-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/27/2012 04:10 PM, goeran@xxxxxxxxxxx wrote: > I'm trying to set up F17 SELinux to accept the Swedish electronic identity > system called "BankID". I had it working under F16 with only a few file > context specifications for its libraries. (They need textrel_shlib_t). > But it seems like the policy has been tightened up a bit in F17, which made > some more tunings necessary. And I fail on one of them. > > This thing runs as a browser plugin, which starts a program, and creates a > few files in the user's home directory. My question is how to define the > context for these files. BankID creates a file called > ".personal-<username>" and a directory tree ".personal/...". I added a > file context like this with semanage: > > /home/[^/]*/\.personal.* all files > system_u:object_r:mozilla_home_t:s0 > > After relabeling things in the .personal tree gets the mozilla_home_t, but > the file .personal-<username> directly in the home directory doesn't. If > it exists, it gets the right context when I do restorecon. But it is > created and removed each time the plugin is run, and the next time the file > is created, it gets user_home_dir_t. Which the plugin in the > mozilla_plugin_t context isn't allowed to access, of course. > > What am I doing wrong? > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux Can you get .personal-username into the .personal directory? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+bBX8ACgkQrlYvE4MpobMJhwCffx6MsUWlL5a4K2PJTnq9v8EK NIsAoMta+36PoL+iW/7n+P8KIRHkyw45 =rS4l -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
