problems labeling files
Michael Atighetchi
matighet at bbn.com
Tue Jul 26 13:53:08 UTC 2011
Hi Daniel,
I'm using sepolgen from policycoreutils-gui-2.0.85-28.fc14.x86_64.
The policy file that I hand modified (and caused the labeling problems)
was attached to the previous email.
Note that sepolgen refuses to generate policies for files that have a
"." in them, which seems like a pretty significant restriction.
Here is the trace:
[proxyuser at lime selinux]$ sepolgen -t 3
/home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
Name must be alpha numberic with no spaces.
sepolgen [ -m ] [ -t type ] [ executable | Name ]
valid Types:
0 Standard Init Daemon
1 DBUS System Daemon
2 Internet Services Daemon
3 User Application
4 Web Application/Script (CGI)
5 Minimal X Windows User Role
6 Minimal Terminal User Role
7 User Role
8 Admin User Role
10 Root Admin User Role
11 Sandbox
[proxyuser at lime selinux]$
So long
Michael
On 7/26/2011 3:04 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/26/2011 06:38 AM, Michael Atighetchi wrote:
>> On 7/26/2011 12:29 PM, Dominick Grift wrote:
>>> On Tue, 2011-07-26 at 12:28 +0200, Michael Atighetchi wrote:
>>>> One thing I realized using sepolgen is that it reject filenames
>>>> that have "." in them. In the example below, I was trying to
>>>> label "runSeed.sh", so maybe the fact that it has a "." in it
>>>> broke the labeling ?
>>> Yes sometimes you need to escape dots
>>>
>>> the matchpathcon should expose that
>> Thanks a bunch - I got things working by removing the "." in the
>> filename and rerunning sepolgen on the new file.
>>
>> Support on this mailing list rocks! Michael
>>
> Could you attach the policy that was generated with the . in the file
> name? Also what version of sepolgen were you using?
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk4uu3EACgkQrlYvE4MpobPdIQCg37LrYJdCJa6mlalIINwXRMQg
> krwAmwa0hIugnwbXksiDThEvDG6CMLQG
> =Hyxr
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Michael Atighetchi
Senior Scientist
Raytheon BBN Technologies
617-873-1679
matighet at bbn.com
More information about the selinux
mailing list