-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/16/2013 11:39 AM, m.roth@xxxxxxxxx wrote: > From: Daniel J Walsh <dwalsh@xxxxxxxxxx> On 07/12/2013 11:41 AM, > m.roth@xxxxxxxxx wrote: > >> Something I have not yet found while googling: we have a package (bloody >> CA idiots) that has a directory with *both* executables and libraries. I >> want to change only the .so's to textrel_shlib_t; I do not want to change >> the directory, or the executables. Pardon my ignorance of what I consider >> to be an obscure wildcard usage, but how do do this? I've tried semanage >> fcontext -a -t textrel_shlib_t "/usr/local/opt/smwa/webagent/bin/*.so" > You need to use regular expressions. > > # semanage fcontext -a -t textrel_shlib_t > "/usr/local/opt/smwa/webagent/bin/.*\.so" # restorecon -R -v > /usr/local/opt/smwa > > Should work. > >> with and without parens around the asterisk, and around the last slash >> and the asterisk.... > > Well... after seeing errors in /var/log/messages concerning my previous > tries, I looked in > /etc/selinux/targeted/contexts/files/file_contexts.local, and saw all of > them entered; I noted it was autogenerated by semanage. I did something I'm > sure is not approved, I just deleted all the previous attempts from that > file. I then ran the command, as you have it, above, and that did *not* > work. One question: *will* it work if smwa is a symlink, not a hard full > path? > > mark > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > No restorecon will not follow the symlink. Why not label the real path? If you want to work under the covers edit /etc/selinux/targeted/modules/active/file_contexts.local Which will copy over /etc/selinux/targeted/contexts/files/file_contexts.local on next update. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHlfKwACgkQrlYvE4MpobN6mgCfaNROJA7B6ckHJBPE7vw/lMY8 U5oAmgOoXazYnoOsoGEUSI51H2xmQF4v =M74+ -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
