FC recursive directories

[Nabeel Moidu]

On Thu, Jan 19, 2012 at 7:01 PM, Dominick Grift <dominick.grift at gmail.com>wrote:

> On Thu, 2012-01-19 at 14:58 +0530, Nabeel Moidu wrote:
> > Hi
> >
> >
> > Can the file context specification recursively assign contexts when
> > using regex ?
> >
> >
> > Eg. I have
> > a/b/c/d
> >
> >
> > and if I specify in selinuxrule.fc
> >
> >
> > a* gen_context(system_u:object_r:myapp_exec_t)
> >
> >
> > Will this apply to only files under a or files under a/b, a/b/c and
> > a/b/c/d etc. also ?
> >
>
> Have a look at source file contexts file to get an impression of how to
> use regular expressions.
>
> for example:
>
> http://git.fedorahosted.org/git/?p=selinux-policy.git;a=blob;f=policy/modules/system/miscfiles.fc;h=88fc786b6e22b08bf49e81257d1e4c2f3932ca52;hb=b246ab21a38788b0ca014ddede8fa4c64bace103
>
> To apply myapp_exec_t to only files under /a and below, i think this
> would work:
>
> /a(/.*)? -- gen_context(system_u:object_r:myapp_exec_t,s0)
>
> The "/a(/.*)?" means "/a and everything below it (recursive)"
> The -- means "applies only to files"
>
> -- files
> -d directories
> -s sock files
> -c charachter files
> -b block files
> .. etc
>
> Perfectly clear. Thanks a lot.

BTW your videos on youtube are excellent. Thanks for the effort.


> if you dont specify the object class where the spec should apply to then
> it applies to any object class
>
> Have a look at examples:
> semanage fcontext -l | less
>
> I hope this helps
>
> >
> > --
> > Thanks and Regards
> > Nabeel Moidu
> >
> >
> > --
> > selinux mailing list
> > selinux at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux




-- 
Thanks and Regards
Nabeel Moidu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/selinux/attachments/20120119/c1385058/attachment.html>