How to change the default context for files in the home directory
goeran at uddeborg.se
goeran at uddeborg.se
Fri Apr 27 20:10:17 UTC 2012
I'm trying to set up F17 SELinux to accept the Swedish electronic
identity system called "BankID". I had it working under F16 with only
a few file context specifications for its libraries. (They need
textrel_shlib_t). But it seems like the policy has been tightened up
a bit in F17, which made some more tunings necessary. And I fail on
one of them.
This thing runs as a browser plugin, which starts a program, and
creates a few files in the user's home directory. My question is how
to define the context for these files. BankID creates a file called
".personal-<username>" and a directory tree ".personal/...". I added
a file context like this with semanage:
/home/[^/]*/\.personal.* all files system_u:object_r:mozilla_home_t:s0
After relabeling things in the .personal tree gets the mozilla_home_t,
but the file .personal-<username> directly in the home directory
doesn't. If it exists, it gets the right context when I do
restorecon. But it is created and removed each time the plugin is
run, and the next time the file is created, it gets user_home_dir_t.
Which the plugin in the mozilla_plugin_t context isn't allowed to
access, of course.
What am I doing wrong?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120427/cc94a86d/attachment.sig>
More information about the selinux
mailing list