Thomas wrote: > Imho: longest path match wins. > > > can you show your fcontext rules regarding that directory? > > tip: with `matchpathcon /path/...` you can try any path what context it > would get (existing or not (yet) existing paths) without changing > anything on the fs. > Ah, thanks. Did that, and the /<path>/smwa/webagent/bin is bin_t. Now, that might be right... but the idiots of CA, who only know Windows, do not have a ./lib, and all the .so's are in the bin directory... Am I going to have to live with that? mark > Am 8. Mai 2019 17:37:52 MESZ schrieb mark <m.roth@xxxxxxxxx>: > >> Thomas wrote: >> >>> there is no - for the fcontext action. >>> >>> semanage fcontext ... >>> >> Duh... Yeah, a few minutes after I posted, I realized that, and it >> *seemed* to work. But now, I've got a different issue: I did a >> restorecon -rv /*/smwa/webagent/bin... and now all the .so's are bin_t, >> instead of lib_t >> >> >>> thomas >>> >>> Am 8. Mai 2019 17:31:13 MESZ schrieb mark <m.roth@xxxxxxxxx>: >>> >>> >>>> We're forced to use Siteminder, by CA, who have no clue what >>>> they're doing in *nix. No packages, tarballs... >>>> >>>> Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin >>>> (all >>>> their binaries, including .so's, are in there, duh... I'm trying to >> set >>>> the .so's to lib_t. semanage -fcontext -a -t lib_t >>>> "/<elided>/smwa/webagent/bin(/.*).so" >>>> >>>> >>>> >>>> gives me the completely unexpected response of semanage: error: >> argument >>>> subcommand: invalid choice: 'lib_t' (choose >>>> from 'import', 'export', 'login', 'user', 'port', 'ibpkey', >> 'ibendport', >> >>>> 'interface', 'module', 'node', 'fcontext', 'boolean', 'permissive', >>>> 'dontaudit') >>>> >>>> >>>> >>>> What am I doing wrong? >>>> >>>> >>>> >>>> mark >>>> >>>> _______________________________________________ >>>> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To >> unsubscribe >>>> send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code >> of >>>> Conduct: https://getfedora.org/code-of-conduct.html >>>> List Guidelines: >>>> >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> >>>> List Archives: >>>> >>>> >> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproje >> c >>>> t.org >>> _______________________________________________ >>> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To >> unsubscribe send >>> an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of >> Conduct: >> >>> https://getfedora.org/code-of-conduct.html >>> List Guidelines: >>> >> https://fedoraproject.org/wiki/Mailing_list_guidelines >> >>> List Archives: >>> >>> >> https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproje >> ct >>> .org >>> >>> >>> > _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx