making a file context change work for initrc_t and unconfined_t
Maria Iano
maria at iano.org
Sat Feb 4 16:01:24 UTC 2012
On Feb 4, 2012, at 3:56 AM, Dominick Grift wrote:
> On Fri, 2012-02-03 at 21:41 -0500, Maria Iano wrote:
>
>> Those files are
>> /var/lib/likewise/.eventlog
>> /var/lib/likewise/krb5cc_lsass.AD.DOMAIN
>> /var/lib/likewise/db/lsass-adcache.filedb.AD.DOMAIN
>>
>> What happened was that I ran restorecon on them after they had been
>> created but before those AVCs. I added these rules to the fc file:
>>
>> /var/lib/likewise/\.eventlog -s
>> gen_context(system_u:object_r:eventlogd_var_socket_t,s0)
>> /var/lib/likewise/krb5cc\_lsass\..* --
>> gen_context(system_u:object_r:lsassd_var_lib_t, s0)
>> /var/lib/likewise/db/lsass-adcache\.filedb\..* --
>> gen_context(system_u:object_r:lsassd_var_lib_t,s0)
>>
>> and matchpathcon gives the correct type for them now.
>>
>> I haven't had any new AVC messages since those last changes.
>>
>>
>>
>
> Thanks. Attached patch is what i think might be the proper fixes for
> upstream.
>
>
> <Likewise.patch>
Some of the additional file contexts were missing. I've added them to
the patch file. I've also attached my te and fc files. Please note, my
new diff compared directory trees that were different from yours. Here
a line from the updated patch that shows what I'm talking about:
diff --git a/current/policy/modules/services/likewise.fc b/new/policy/
modules/services/likewise.fc
Thanks!
Maria
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Likewise.patch
Type: application/octet-stream
Size: 14696 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120204/b1f04405/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mylikewise.fc
Type: application/octet-stream
Size: 3939 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120204/b1f04405/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mylikewise.te
Type: application/octet-stream
Size: 677 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120204/b1f04405/attachment-0002.obj>
-------------- next part --------------
More information about the selinux
mailing list