I (a greenhorn with selinux) am writing a policy for a daemon that streams music files over my home network to a music player client (a Slimdevices Squeezebox). My OS is FC5.<br><br>The main daemon (/usr/sbin/slimserver) is a perl script that serves the music files and is started with an init script. My questions have to do with a secondary program (/usr/sbin/slimserver-scanner, also a perl script) that scans the music on the server, reading mp3 tags and such, and generates a database of stored music that is stored in a MySQL database. /usr/sbin/slimserver-scanner is invoked by the /usr/sbin/slimserver daemon and might be invoked by the user (although I can&#39;t recall ever doing so in several years of owning a Squeezebox).
<br><br>I&#39;ve been following the example posted by Dan Walsh in a blog at <a href="http://danwalsh.livejournal.com/8707.html?thread=39171">http://danwalsh.livejournal.com/8707.html?thread=39171</a> which has been extremely helpful.
<br><br>My (2) questions:<br>1. What is the appropriate file context for the scanner program?<br>system_u:object_r:sbin_t?<br>system_u:object_r:slimserver_t?<br>system_u:object_r:slimserver_exec_t?<br><br>The generated slimserver.fc
 file contains:<br>
# slimserver executable will have:<br>
# label: system_u:object_r:slimserver_exec_t<br>
# MLS sensitivity: s0<br>
# MCS categories: &lt;none&gt;<br>
<br>
/usr/sbin/slimserver&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; --&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gen_context(system_u:object_r:slimserver_exec_t,s0)<br>
/var/run/slimserver.pid&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gen_context(system_u:object_r:slimserver_var_run_t,s0)<br>
/var/log/slimserver&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gen_context(system_u:object_r:slimserver_var_log_t,s0)<br>
<br>and the slimserver.if file contains:<br>interface(`slimserver_domtrans&#39;,`<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; gen_require(`<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; type slimserver_t, slimserver_exec_t;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &#39;)<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; domain_auto_trans($1,slimserver_exec_t,slimserver_t)
<br><br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; allow $1 slimserver_t:fd use;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; allow slimserver_t $1:fd use;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; allow slimserver_t $1:fifo_file rw_file_perms;<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; allow slimserver_t $1:process sigchld;<br>&#39;)<br><br>2. There is no reason to add the scanner program be added to 
slimserver.fc that was generated by policygentool, is there? The file itself just needs to be labeled appropriately, right? Or does that file play some role in policy compilation in a step that I did not explicitly executed when I invoked &#39;make -f /usr/share/selinux/devel/Makefile&#39;?
<br><br>Thanks in advance.<br>-al<br>-- <br>Al Pacifico<br>Seattle, WA