<br><br><div class="gmail_quote">On Thu, Jan 19, 2012 at 7:01 PM, Dominick Grift <span dir="ltr"><<a href="mailto:dominick.grift@gmail.com">dominick.grift@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Thu, 2012-01-19 at 14:58 +0530, Nabeel Moidu wrote:<br>
> Hi<br>
><br>
><br>
> Can the file context specification recursively assign contexts when<br>
> using regex ?<br>
><br>
><br>
> Eg. I have<br>
> a/b/c/d<br>
><br>
><br>
> and if I specify in selinuxrule.fc<br>
><br>
><br>
> a* gen_context(system_u:object_r:myapp_exec_t)<br>
><br>
><br>
> Will this apply to only files under a or files under a/b, a/b/c and<br>
> a/b/c/d etc. also ?<br>
><br>
<br>
</div>Have a look at source file contexts file to get an impression of how to<br>
use regular expressions.<br>
<br>
for example:<br>
<a href="http://git.fedorahosted.org/git/?p=selinux-policy.git;a=blob;f=policy/modules/system/miscfiles.fc;h=88fc786b6e22b08bf49e81257d1e4c2f3932ca52;hb=b246ab21a38788b0ca014ddede8fa4c64bace103" target="_blank">http://git.fedorahosted.org/git/?p=selinux-policy.git;a=blob;f=policy/modules/system/miscfiles.fc;h=88fc786b6e22b08bf49e81257d1e4c2f3932ca52;hb=b246ab21a38788b0ca014ddede8fa4c64bace103</a><br>
<br>
To apply myapp_exec_t to only files under /a and below, i think this<br>
would work:<br>
<br>
/a(/.*)? -- gen_context(system_u:object_r:myapp_exec_t,s0)<br>
<br>
The "/a(/.*)?" means "/a and everything below it (recursive)"<br>
The -- means "applies only to files"<br>
<br>
-- files<br>
-d directories<br>
-s sock files<br>
-c charachter files<br>
-b block files<br>
.. etc<br>
<br></blockquote><div>Perfectly clear. Thanks a lot. </div><div><br></div><div>BTW your videos on youtube are excellent. Thanks for the effort.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
if you dont specify the object class where the spec should apply to then<br>
it applies to any object class<br>
<br>
Have a look at examples:<br>
semanage fcontext -l | less<br>
<br>
I hope this helps<br>
<div class="im"><br>
><br>
> --<br>
> Thanks and Regards<br>
> Nabeel Moidu<br>
><br>
><br>
</div>> --<br>
> selinux mailing list<br>
> <a href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/selinux" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/selinux</a><br>
<font color="#888888"><br>
<br>
--<br>
selinux mailing list<br>
<a href="mailto:selinux@lists.fedoraproject.org">selinux@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/selinux" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/selinux</a></font></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">
Thanks and Regards<br>Nabeel Moidu</div><br>