On Thu, Jan 19, 2012 at 7:01 PM, Dominick Grift <dominick.grift@xxxxxxxxx> wrote:
On Thu, 2012-01-19 at 14:58 +0530, Nabeel Moidu wrote:Have a look at source file contexts file to get an impression of how to
> Hi
>
>
> Can the file context specification recursively assign contexts when
> using regex ?
>
>
> Eg. I have
> a/b/c/d
>
>
> and if I specify in selinuxrule.fc
>
>
> a* gen_context(system_u:object_r:myapp_exec_t)
>
>
> Will this apply to only files under a or files under a/b, a/b/c and
> a/b/c/d etc. also ?
>
use regular expressions.
for example:
http://git.fedorahosted.org/git/?p=selinux-policy.git;a=blob;f=policy/modules/system/miscfiles.fc;h=88fc786b6e22b08bf49e81257d1e4c2f3932ca52;hb=b246ab21a38788b0ca014ddede8fa4c64bace103
To apply myapp_exec_t to only files under /a and below, i think this
would work:
/a(/.*)? -- gen_context(system_u:object_r:myapp_exec_t,s0)
The "/a(/.*)?" means "/a and everything below it (recursive)"
The -- means "applies only to files"
-- files
-d directories
-s sock files
-c charachter files
-b block files
.. etc
Perfectly clear. Thanks a lot.
BTW your videos on youtube are excellent. Thanks for the effort.
if you dont specify the object class where the spec should apply to then
it applies to any object class
Have a look at examples:
semanage fcontext -l | less
I hope this helps
> --
>
> --
> Thanks and Regards
> Nabeel Moidu
>
>
> selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
Thanks and Regards
Nabeel Moidu
Nabeel Moidu
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
