-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/24/2011 05:46 PM, Sam Gandhi wrote: > On Tue, May 24, 2011 at 2:07 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 05/24/2011 04:46 PM, Sam Gandhi wrote: >>> Hello, >>> >>> I am working on a embedded platform and we have busybox on this device. >>> >>> What we would like to do do is assign diffrent labels to various >>> busybox links. What we have seen when running things on JFFS2 when I >>> label a symbolic link, the actual file gets the label, but the link >>> itself doesn't (according to ls -lZ output). We have seen similar >>> behaviour with files on tmpfs as well. >>> >>> ls -lZ >>> -rw-r--r-- 1 0 Jan 1 00:12 system_u:object_r:myfile_t X >>> lrwxrwxrwx 1 1 Jan 1 00:13 user_u:object_r:tmpfs_t Y -> X >>> >>> Is there no way to assign different label to symlink and actual files? >>> Is this file-system specific issue? Are there any file-system that >>> support assigning seperate labels to symlink and actual file? >>> >>> -Sam >>> >>> -- > >>> >>> >> Yes you can label symbolic links differently then their targets, how are >> you assiging the labels? >> > > I am using setfilecon program found in package > On tmpfs file I did : > > cd /tmp/ > touch X > ln -s X Y > setfilecon system_u:object_r:myfile_t Y > > And I see ls -lZ output as I shown above which shows /tmp/X has the > myfile_t label and not Y > > I can't really use tools like semanage 'cause I can't install python > on this system. I will try to "reverse" engineer what semanage does > and how it handles symlink v/s regular files. > > -Sam Use chcon instead of setfilecon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk3c7wEACgkQrlYvE4MpobNYAACgvI/CIEJ1AuXBYFVM0wMAtFae qpgAniOIEfmzeMrOgav+8oRIigT/AhNJ =9kUk -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
