kernel32.dll.so > > [root@jack sel]#ls -Z /home/alex/cxoffice/lib/wine/kernel32.dll.so > > -rwxr-xr-x alex alex > > system_u:object_r:user_home_t:s0 /home/alex/cxoffice/lib/wine/kernel32.dll.so > > [root@jack sel]#restorecon /home/alex/cxoffice/lib/wine/kernel32.dll.so > > [root@jack sel]#ls -Z /home/alex/cxoffice/lib/wine/kernel32.dll.so > > -rwxr-xr-x alex alex > > system_u:object_r:textrel_shlib_t:s0 /home/alex/cxoffice/lib/wine/kernel32.dll.so > > > > and the custom rule appears in system-config-selinux UI at the end of > > the policy. > > > > So how do I have my module install my contexts the same way as semanage? > > Should I bugzilla it? > > > > BTW, how do system-config-selinux browse the file context policy? Is it > > possible to see also the rules and type definition? > > > > TIA > > jk > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > This looks like a bug in libsemanage or in the file context labeling > algorithm. > > I believe matchpatcon is reading in file_contexts, > file_contexts.homedirs, file_contexts.local and taking the last entry. > > > So using semodule to add a pp file updates the file_contexts file, in > which case the homedirs is overriding. semanage fcontext updates the > file_contexts.local. > > > If you tried > > HOME_DIR/\.cxoffice/dotwine/drive_c(/.*)?/.*\.exe -- > system_u:object_r:textrel_shlib_t:s0 > > It should update the file_context.homedirs file. > > I confirm this works. Thanks! Should I bugzilla it or is it the way it should be? jk -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
