how to influence the label of files generated by an appliaction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dear Members,

I am maintaining a SELinux policy module for an application (A) and one of its submodules (B).
By now I have reached a point where all the rules seem to be in place, and both A and B processes transition to their respective process labels, and have their associated file types, the related permissions and file paths set up.
My problem is that even though a process of B is running with the B process label, it is supposed to create some files and directories of its own under a directory that has a label related to A. The B process has the necessary rights to create those directories and files underneath the directory with the label belonging to A. The problem is that the files created by the process B will not be created with the file label belonging to B, but seem to inherit the label from the parent directory, that has a label belonging to A. This happens in spite of having the file contexts and paths set up correctly in the module's fc rules.
So if I run restorecon on the files that were just created (by B, but have a label belonging to A), it will (re)set them to the file labels I intended them to have originally.

How can I overcome this problem? This behavior causes an ugly logical flaw in the logical design of my SELinux modules.

Thanks in advance for any help!

Best Regards,
János Szigetvári

--
Janos SZIGETVARI
RHCE, License no. 150-053-692

Web: janos.szigetvari.com

__@__˚V˚
Make the switch to open (source) applications, protocols, formats now:
- windows -> Linux, iexplore -> Firefox, msoffice -> LibreOffice
- msn -> jabber protocol (Pidgin, Google Talk)
- mp3 -> ogg, wmv -> ogg, jpg -> png, doc/xls/ppt -> odt/ods/odp
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux