On Wed, 25 May 2011, Sam Gandhi <samgandhi9@xxxxxxxxx> wrote: > cd tmp > touch X > ln -s X Y > setfilecon system_u:object_r:myfile_t Y > > And I see ls -lZ output as I shown above which shows /tmp/X has the > myfile_t label and not Y Don't use setfilecon, use chcon which has a -h option to label symlinks. > I can't really use tools like semanage 'cause I can't install python > on this system. I will try to "reverse" engineer what semanage does > and how it handles symlink v/s regular files. I think that most people who do embedded stuff prepare their image on a workstation or server and label it there. The setfiles program has the -r option which is good for this. If you are going to label it on the device then you might consider modifying setfiles to output a shell script that runs chcon on all the files. That shouldn't be too hard to do. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
