Imho: longest path match wins.
can you show your fcontext rules regarding that directory?
tip: with `matchpathcon /path/...` you can try any path what context it
would get (existing or not (yet) existing paths) without changing
anything on the fs.
Ah, thanks. Did that, and the /<path>/smwa/webagent/bin is bin_t. Now,
that might be right... but the idiots of CA, who only know Windows, do not
have a ./lib, and all the .so's are in the bin directory... Am I going to
have to live with that?
mark
Am 8. Mai 2019 17:37:52 MESZ schrieb mark <m.roth(a)5-cent.us>:
> Thomas wrote:
>
>> there is no - for the fcontext action.
>>
>> semanage fcontext ...
>>
> Duh... Yeah, a few minutes after I posted, I realized that, and it
> *seemed* to work. But now, I've got a different issue: I did a
> restorecon -rv /*/smwa/webagent/bin... and now all the .so's are bin_t,
> instead of lib_t
>
>
>> thomas
>>
>> Am 8. Mai 2019 17:31:13 MESZ schrieb mark <m.roth(a)5-cent.us>:
>>
>>
>>> We're forced to use Siteminder, by CA, who have no clue what
>>> they're doing in *nix. No packages, tarballs...
>>>
>>> Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin
>>> (all
>>> their binaries, including .so's, are in there, duh... I'm trying to
> set
>>> the .so's to lib_t. semanage -fcontext -a -t lib_t
>>> "/<elided>/smwa/webagent/bin(/.*).so"
>>>
>>>
>>>
>>> gives me the completely unexpected response of semanage: error:
> argument
>>> subcommand: invalid choice: 'lib_t' (choose
>>> from 'import', 'export', 'login', 'user',
'port', 'ibpkey',
> 'ibendport',
>
>>> 'interface', 'module', 'node', 'fcontext',
'boolean', 'permissive',
>>> 'dontaudit')
>>>
>>>
>>>
>>> What am I doing wrong?
>>>
>>>
>>>
>>> mark
>>>
>>> _______________________________________________
>>> selinux mailing list -- selinux(a)lists.fedoraproject.org To
> unsubscribe
>>> send an email to selinux-leave(a)lists.fedoraproject.org Fedora Code
> of
>>> Conduct:
https://getfedora.org/code-of-conduct.html
>>> List Guidelines:
>>>
>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>
>>> List Archives:
>>>
>>>
>
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproje
> c
>>> t.org
>> _______________________________________________
>> selinux mailing list -- selinux(a)lists.fedoraproject.org To
> unsubscribe send
>> an email to selinux-leave(a)lists.fedoraproject.org Fedora Code of
> Conduct:
>
>>
https://getfedora.org/code-of-conduct.html
>> List Guidelines:
>>
>
https://fedoraproject.org/wiki/Mailing_list_guidelines
>
>> List Archives:
>>
>>
>
https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproje
> ct
>> .org
>>
>>
>>