Re: [selinux] SElinux newbie question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

My next question is why my file isn't labelled correctly.

My .fc file has the label defined as:

/usr/sbin/myapp -- gen_context(system_u:object_r:myapp_exec_t,s0)

After install the targeted RPM and relabel by using fixfiles relabel,
the file "/usr/sbin/myapp" looks like this:

$ ls -Z /usr/sbin/myapp
-rwxr-xr-x. root root unconfined_u:object_r:myapp_exec_t:s0 /usr/sbin/myapp

So the domain has been labeled correctly but the user now becomes
"unconfined". Why?

On Wed, Oct 14, 2015 at 4:46 PM, David Li <dlipubkey@xxxxxxxxx> wrote:
> Robin,
> yep, that worked!
> My policy is actually built into the targeted RPM. So I don't need to
> do semodule again.
> Thanks!
>
>
>
> On Wed, Oct 14, 2015 at 3:55 PM, Robin Lee Powell
> <rlpowell@xxxxxxxxxxxxxxxxxx> wrote:
>> Assuming CentOS is the same as Fedora in this regard, you'll want
>> selinux-policy-targeted (which is the normal SELinux user policy)
>> and whatever package includes /usr/share/selinux/devel/Makefile
>> (which is how you make modules; make a directory with only your .te
>> and maybe .fc file, and run: /usr/bin/make -f
>> /usr/share/selinux/devel/Makefile , and then semodule -i modname.pp )
>>
>> On Wed, Oct 14, 2015 at 03:41:18PM -0700, David Li wrote:
>>> Hi,
>>>
>>> I am using CentOS 7.1 and just built the following new Selinux policy
>>> RPMs. I wonder which one I should use in install.  Or do I need to
>>> install all of them?
>>>
>>> My purpose is to test a simple policy that I wrote.
>>>
>>>
>>> [admin@localhost noarch]$ ll
>>> total 8996
>>> -rw-rw-r--. 1 admin admin  361920 Oct 14 11:47
>>> selinux-policy-3.13.1-23.el7.centos.noarch.rpm
>>> -rw-rw-r--. 1 admin admin 3467872 Oct 14 11:47
>>> selinux-policy-devel-3.13.1-23.el7.centos.noarch.rpm
>>> -rw-rw-r--. 1 admin admin  917644 Oct 14 11:47
>>> selinux-policy-doc-3.13.1-23.el7.centos.noarch.rpm
>>> -rw-rw-r--. 1 admin admin  365812 Oct 14 11:47
>>> selinux-policy-sandbox-3.13.1-23.el7.centos.noarch.rpm
>>> -rw-rw-r--. 1 admin admin 4084412 Oct 14 11:47
>>> selinux-policy-targeted-3.13.1-23.el7.centos.noarch.rpm
>>>
>>> Thanks.
>>> --
>>> selinux mailing list
>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux