Shintaro Fujiwara wrote:
Here it is , sir... Well, actually I'm trying to write my segatex policy. /usr/bin/segatex is actually link to /usr/bin/consolehelper In my INSTALL script I declared, ################################## ln -s /usr/bin/consolehelper /usr/bin/segatex ################################## I've been running my program in unconfined domain for several years, but I want to confine it now. So, I tried to label segatex_exec_t to /usr/bin/segatex. Made it fine, install all-right. I could find segatex module, you know... But alas, I could not restorecon nor autorelabel. Why? # segatex executable will have: # label: system_u:object_r:segatex_exec_t # MLS sensitivity: s0 # MCS categories: <none> /usr/bin/segatex -- gen_context(system_u:object_r:segatex_exec_t,s0) /usr/share/segatex(/.*)? -- gen_context(system_u:object_r:segatex_etc_t,s0)
You have "--" between /usr/bin/segatex and gen_context..., which means that your context specification applies only to regular files (not symlinks) called /usr/bin/segatex. You could use "-l" instead of "--" to specify a symlink, or just leave that field blank to mean anything (file, directory, socket, symlink etc.).
Paul. -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
