Hi list,
I've got some file contexts setup for an application, and can't get the file context matching to work as I would expect.
[root@dev1 policy]# cat /etc/selinux/targeted/contexts/files/file_contexts | grep cinched
/etc/cinched(/.*)? system_u:object_r:ts_etc_t:s0
/var/log/cinched(/.*)? system_u:object_r:ts_log_t:s0
/var/lib/cinched(/.*)? system_u:object_r:ts_t:s0
/usr/lib64/cinched(/.*)? system_u:object_r:ts_lib_t:s0
/etc/bash_completion.d/cinched_bash_completions system_u:object_r:ts_etc_t:s0
/var/log/cinched/audit(/.*)? system_u:object_r:ts_audit_log_t:s0
/usr/sbin/cinched system_u:object_r:ts_exec_t:s0
[root@dev1 policy]# matchpathcon /usr/lib64/cinched/
/usr/lib64/cinched system_u:object_r:lib_t:s0
[root@dev1 policy]# findcon /etc/selinux/targeted/contexts/files/file_contexts -p /usr/lib64/cinched
/.* system_u:object_r:default_t:s0
/usr/.* system_u:object_r:usr_t:s0
/usr/lib64/cinched(/.*)? system_u:object_r:ts_lib_t:s0
This is running on CentOS 7. I was assuming that since my rule has the longest stem, it would be applied.
Any suggestions?
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
