On 05/03/10 13:55, Robert Nichols wrote: > On 03/05/2010 03:09 AM, Dominick Grift wrote: >> On 03/05/2010 04:29 AM, Robert Nichols wrote: >>> And, it appears that I have to remember to re-install all local policy >>> modules every time there is a policy update, right?? :-(( >> >> Not in all cases but in the case where user domains are involved that >> may be true. semodule -B may also do the trick. >> >> It may be a better idea to label /var/home/rnichols/mail/spamstrings.sh >> type bin_t >> >> semanage fcontext -a -t bin_t /var/home/rnichols/mail/spamstrings.sh >> restorecon -R -v /var/home/rnichols/mail/spamstrings.sh > > So, if I move that file to my $HOME/bin directory and make that whole > directory type bin_t, that should take care of it?? Should do. In fact I have a local policy module that makes all user home directories bin_t: localmisc.fc: # Need to be able to run scripts from procmail, cron etc. HOME_DIR/bin(/.*)? gen_context(unconfined_u:object_r:bin_t,s0) Paul. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
