Thank you, sir. That'll make sense to me. 2009/4/20 Daniel J Walsh <dwalsh@xxxxxxxxxx>: > On 04/20/2009 09:29 AM, Shintaro Fujiwara wrote: >> >> But, what does -- stands for, in regular Linux admin work ? >> I will forget it easily. >> >> Or am I dumb fool not knowing Linux commands? >> >> >> 2009/4/20 Daniel J Walsh<dwalsh@xxxxxxxxxx>: >>> >>> On 04/20/2009 08:47 AM, Shintaro Fujiwara wrote: >>>> >>>> Here it is , sir... >>>> >>>> Well, actually I'm trying to write my segatex policy. >>>> /usr/bin/segatex is actually link to /usr/bin/consolehelper >>>> >>>> In my INSTALL script I declared, >>>> ################################## >>>> ln -s /usr/bin/consolehelper /usr/bin/segatex >>>> ################################## >>>> >>>> I've been running my program in unconfined domain for several years, >>>> but I want to confine it now. >>>> So, I tried to label segatex_exec_t to /usr/bin/segatex. >>>> >>>> Made it fine, install all-right. >>>> >>>> I could find segatex module, you know... >>>> But alas, I could not restorecon nor autorelabel. >>>> >>>> Why? >>>> >>>> >>>> # segatex executable will have: >>>> # label: system_u:object_r:segatex_exec_t >>>> # MLS sensitivity: s0 >>>> # MCS categories:<none> >>>> >>>> /usr/bin/segatex -- >>>> gen_context(system_u:object_r:segatex_exec_t,s0) >>>> /usr/share/segatex(/.*)? -- >>>> gen_context(system_u:object_r:segatex_etc_t,s0) >>>> >>> The -- tells the system to only label standard files with the segatext >>> label. >>> >>> If you eliminate "--" it will match everything. If you want to match >>> only >>> symbolic links you would use "-l", Directories "-d". The same symbols >>> that >>> ls uses at the begining of a ls line. >>>> >>>> >>>> 2009/4/20 Daniel J Walsh<dwalsh@xxxxxxxxxx>: >>>>> >>>>> On 04/20/2009 08:32 AM, Shintaro Fujiwara wrote: >>>>>> >>>>>> I wrote a policy which declares some label to symbolic link, and I >>>>>> restoreconed, but failed ? >>>>>> >>>>>> Am I stupid or what should I do to this ? >>>>>> >>>>>> Thanks. >>>>>> >>>>> What does you fc file look like? >>>>> >>>> >>>> >>> >> >> >> > > The first "-", I believe, is just an indicator for the tools to use an > option. The second is the is just the "file type" as used in the ls > command. The first letter is the output of ls -l > > ls -l /etc > > ... > lrwxrwxrwx. 1 root root 22 2008-06-12 21:55 grub.conf -> > ../boot/grub/grub.conf > ... > -rw-r--r--. 1 root root 3101 2009-03-30 10:55 /etc/passwd > ... > drwxr-xr-x. 2 root root 4096 2009-02-13 08:51 squid > > -- http://intrajp.no-ip.com/ Home Page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
