problems labeling files

Michael Atighetchi matighet at bbn.com
Tue Jul 26 13:53:08 UTC 2011 

Hi Daniel,

I'm using sepolgen from policycoreutils-gui-2.0.85-28.fc14.x86_64.

The policy file that I hand modified (and caused the labeling problems) 
was attached to the previous email.

Note that sepolgen refuses to generate policies for files that have a 
"." in them, which seems like a pretty significant restriction.

Here is the trace:

[proxyuser at lime selinux]$ sepolgen -t 3 
/home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh

Name must be alpha numberic with no spaces.

sepolgen [ -m ] [ -t type ] [ executable | Name ]
valid Types:

         0       Standard Init Daemon
         1       DBUS System Daemon
         2       Internet Services Daemon
         3       User Application
         4       Web Application/Script (CGI)
         5       Minimal X Windows User Role
         6       Minimal Terminal User Role
         7       User Role
         8       Admin User Role
         10      Root Admin User Role
         11      Sandbox
[proxyuser at lime selinux]$

So long
Michael


On 7/26/2011 3:04 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/26/2011 06:38 AM, Michael Atighetchi wrote:
>> On 7/26/2011 12:29 PM, Dominick Grift wrote:
>>> On Tue, 2011-07-26 at 12:28 +0200, Michael Atighetchi wrote:
>>>> One thing I realized using sepolgen is that it reject filenames
>>>> that have "." in them. In the example below, I was trying to
>>>> label "runSeed.sh", so maybe the fact that it has a "." in it
>>>> broke the labeling ?
>>> Yes sometimes you need to escape dots
>>>
>>> the matchpathcon should expose that
>> Thanks a bunch - I got things working by removing the "." in the
>> filename and rerunning sepolgen on the new file.
>>
>> Support on this mailing list rocks! Michael
>>
> Could you attach the policy that was generated with the . in the file
> name?  Also what version of sepolgen were you using?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk4uu3EACgkQrlYvE4MpobPdIQCg37LrYJdCJa6mlalIINwXRMQg
> krwAmwa0hIugnwbXksiDThEvDG6CMLQG
> =Hyxr
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


-- 
Michael Atighetchi
Senior Scientist
Raytheon BBN Technologies
617-873-1679
matighet at bbn.com

More information about the selinux mailing list