Timothy Renner wrote:
First off, thanks for the answers about finding out the SELinux
transactions... autrace was the way to go.... Now I have a more
fundamental problem... In the file context labels, there are two rules
that conflict:
/sbin/.* all files system_u:object_r:bin_t:s0
and
/sbin/mount.mymounter regular file system_u:object_r:myfile_exec_t:s0
The problem though is that the file gets labeled under the blanket
/sbin/.* context, rather than the more specific one:
> ls -lZ /sbin/mount.mymounter
lrwxrwxrwx root root system_u:object_r:bin_t
/sbin/mount.mymounter -> /myproject/sbin/mymounter
I tried this on Fedora Rawhide and it worked. I also have your /sbin/*
rule. Did you run "restorecon /sbin/mount.mymounter" after adding the rule?
I don't know how this works for symbolic links. You might have to add a
rule (and run restorecon) for /myproject/sbin/mymounter
Any thoughts on this? Can someone explain how the file context is
derived from the rules? Is it as simple as whichever matches first?
And does anyone know a way around this labeling problem, assuming I
cannot remove the /sbin/.* rule, but can only add rules through a policy
module.
Thanks again,
-Tim
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
