problems labeling files
Daniel J Walsh
dwalsh at redhat.com
Tue Jul 26 14:05:01 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/26/2011 09:53 AM, Michael Atighetchi wrote:
> Hi Daniel,
>
> I'm using sepolgen from policycoreutils-gui-2.0.85-28.fc14.x86_64.
>
> The policy file that I hand modified (and caused the labeling
> problems) was attached to the previous email.
>
> Note that sepolgen refuses to generate policies for files that have a
> "." in them, which seems like a pretty significant restriction.
>
> Here is the trace:
>
> [proxyuser at lime selinux]$ sepolgen -t 3
> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
>
> Name must be alpha numberic with no spaces.
>
> sepolgen [ -m ] [ -t type ] [ executable | Name ] valid Types:
>
> 0 Standard Init Daemon 1 DBUS System Daemon 2
> Internet Services Daemon 3 User Application 4 Web
> Application/Script (CGI) 5 Minimal X Windows User Role 6
> Minimal Terminal User Role 7 User Role 8 Admin User Role
> 10 Root Admin User Role 11 Sandbox [proxyuser at lime
> selinux]$
>
> So long Michael
>
>
> On 7/26/2011 3:04 PM, Daniel J Walsh wrote: On 07/26/2011 06:38 AM,
> Michael Atighetchi wrote:
>>>> On 7/26/2011 12:29 PM, Dominick Grift wrote:
>>>>> On Tue, 2011-07-26 at 12:28 +0200, Michael Atighetchi wrote:
>>>>>> One thing I realized using sepolgen is that it reject
>>>>>> filenames that have "." in them. In the example below, I
>>>>>> was trying to label "runSeed.sh", so maybe the fact that it
>>>>>> has a "." in it broke the labeling ?
>>>>> Yes sometimes you need to escape dots
>>>>>
>>>>> the matchpathcon should expose that
>>>> Thanks a bunch - I got things working by removing the "." in
>>>> the filename and rerunning sepolgen on the new file.
>>>>
>>>> Support on this mailing list rocks! Michael
>>>>
> Could you attach the policy that was generated with the . in the
> file name? Also what version of sepolgen were you using?
>> -- selinux mailing list selinux at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Try
sepolgen -n runseed -t 3
/home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
Usage command should mention this field
I will add a patch to output the following
# sepolgen -t 3
/home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
Name must be alpha numberic with no spaces. Consider using option "-n
MODULENAME"
sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
valid Types:
0 Standard Init Daemon
1 DBUS System Daemon
2 Internet Services Daemon
3 User Application
4 Web Application/Script (CGI)
5 Minimal X Windows User Role
6 Minimal Terminal User Role
7 User Role
8 Admin User Role
10 Root Admin User Role
11 Sandbox
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4uyY0ACgkQrlYvE4MpobMpLACeLHFoFlli+cqlCzR8B+q6x8Et
s7IAoMIpRLiPNyoktg1yWe4FMW6GJ8Jn
=eOTQ
-----END PGP SIGNATURE-----
More information about the selinux
mailing list