On Tue, 2011-05-24 at 13:46 -0700, Sam Gandhi wrote: > Is there no way to assign different label to symlink and actual files? > Is this file-system specific issue? Are there any file-system that > support assigning seperate labels to symlink and actual file? You can assign different labels to symbolic links and other type of files. When you specify a file context for a particular file you can specify the nature of the file This is just like you would normally get attributes "of files" The bits start with any of these - (file) d (dir) l (link file) s (socket) p (pipe) c (character file) b (block file) So when you specify a context for a single file you would: semanage fcontext -a -t mytype_t /path/myfile That is the default behaviour. I suspect this will yield the same result: semanage fcontext -a -t mytype_t -f -- /path/myfile If you use a file content file you would: /path/myfile -- gen_context(system_u:object_r:mytype_t, s0) Note the --, it means this is a single file Now lets specify a symlink semanage fcontext -a -t mylnk_t -f -l /path/link or with a file context file /path/link -l gen_context(system_u:object_r:mylnk_t, s0) other examples /path/fifo -p gen_context(system_u:object_r:mypipe_t, s0) /path/mycharacterfile -c gen_context(system_u:object_r:mycharfile_t, s0) /path/myblockfile -b gen_context(system_u:object_r:myblkfile_t, s0) /path/mysocket -s gen_context(system_u:object_r:mysockfile_t, s0) note though that restoring the context of lnk files can be confusing. chcon also have a special option (-h) for symlinks.
Attachment:
signature.asc
Description: This is a digitally signed message part
