On Tue, Sep 06, 2011 at 10:13:37AM -0400, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 09/04/2011 10:49 PM, Robin Lee Powell wrote: > > I have a custom module installed that is supposed to set file > > contexts for some stuff in a user's homedir (the CGI application I > > mentioned in my last email, that I want the user to be able to > > administer): > > > > /etc/selinux/targeted/modules/active/file_contexts.template > > 1953:/home/melbi/bpfk_corpus(/.*)? > > system_u:object_r:lojban_corpus_t:s0 > > 2179:/home/melbi/public_html/cgi-bin/corpus.cgi > > system_u:object_r:lojban_corpus_t:s0 > > > > /etc/selinux/targeted/modules/active/file_contexts > > 1883:/home/melbi/bpfk_corpus(/.*)? > > system_u:object_r:lojban_corpus_t:s0 > > 2101:/home/melbi/public_html/cgi-bin/corpus.cgi > > system_u:object_r:lojban_corpus_t:s0 > > > > /etc/selinux/targeted/contexts/files/file_contexts > > 1883:/home/melbi/bpfk_corpus(/.*)? > > system_u:object_r:lojban_corpus_t:s0 > > 2101:/home/melbi/public_html/cgi-bin/corpus.cgi > > system_u:object_r:lojban_corpus_t:s0 > > > > This doesn't appear to actually *work*; as far as I can tell the > > contexts for the home directory itself are winning: > > > > rlpowell@vrici> ls -lZ ~melbi/bpfk_corpus > > drwxrwxrwx. melbi melbi user_u:object_r:user_home_t:s0 files/ > > -rw-r--r--. melbi melbi user_u:object_r:user_home_t:s0 > > selmaho.txt drwxrwxrwx. melbi melbi > > user_u:object_r:user_home_t:s0 tmp/ -rw-r--r--. apache apache > > user_u:object_r:user_home_t:s0 urls.db -rw-rw-rw-. melbi melbi > > user_u:object_r:user_home_t:s0 urls.not.db > > > > (that's after a restorecon) > > > > Can I do anything to change that? > > > > -Robin > > > > > HOMEDIR takes precedence over modules policy. > > Try > > HOME_DIR/bpfk_corpus(/.*)? > gen_context(system_u:object_r:lojban_corpus_t,s0) Which will affect everybody, which is kind of icky. Better than nothing, I guess. Thanks. -Robin -- http://singinst.org/ : Our last, best hope for a fantastic future. Lojban (http://www.lojban.org/): The language in which "this parrot is dead" is "ti poi spitaki cu morsi", but "this sentence is false" is "na nei". My personal page: http://www.digitalkingdom.org/rlp/ -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
