How to change the default context for files in the home directory

Daniel J Walsh dwalsh at redhat.com
Fri Apr 27 20:45:51 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/27/2012 04:10 PM, goeran at uddeborg.se wrote:
> I'm trying to set up F17 SELinux to accept the Swedish electronic identity
> system called "BankID".  I had it working under F16 with only a few file
> context specifications for its libraries.  (They need textrel_shlib_t).
> But it seems like the policy has been tightened up a bit in F17, which made
> some more tunings necessary.  And I fail on one of them.
> 
> This thing runs as a browser plugin, which starts a program, and creates a
> few files in the user's home directory.  My question is how to define the
> context for these files.  BankID creates a file called 
> ".personal-<username>" and a directory tree ".personal/...".  I added a
> file context like this with semanage:
> 
> /home/[^/]*/\.personal.*       all files
> system_u:object_r:mozilla_home_t:s0
> 
> After relabeling things in the .personal tree gets the mozilla_home_t, but
> the file .personal-<username> directly in the home directory doesn't.  If
> it exists, it gets the right context when I do restorecon.  But it is
> created and removed each time the plugin is run, and the next time the file
> is created, it gets user_home_dir_t. Which the plugin in the
> mozilla_plugin_t context isn't allowed to access, of course.
> 
> What am I doing wrong?
> 
> 
> 
> -- selinux mailing list selinux at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/selinux


Can you get .personal-username into the .personal directory?


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk+bBX8ACgkQrlYvE4MpobMJhwCffx6MsUWlL5a4K2PJTnq9v8EK
NIsAoMta+36PoL+iW/7n+P8KIRHkyw45
=rS4l
-----END PGP SIGNATURE-----


More information about the selinux mailing list