Re: Issues trying to change the selinux context

Thomas <thomas@xxxxxxxxxxxxxx> · Wed, 08 May 2019 17:44:40 +0200

Imho: longest path match wins.

can you show your fcontext rules regarding that directory? 

tip: with `matchpathcon /path/...` you can try any path what context it would get (existing or not (yet) existing paths) without changing anything on the fs.

Am 8. Mai 2019 17:37:52 MESZ schrieb mark <m.roth@xxxxxxxxx>:
Thomas wrote:
 there is no - for the fcontext action.

 semanage fcontext ...

Duh... Yeah, a few minutes after I posted, I realized that, and it
*seemed* to work. But now, I've got a different issue: I did a restorecon
-rv /*/smwa/webagent/bin... and now all the .so's are bin_t, instead of
lib_t

 thomas

 Am 8. Mai 2019 17:31:13 MESZ schrieb mark <m.roth@xxxxxxxxx>:

 We're forced to use Siteminder, by CA, who have no clue what they're
 doing in *nix. No packages, tarballs...

 Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin
 (all
 their binaries, including .so's, are in there, duh... I'm trying to set
 the .so's to lib_t. semanage -fcontext -a -t lib_t
 "/<elided>/smwa/webagent/bin(/.*).so"

 gives me the completely unexpected response of semanage: error: argument
 subcommand: invalid choice: 'lib_t' (choose
 from 'import', 'export', 'login', 'user', 'port', 'ibpkey', 'ibendport',
 'interface', 'module', 'node', 'fcontext', 'boolean', 'permissive',
 'dontaudit')

 What am I doing wrong?

 mark
 selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe
 send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of
 Conduct: https://getfedora.org/code-of-conduct.html
 List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
 List Archives:
 https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraprojec
 t.org
 selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send
 an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct:
 https://getfedora.org/code-of-conduct.html
 List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
 List Archives:
 https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject
 .org

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx