On Fri, 30 Aug 2013 09:39:50 -0400 Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > Have not done it for a while. You have to label the home dir and tmp dir with > the same label as you are going to run. Then you might need an improved type > to get it to start. I`m done: # chcon -t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_HOME # chcon -t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_TMP $ ls -Z . | grep 123 -rw-rw-r--. Flash Flash unconfined_u:object_r:user_home_t:s0 123 drwxrwxr-x. Flash Flash unconfined_u:object_r:sandbox_file_t:s0:c123,c456 Example_HOME drwxrwxr-x. Flash Flash unconfined_u:object_r:sandbox_file_t:s0:c123,c456 Example_TMP $ /usr/bin/sandbox -s -d 96 -l s0:c123,c456 -X -H /home/Flash/Example_HOME -T /home/Flash/Example_TMP -I /home/Flash/.config/se-sandbox-runner/tyututiu_90.included -W kwin -w 1000x700 -t sandbox_x_t -S blink X-window, then nothing... $ What i do not so? And what this -- "an IMPROVED TYPE to get it to start" ? -- Fl@sh -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
