On 08/04/2011 05:00 PM, Eric Paris wrote:
> On 08/04/2011 04:26 PM, Daniel J Walsh wrote:
>> On 08/04/2011 03:33 PM, Stephen Smalley wrote:
>>> On Thu, 2011-08-04 at 13:59 -0400, Eric Paris wrote:
>>>> well I guess [selinuxfs]/initial_contexts/unlabeled works for
>>>> the first part, but how to come up with the lib_t/var_t I
>>>> don't know.... more initial sids :)
>>>
>>> chcon --reference=/lib ... chcon --reference=/var ...
>>>
>>> Or: chcon `matchpathcon /lib` ...
>>>
>>>
>>
>>
>> How about this patch...
>
> If you don't have /selinux mounted in one of those two places secon
> -t will return your process type, which might delete the wrong
> files.
>
I guess we should just exit with an error if this happens.
> Not that it makes a huge difference, but we don't really need to pare
> it down to just the type with secon -t and then search using
> *$TYPE*.
>
Well if you are using mcstransd the MLS field could be translated.
> I also question the use of /sys/fs/selinux/ but I'm not sure we have
> a good way to find that in a script..... Do we have one?
>
grep selinuxfs /proc/self/mountinfo | awk '{ print $5 }'
> -Eric
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
