On Wed, 2009-06-17 at 22:37 +0100, mike cloaked wrote: > If you have generated local selinux policy using semanage fcontext for > specific files or directories in F10, is there now a recommended way > to automate retrieval of these and then create the same rule set for > F11 after a clean F11 install? > > I know that you can do > # semanage fcontext -C -l and send the output to a file. > This will generate lines such as > SELinux fcontext type Context > > /home/mike/.cxoffice(/.*)? all files > system_u:object_r:textrel_shlib_t:s0 > /home/mike/.cxoffice/dotwine/drive_c/Windows/System/SHLWAPI.DLL all > files system_u:object_r:textrel_shlib_t:s0 > /home/mike/.cxoffice/dotwine/drive_c/Windows/System/ole32.dll all > files system_u:object_r:textrel_shlib_t:s0 > /home/mike/.wine(/.*)? all files > system_u:object_r:textrel_shlib_t:s0 > > However I guess that saving this will still not allow these rules to > be written back to the new system in an automated way unless a script > is written to parse the lines and create a set of new selinux fcontext > lines that will create each local > rule with something like: > semanage fcontext -a -t textrel_shlib_t /home/mike/.cxoffice(/.*)? > with one for each original line in the output generated from the old > system before it was replaced? > > If there is a cleaner way to achieve this I would like to hear about it? > > You can create a local policy module and distribute that: mything.te policy_module(mything, 0.0.1) mything.fc HOME_DIR/.cxoffice/dotwine/bla/bla/mything.so -- gen_context(system_u:object_r:textrel_shlib_t, s0) "build and install" make -f /usr/share/selinux/devel/Makefile semodule -i mything.pp restorecon -R -v /home/mike/.cxoffice/dotwine That should work -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
