-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Konrad Azzopardi wrote: > Hi people, > > i have the following policy version installed > selinux-policy-3.3.1-107.fc9.noarch > selinux-policy-devel-3.3.1-107.fc9.noarch > selinux-policy-targeted-3.3.1-107.fc9.noarch > > I create an Selinux policy and generated the following filecontexts > > [root@MALTA konsu]# semanage fcontext -l | grep yule > /etc/init.d/yule regular file > system_u:object_r:yule_script_exec_t:s0 > /var/run/yule.pid regular file > system_u:object_r:yule_var_run_t:s0 > /var/log/yule(/.*)? regular file > system_u:object_r:yule_log_t:s0 > /var/lib/yule(/.*)? regular file > system_u:object_r:yule_var_lib_t:s0 > /etc/yulerc regular file > system_u:object_r:yule_config_t:s0 > /usr/local/sbin/yule regular file > system_u:object_r:yule_exec_t:s0 > > Allt he files seems to become labelled normally as expected except > /etc/init.d/yule > > [root@MALTA konsu]# restorecon -R -v /etc/init.d/yule > [root@MALTA konsu]# ls -lrtZ /etc/init.d/yule > -rwx------ root root system_u:object_r:initrc_exec_t:s0 /etc/init.d/yule > > I cannot get rid of initrc_exec_t. Although my script is still > confined correctly, I would like to label this file normally, is there > a reason why restorecon fails ? > > many thanks > konrad > > > > fedora-selinux-list > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Make sure you escape the "."s The regular expression matching does not always work as expected. /etc/init\.d/yule regular file system_u:object_r:yule_script_exec_t:s0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkk1n08ACgkQrlYvE4MpobM2wwCePyFIGH8o2ZstmxdYFJ5eXE2r vFIAoKv7XAslgUGEs0Rc27TnLMFPBzs0 =Q+CX -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
