problems labeling files
Michael Atighetchi
matighet at bbn.com
Tue Jul 26 14:12:31 UTC 2011
On 7/26/2011 4:05 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/26/2011 09:53 AM, Michael Atighetchi wrote:
>> Hi Daniel,
>>
>> I'm using sepolgen from policycoreutils-gui-2.0.85-28.fc14.x86_64.
>>
>> The policy file that I hand modified (and caused the labeling
>> problems) was attached to the previous email.
>>
>> Note that sepolgen refuses to generate policies for files that have a
>> "." in them, which seems like a pretty significant restriction.
>>
>> Here is the trace:
>>
>> [proxyuser at lime selinux]$ sepolgen -t 3
>> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
>>
>> Name must be alpha numberic with no spaces.
>>
>> sepolgen [ -m ] [ -t type ] [ executable | Name ] valid Types:
>>
>> 0 Standard Init Daemon 1 DBUS System Daemon 2
>> Internet Services Daemon 3 User Application 4 Web
>> Application/Script (CGI) 5 Minimal X Windows User Role 6
>> Minimal Terminal User Role 7 User Role 8 Admin User Role
>> 10 Root Admin User Role 11 Sandbox [proxyuser at lime
>> selinux]$
>>
>> So long Michael
>>
>>
>> On 7/26/2011 3:04 PM, Daniel J Walsh wrote: On 07/26/2011 06:38 AM,
>> Michael Atighetchi wrote:
>>>>> On 7/26/2011 12:29 PM, Dominick Grift wrote:
>>>>>> On Tue, 2011-07-26 at 12:28 +0200, Michael Atighetchi wrote:
>>>>>>> One thing I realized using sepolgen is that it reject
>>>>>>> filenames that have "." in them. In the example below, I
>>>>>>> was trying to label "runSeed.sh", so maybe the fact that it
>>>>>>> has a "." in it broke the labeling ?
>>>>>> Yes sometimes you need to escape dots
>>>>>>
>>>>>> the matchpathcon should expose that
>>>>> Thanks a bunch - I got things working by removing the "." in
>>>>> the filename and rerunning sepolgen on the new file.
>>>>>
>>>>> Support on this mailing list rocks! Michael
>>>>>
>> Could you attach the policy that was generated with the . in the
>> file name? Also what version of sepolgen were you using?
>>> -- selinux mailing list selinux at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
> Try
>
> sepolgen -n runseed -t 3
> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
>
> Usage command should mention this field
>
>
> I will add a patch to output the following
>
> # sepolgen -t 3
> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
>
> Name must be alpha numberic with no spaces. Consider using option "-n
> MODULENAME"
>
> sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
> valid Types:
>
> 0 Standard Init Daemon
> 1 DBUS System Daemon
> 2 Internet Services Daemon
> 3 User Application
> 4 Web Application/Script (CGI)
> 5 Minimal X Windows User Role
> 6 Minimal Terminal User Role
> 7 User Role
> 8 Admin User Role
> 10 Root Admin User Role
> 11 Sandbox
Got it - thanks.
Michael
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk4uyY0ACgkQrlYvE4MpobMpLACeLHFoFlli+cqlCzR8B+q6x8Et
> s7IAoMIpRLiPNyoktg1yWe4FMW6GJ8Jn
> =eOTQ
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Michael Atighetchi
Senior Scientist
Raytheon BBN Technologies
617-873-1679
matighet at bbn.com
More information about the selinux
mailing list