On Thu, 2012-01-19 at 14:58 +0530, Nabeel Moidu wrote: > Hi > > > Can the file context specification recursively assign contexts when > using regex ? > > > Eg. I have > a/b/c/d > > > and if I specify in selinuxrule.fc > > > a* gen_context(system_u:object_r:myapp_exec_t) > > > Will this apply to only files under a or files under a/b, a/b/c and > a/b/c/d etc. also ? > Have a look at source file contexts file to get an impression of how to use regular expressions. for example: http://git.fedorahosted.org/git/?p=selinux-policy.git;a=blob;f=policy/modules/system/miscfiles.fc;h=88fc786b6e22b08bf49e81257d1e4c2f3932ca52;hb=b246ab21a38788b0ca014ddede8fa4c64bace103 To apply myapp_exec_t to only files under /a and below, i think this would work: /a(/.*)? -- gen_context(system_u:object_r:myapp_exec_t,s0) The "/a(/.*)?" means "/a and everything below it (recursive)" The -- means "applies only to files" -- files -d directories -s sock files -c charachter files -b block files .. etc if you dont specify the object class where the spec should apply to then it applies to any object class Have a look at examples: semanage fcontext -l | less I hope this helps > > -- > Thanks and Regards > Nabeel Moidu > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
