-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Konrad Azzopardi wrote:
Hi people,
i have the following policy version installed selinux-policy-3.3.1-107.fc9.noarch selinux-policy-devel-3.3.1-107.fc9.noarch selinux-policy-targeted-3.3.1-107.fc9.noarch
I create an Selinux policy and generated the following filecontexts
[root@MALTA konsu]# semanage fcontext -l | grep yule /etc/init.d/yule regular file system_u:object_r:yule_script_exec_t:s0 /var/run/yule.pid regular file system_u:object_r:yule_var_run_t:s0 /var/log/yule(/.*)? regular file system_u:object_r:yule_log_t:s0 /var/lib/yule(/.*)? regular file system_u:object_r:yule_var_lib_t:s0 /etc/yulerc regular file system_u:object_r:yule_config_t:s0 /usr/local/sbin/yule regular file system_u:object_r:yule_exec_t:s0
Allt he files seems to become labelled normally as expected except /etc/init.d/yule
[root@MALTA konsu]# restorecon -R -v /etc/init.d/yule [root@MALTA konsu]# ls -lrtZ /etc/init.d/yule -rwx------ root root system_u:object_r:initrc_exec_t:s0 /etc/init.d/yule
I cannot get rid of initrc_exec_t. Although my script is still confined correctly, I would like to label this file normally, is there a reason why restorecon fails ?
many thanks konrad
fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Make sure you escape the "."s The regular expression matching does not always work as expected.
/etc/init.d/yule regular file system_u:object_r:yule_script_exec_t:s0