On Tue, 2011-05-24 at 14:46 -0700, Sam Gandhi wrote: > On Tue, May 24, 2011 at 2:07 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 05/24/2011 04:46 PM, Sam Gandhi wrote: > >> Hello, > >> > >> I am working on a embedded platform and we have busybox on this device. > >> > >> What we would like to do do is assign diffrent labels to various > >> busybox links. What we have seen when running things on JFFS2 when I > >> label a symbolic link, the actual file gets the label, but the link > >> itself doesn't (according to ls -lZ output). We have seen similar > >> behaviour with files on tmpfs as well. > >> > >> ls -lZ > >> -rw-r--r-- 1 0 Jan 1 00:12 system_u:object_r:myfile_t X > >> lrwxrwxrwx 1 1 Jan 1 00:13 user_u:object_r:tmpfs_t Y -> X > >> > >> Is there no way to assign different label to symlink and actual files? > >> Is this file-system specific issue? Are there any file-system that > >> support assigning seperate labels to symlink and actual file? > >> > >> -Sam > >> > >> -- > > >> > >> > > Yes you can label symbolic links differently then their targets, how are > > you assiging the labels? > > > > I am using setfilecon program found in package > On tmpfs file I did : > > cd /tmp/ > touch X > ln -s X Y > setfilecon system_u:object_r:myfile_t Y > > And I see ls -lZ output as I shown above which shows /tmp/X has the > myfile_t label and not Y > > I can't really use tools like semanage 'cause I can't install python > on this system. I will try to "reverse" engineer what semanage does > and how it handles symlink v/s regular files. Just change setfilecon to call lsetfilecon() instead of setfilecon(). Or use setfiles or chcon instead. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
