On 08/04/2011 04:26 PM, Daniel J Walsh wrote: > On 08/04/2011 03:33 PM, Stephen Smalley wrote: >> On Thu, 2011-08-04 at 13:59 -0400, Eric Paris wrote: >>> well I guess [selinuxfs]/initial_contexts/unlabeled works for the >>> first part, but how to come up with the lib_t/var_t I don't >>> know.... more initial sids :) >> >> chcon --reference=/lib ... chcon --reference=/var ... >> >> Or: chcon `matchpathcon /lib` ... >> >> > > > How about this patch... If you don't have /selinux mounted in one of those two places secon -t will return your process type, which might delete the wrong files. Not that it makes a huge difference, but we don't really need to pare it down to just the type with secon -t and then search using *$TYPE*. I also question the use of /sys/fs/selinux/ but I'm not sure we have a good way to find that in a script..... Do we have one? -Eric -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
