Re: pam_namespace context inside of name.inst

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Dominick Grift wrote:

On Sat, Sep 26, 2009 at 11:12:20PM -0700, Justin Mattock wrote:

I'm going crazy over here trying to figure
out how one system created a context inside
name.inst one way and another for the other system:

the first system has inside of
name.inst:
system_u:object_r:file_t_name


This is wrong because the fs wasnt labelled properly

That's what I figured,(this is the system that I did not label
before turning on namespace).

and on the other system I have:

name:object_r:user_home_dir_t_name


This is right

This is from the system that was labeled before turning on namespace.

the only difference with the machines is one machine
had not been labeled yet, before turning on namespace.

what should be the right context directory inside of
name.inst?


Depends, i think theres 3 different possibilities (not sure)

first theres only name (no selinux) which create a dir with the user name
second is context which create a dir with the context of the usre home dir (user_home_dir_t and appends the user name
third is level , which creates a dir with the context of the user home dir and appends the username and also appends the level of the dir.


--
Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

So either you can use(name,context,level) or (meth=1,2,3)?
(I'm wondering if this is all I need to configure)

Anyways what's getting me is after the initial loading
of namespace, the directory is created with the context
(namespace.conf is set to it's default).
Then after wards I haven't found a way to change that directory
(besides using mv, or cp)from what it is(*file_t) to
the correct context(*home_dir_t)

if I delete that directory, then logout/in namespace does not
create another. Is there a way to reset namespace and start fresh
since I messed up and turned on namespace before labeling my filesystem,
causing it to somehow be stuck with the wrong labeled context?

Justin P. Mattock

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux