On 03/21/13 07:32, Laurent Bigonville wrote: > Hello, > > I remember that I already talk about this on IRC a while back, but I > don't remember if there was any outcome. > > The refpolicy is containing the following filecontext: > > /usr/(s)?bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > > But for some reasons /usr/sbin/gdm3 is labeled on disk as bin_t instead > of xdm_exec_t. matchpathcon is giving me this: > > /usr/bin/gdm system_u:object_r:xdm_exec_t:SystemLow > /usr/bin/gdm3 system_u:object_r:xdm_exec_t:SystemLow > /usr/sbin/gdm system_u:object_r:bin_t:SystemLow > /usr/sbin/gdm3 system_u:object_r:bin_t:SystemLow > > Changing the regex to /usr/s?bin/gdm(3)? fix the issue. > > Shouldn't this be fixed in the userspace libraries? I'm not clear; are you saying this is a file context sorting issue or a matchpathcon error? Matchpathcon should be able to handle a regex with ()? so I'd guess its a sorting issue. Since sorting file contexts is tricky, it would probably be simpler to fix the policy. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
