On 02/02/2016 12:48 PM, Mark Steele wrote:
Hi list, I've got some file contexts setup for an application, and can't get the file context matching to work as I would expect. [root@dev1 policy]# cat /etc/selinux/targeted/contexts/files/file_contexts | grep cinched /etc/cinched(/.*)? system_u:object_r:ts_etc_t:s0 /var/log/cinched(/.*)? system_u:object_r:ts_log_t:s0 /var/lib/cinched(/.*)? system_u:object_r:ts_t:s0 */usr/lib64/cinched(/.*)? system_u:object_r:ts_lib_t:s0* /etc/bash_completion.d/cinched_bash_completions system_u:object_r:ts_etc_t:s0 /var/log/cinched/audit(/.*)? system_u:object_r:ts_audit_log_t:s0 /usr/sbin/cinched system_u:object_r:ts_exec_t:s0 [root@dev1 policy]# matchpathcon /usr/lib64/cinched/ */usr/lib64/cinched system_u:object_r:lib_t:s0* [root@dev1 policy]# findcon /etc/selinux/targeted/contexts/files/file_contexts -p /usr/lib64/cinched /.* system_u:object_r:default_t:s0 /usr/.* system_u:object_r:usr_t:s0 */usr/lib64/cinched(/.*)? system_u:object_r:ts_lib_t:s0* This is running on CentOS 7. I was assuming that since my rule has the longest stem, it would be applied. Any suggestions?
It would help to see the complete file_contexts file. Do you have anything in file_contexts.local that could be overriding it? _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
