-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/30/2013 02:31 PM, Fl@sh wrote:
On Fri, 30 Aug 2013 09:39:50 -0400 Daniel J Walsh
<dwalsh(a)redhat.com>
wrote:
> Have not done it for a while. You have to label the home dir and tmp dir
> with the same label as you are going to run. Then you might need an
> improved type to get it to start.
I`m done:
# chcon -t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_HOME # chcon
-t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_TMP $ ls -Z . | grep
123 -rw-rw-r--. Flash Flash unconfined_u:object_r:user_home_t:s0 123
drwxrwxr-x. Flash Flash unconfined_u:object_r:sandbox_file_t:s0:c123,c456
Example_HOME drwxrwxr-x. Flash Flash
unconfined_u:object_r:sandbox_file_t:s0:c123,c456 Example_TMP
$ /usr/bin/sandbox -s -d 96 -l s0:c123,c456 -X -H /home/Flash/Example_HOME
-T /home/Flash/Example_TMP -I
/home/Flash/.config/se-sandbox-runner/tyututiu_90.included -W kwin -w
1000x700 -t sandbox_x_t -S
blink X-window, then nothing... $
What i do not so? And what this -- "an IMPROVED TYPE to get it to start" ?
Try it in permissive mode.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird -
http://www.enigmail.net/
iEYEARECAAYFAlIg+48ACgkQrlYvE4MpobP37ACgpYfQxX1Jx8zRKFPAwJYKC6vR
ZGEAoLFRyplUn3UkzKNuaREbZeBvPo+L
=sKr5
-----END PGP SIGNATURE-----