Announcement the se-sandbox-runner
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 30 20:07:43 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/30/2013 02:31 PM, Fl at sh wrote:
> On Fri, 30 Aug 2013 09:39:50 -0400 Daniel J Walsh <dwalsh at redhat.com>
> wrote:
>
>> Have not done it for a while. You have to label the home dir and tmp dir
>> with the same label as you are going to run. Then you might need an
>> improved type to get it to start.
>
> I`m done:
>
> # chcon -t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_HOME # chcon
> -t sandbox_file_t -l s0:c123,c456 /home/Flash/Example_TMP $ ls -Z . | grep
> 123 -rw-rw-r--. Flash Flash unconfined_u:object_r:user_home_t:s0 123
> drwxrwxr-x. Flash Flash unconfined_u:object_r:sandbox_file_t:s0:c123,c456
> Example_HOME drwxrwxr-x. Flash Flash
> unconfined_u:object_r:sandbox_file_t:s0:c123,c456 Example_TMP
>
> $ /usr/bin/sandbox -s -d 96 -l s0:c123,c456 -X -H /home/Flash/Example_HOME
> -T /home/Flash/Example_TMP -I
> /home/Flash/.config/se-sandbox-runner/tyututiu_90.included -W kwin -w
> 1000x700 -t sandbox_x_t -S
>
> blink X-window, then nothing... $
>
> What i do not so? And what this -- "an IMPROVED TYPE to get it to start" ?
>
Try it in permissive mode.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlIg+48ACgkQrlYvE4MpobP37ACgpYfQxX1Jx8zRKFPAwJYKC6vR
ZGEAoLFRyplUn3UkzKNuaREbZeBvPo+L
=sKr5
-----END PGP SIGNATURE-----
More information about the selinux
mailing list