Re: Ordering of file context choices?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/04/2011 10:49 PM, Robin Lee Powell wrote:
> I have a custom module installed that is supposed to set file 
> contexts for some stuff in a user's homedir (the CGI application I 
> mentioned in my last email, that I want the user to be able to 
> administer):
> 
> /etc/selinux/targeted/modules/active/file_contexts.template 
> 1953:/home/melbi/bpfk_corpus(/.*)?
> system_u:object_r:lojban_corpus_t:s0 
> 2179:/home/melbi/public_html/cgi-bin/corpus.cgi
> system_u:object_r:lojban_corpus_t:s0
> 
> /etc/selinux/targeted/modules/active/file_contexts 
> 1883:/home/melbi/bpfk_corpus(/.*)?
> system_u:object_r:lojban_corpus_t:s0 
> 2101:/home/melbi/public_html/cgi-bin/corpus.cgi
> system_u:object_r:lojban_corpus_t:s0
> 
> /etc/selinux/targeted/contexts/files/file_contexts 
> 1883:/home/melbi/bpfk_corpus(/.*)?
> system_u:object_r:lojban_corpus_t:s0 
> 2101:/home/melbi/public_html/cgi-bin/corpus.cgi
> system_u:object_r:lojban_corpus_t:s0
> 
> This doesn't appear to actually *work*; as far as I can tell the 
> contexts for the home directory itself are winning:
> 
> rlpowell@vrici> ls -lZ ~melbi/bpfk_corpus
>  drwxrwxrwx. melbi  melbi  user_u:object_r:user_home_t:s0   files/ 
> -rw-r--r--. melbi  melbi  user_u:object_r:user_home_t:s0
> selmaho.txt drwxrwxrwx. melbi  melbi
> user_u:object_r:user_home_t:s0   tmp/ -rw-r--r--. apache apache
> user_u:object_r:user_home_t:s0   urls.db -rw-rw-rw-. melbi  melbi
> user_u:object_r:user_home_t:s0   urls.not.db
> 
> (that's after a restorecon)
> 
> Can I do anything to change that?
> 
> -Robin
> 


HOMEDIR takes precedence over modules policy.

Try

HOME_DIR/bpfk_corpus(/.*)?
gen_context(system_u:object_r:lojban_corpus_t,s0)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5mKpEACgkQrlYvE4MpobOkmwCfURQMg65Hb4F+1+oEPk6EKow5
n/IAn3VtxBF0M2Zmn4Y8aIRzv6mxa17s
=0RoL
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux