On Tue, 27 Aug 2013 15:38:55 -0400 Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > Well in most cases Dynamic should be used. If you had a static directory that > you wanted to use with a sandbox then you might want to choose a MCS Category > to permanently assign to it. > > Say you created ~/myfirefoxhome. Then you could assign it the labels s0:c111,c222 > > chcon -t sandbox_file_t -l s0:c111,c222 ~/myfirefoxhome > > Now you would want to allow the user to specify the permanant homedir and the > level s0:c111,c222 to run his sandbox. That is, if homedir and tempdir labels are different, so must specify labels for each directory? Example: sandbox .... -l s0:c<HomeDir_conext1>,c<HomeDir_conext2> -l s0:c<TempDir_conext1>,c<TempDir_conext2> ... -- Fl@sh -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
