On 7/26/2011 4:05 PM, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/26/2011 09:53 AM, Michael Atighetchi wrote: >> Hi Daniel, >> >> I'm using sepolgen from policycoreutils-gui-2.0.85-28.fc14.x86_64. >> >> The policy file that I hand modified (and caused the labeling >> problems) was attached to the previous email. >> >> Note that sepolgen refuses to generate policies for files that have a >> "." in them, which seems like a pretty significant restriction. >> >> Here is the trace: >> >> [proxyuser@lime selinux]$ sepolgen -t 3 >> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh >> >> Name must be alpha numberic with no spaces. >> >> sepolgen [ -m ] [ -t type ] [ executable | Name ] valid Types: >> >> 0 Standard Init Daemon 1 DBUS System Daemon 2 >> Internet Services Daemon 3 User Application 4 Web >> Application/Script (CGI) 5 Minimal X Windows User Role 6 >> Minimal Terminal User Role 7 User Role 8 Admin User Role >> 10 Root Admin User Role 11 Sandbox [proxyuser@lime >> selinux]$ >> >> So long Michael >> >> >> On 7/26/2011 3:04 PM, Daniel J Walsh wrote: On 07/26/2011 06:38 AM, >> Michael Atighetchi wrote: >>>>> On 7/26/2011 12:29 PM, Dominick Grift wrote: >>>>>> On Tue, 2011-07-26 at 12:28 +0200, Michael Atighetchi wrote: >>>>>>> One thing I realized using sepolgen is that it reject >>>>>>> filenames that have "." in them. In the example below, I >>>>>>> was trying to label "runSeed.sh", so maybe the fact that it >>>>>>> has a "." in it broke the labeling ? >>>>>> Yes sometimes you need to escape dots >>>>>> >>>>>> the matchpathcon should expose that >>>>> Thanks a bunch - I got things working by removing the "." in >>>>> the filename and rerunning sepolgen on the new file. >>>>> >>>>> Support on this mailing list rocks! Michael >>>>> >> Could you attach the policy that was generated with the . in the >> file name? Also what version of sepolgen were you using? >>> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> > Try > > sepolgen -n runseed -t 3 > /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh > > Usage command should mention this field > > > I will add a patch to output the following > > # sepolgen -t 3 > /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh > > Name must be alpha numberic with no spaces. Consider using option "-n > MODULENAME" > > sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ] > valid Types: > > 0 Standard Init Daemon > 1 DBUS System Daemon > 2 Internet Services Daemon > 3 User Application > 4 Web Application/Script (CGI) > 5 Minimal X Windows User Role > 6 Minimal Terminal User Role > 7 User Role > 8 Admin User Role > 10 Root Admin User Role > 11 Sandbox Got it - thanks. Michael > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk4uyY0ACgkQrlYvE4MpobMpLACeLHFoFlli+cqlCzR8B+q6x8Et > s7IAoMIpRLiPNyoktg1yWe4FMW6GJ8Jn > =eOTQ > -----END PGP SIGNATURE----- > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- Michael Atighetchi Senior Scientist Raytheon BBN Technologies 617-873-1679 matighet@xxxxxxx -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
