problems labeling files

Daniel J Walsh dwalsh at redhat.com
Tue Jul 26 14:05:01 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/26/2011 09:53 AM, Michael Atighetchi wrote:
> Hi Daniel,
> 
> I'm using sepolgen from policycoreutils-gui-2.0.85-28.fc14.x86_64.
> 
> The policy file that I hand modified (and caused the labeling
> problems) was attached to the previous email.
> 
> Note that sepolgen refuses to generate policies for files that have a
>  "." in them, which seems like a pretty significant restriction.
> 
> Here is the trace:
> 
> [proxyuser at lime selinux]$ sepolgen -t 3 
> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
> 
> Name must be alpha numberic with no spaces.
> 
> sepolgen [ -m ] [ -t type ] [ executable | Name ] valid Types:
> 
> 0       Standard Init Daemon 1       DBUS System Daemon 2
> Internet Services Daemon 3       User Application 4       Web
> Application/Script (CGI) 5       Minimal X Windows User Role 6
> Minimal Terminal User Role 7       User Role 8       Admin User Role 
> 10      Root Admin User Role 11      Sandbox [proxyuser at lime
> selinux]$
> 
> So long Michael
> 
> 
> On 7/26/2011 3:04 PM, Daniel J Walsh wrote: On 07/26/2011 06:38 AM,
> Michael Atighetchi wrote:
>>>> On 7/26/2011 12:29 PM, Dominick Grift wrote:
>>>>> On Tue, 2011-07-26 at 12:28 +0200, Michael Atighetchi wrote:
>>>>>> One thing I realized using sepolgen is that it reject
>>>>>> filenames that have "." in them. In the example below, I
>>>>>> was trying to label "runSeed.sh", so maybe the fact that it
>>>>>> has a "." in it broke the labeling ?
>>>>> Yes sometimes you need to escape dots
>>>>> 
>>>>> the matchpathcon should expose that
>>>> Thanks a bunch - I got things working by removing the "." in
>>>> the filename and rerunning sepolgen on the new file.
>>>> 
>>>> Support on this mailing list rocks! Michael
>>>> 
> Could you attach the policy that was generated with the . in the
> file name?  Also what version of sepolgen were you using?
>> -- selinux mailing list selinux at lists.fedoraproject.org 
>> https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
Try

sepolgen -n runseed -t 3
/home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh

Usage command should mention this field


I will add a patch to output the following

# sepolgen -t 3
/home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh

Name must be alpha numberic with no spaces. Consider using option "-n
MODULENAME"

sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
valid Types:

	0	Standard Init Daemon
	1	DBUS System Daemon
	2	Internet Services Daemon
	3	User Application
	4	Web Application/Script (CGI)
	5	Minimal X Windows User Role
	6	Minimal Terminal User Role
	7	User Role
	8	Admin User Role
	10	Root Admin User Role
	11	Sandbox

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4uyY0ACgkQrlYvE4MpobMpLACeLHFoFlli+cqlCzR8B+q6x8Et
s7IAoMIpRLiPNyoktg1yWe4FMW6GJ8Jn
=eOTQ
-----END PGP SIGNATURE-----

More information about the selinux mailing list