Hello All I am working on Fedora 13 and VirtualBox 3.2 Currently I try to apply a selinux module that has been created with ubuntu to Fedora 13. Because I believe I understand what it should do I just tried to make it run under F-13. I have three files: vbox.te, vbox.if, vbox.fc to create a policy module. After making the vbox.pp I can load it with "semodule -I vbox.pp" and the module shows up in semodule -l correctly. The motivation to change these file-contexts is to prepare for correct type-transition rules so they match the defined rules. Unfortunately the file-context is never set as needed and as described in the vbox.fc. When I check .../file_contexts the correct statements are included but they happen to appear later than something that was there before... (or is there if the module is removed): # matchpathcon /usr/lib/virtualbox/ /usr/lib/virtualbox system_u:object_r:lib_t:s0 # matchpathcon -f f13vbox.fc /usr/lib/virtualbox/ /usr/lib/virtualbox <<none>> Next I tried to do it with semanage fcontext -t [~]$ sudo semanage fcontext -a -t vbox_manage_exec_t /usr/lib/virtualbox/VboxManage [~]$ ls -lZ /usr/lib/virtualbox/VBoxManage -rwxr-xr-x. root root system_u:object_r:lib_t:s0 /usr/lib/virtualbox/VBoxManage I 'd expect that the lib_t is replaced by vbox_manage_exec_t. What is the problem? My understanding of what should happen might be wrong... Thanks for your answers. Andreas --- Conftents of vbox.fc /dev/vboxdrv gen_context(system_u:object_r:vbox_run_t,s0) /dev/vboxnetctl gen_context(system_u:object_r:vbox_run_t,s0) /usr/lib/virtualbox gen_context(system_u:object_r:vbox_run_t,s0) /usr/lib/virtualbox/(.*) gen_context(system_u:object_r:vbox_run_t,s0) /usr/lib/virtualbox/VBoxManage -- gen_context(system_u:object_r:vbox_manage_exec_t,s0) /usr/lib/virtualbox/VBoxXPCOMIPCD -- gen_context(system_u:object_r:vbox_ipc_exec_t,s0) /usr/lib/virtualbox/VirtualBox -- gen_context(system_u:object_r:vbox_vbox_exec_t,s0) /usr/lib/virtualbox/VBoxSDL -- gen_context(system_u:object_r:vbox_vbox_exec_t,s0) /usr/lib/virtualbox/VBoxSVC -- gen_context(system_u:object_r:vbox_svc_exec_t,s0) HOME_DIR/.VirtualBox(/.*)? gen_context(system_u:object_r:vbox_run_t,s0) --- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
