Thomas wrote:
> Imho: longest path match wins.
>
>
> can you show your fcontext rules regarding that directory?
>
> tip: with `matchpathcon /path/...` you can try any path what context it
> would get (existing or not (yet) existing paths) without changing
> anything on the fs.
>
Ah, thanks. Did that, and the /<path>/smwa/webagent/bin is bin_t. Now,
that might be right... but the idiots of CA, who only know Windows, do not
have a ./lib, and all the .so's are in the bin directory... Am I going to
have to live with that?
mark
> Am 8. Mai 2019 17:37:52 MESZ schrieb mark <m.roth@xxxxxxxxx>:
>
>> Thomas wrote:
>>
>>> there is no - for the fcontext action.
>>>
>>> semanage fcontext ...
>>>
>> Duh... Yeah, a few minutes after I posted, I realized that, and it
>> *seemed* to work. But now, I've got a different issue: I did a
>> restorecon -rv /*/smwa/webagent/bin... and now all the .so's are bin_t,
>> instead of lib_t
>>
>>
>>> thomas
>>>
>>> Am 8. Mai 2019 17:31:13 MESZ schrieb mark <m.roth@xxxxxxxxx>:
>>>
>>>
>>>> We're forced to use Siteminder, by CA, who have no clue what
>>>> they're doing in *nix. No packages, tarballs...
>>>>
>>>> Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin
>>>> (all
>>>> their binaries, including .so's, are in there, duh... I'm trying to
>> set
>>>> the .so's to lib_t. semanage -fcontext -a -t lib_t
>>>> "/<elided>/smwa/webagent/bin(/.*).so"
>>>>
>>>>
>>>>
>>>> gives me the completely unexpected response of semanage: error:
>> argument
>>>> subcommand: invalid choice: 'lib_t' (choose
>>>> from 'import', 'export', 'login', 'user', 'port', 'ibpkey',
>> 'ibendport',
>>
>>>> 'interface', 'module', 'node', 'fcontext', 'boolean', 'permissive',
>>>> 'dontaudit')
>>>>
>>>>
>>>>
>>>> What am I doing wrong?
>>>>
>>>>
>>>>
>>>> mark
>>>>
>>>> _______________________________________________
>>>> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To
>> unsubscribe
>>>> send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code
>> of
>>>> Conduct: https://getfedora.org/code-of-conduct.html
>>>> List Guidelines:
>>>>
>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>
>>>> List Archives:
>>>>
>>>>
>> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproje
>> c
>>>> t.org
>>> _______________________________________________
>>> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To
>> unsubscribe send
>>> an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of
>> Conduct:
>>
>>> https://getfedora.org/code-of-conduct.html
>>> List Guidelines:
>>>
>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>>
>>> List Archives:
>>>
>>>
>> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproje
>> ct
>>> .org
>>>
>>>
>>>
>
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
