File contexts and how are files labeled?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

First off, thanks for the answers about finding out the SELinux transactions... autrace was the way to go.... Now I have a more fundamental problem... In the file context labels, there are two rules that conflict: 

/sbin/.*       all files   system_u:object_r:bin_t:s0

      and

/sbin/mount.mymounter   regular file   system_u:object_r:myfile_exec_t:s0
The problem though is that the file gets labeled under the blanket /sbin/.* context, rather than the more specific one: 

> ls -lZ /sbin/mount.mymounter
lrwxrwxrwx root root system_u:object_r:bin_t /sbin/mount.mymounter -> /myproject/sbin/mymounter
Any thoughts on this? Can someone explain how the file context is derived from the rules? Is it as simple as whichever matches first? And does anyone know a way around this labeling problem, assuming I cannot remove the /sbin/.* rule, but can only add rules through a policy module. 

Thanks again,
-Tim

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux