semanage syntax
Daniel J Walsh
dwalsh at redhat.com
Tue Jul 16 17:02:36 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/16/2013 11:39 AM, m.roth at 5-cent.us wrote:
> From: Daniel J Walsh <dwalsh at redhat.com> On 07/12/2013 11:41 AM,
> m.roth at 5-cent.us wrote:
>
>> Something I have not yet found while googling: we have a package (bloody
>> CA idiots) that has a directory with *both* executables and libraries. I
>> want to change only the .so's to textrel_shlib_t; I do not want to change
>> the directory, or the executables. Pardon my ignorance of what I consider
>> to be an obscure wildcard usage, but how do do this? I've tried semanage
>> fcontext -a -t textrel_shlib_t "/usr/local/opt/smwa/webagent/bin/*.so"
> You need to use regular expressions.
>
> # semanage fcontext -a -t textrel_shlib_t
> "/usr/local/opt/smwa/webagent/bin/.*\.so" # restorecon -R -v
> /usr/local/opt/smwa
>
> Should work.
>
>> with and without parens around the asterisk, and around the last slash
>> and the asterisk....
>
> Well... after seeing errors in /var/log/messages concerning my previous
> tries, I looked in
> /etc/selinux/targeted/contexts/files/file_contexts.local, and saw all of
> them entered; I noted it was autogenerated by semanage. I did something I'm
> sure is not approved, I just deleted all the previous attempts from that
> file. I then ran the command, as you have it, above, and that did *not*
> work. One question: *will* it work if smwa is a symlink, not a hard full
> path?
>
> mark
>
> -- selinux mailing list selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
No restorecon will not follow the symlink. Why not label the real path?
If you want to work under the covers edit
/etc/selinux/targeted/modules/active/file_contexts.local
Which will copy over
/etc/selinux/targeted/contexts/files/file_contexts.local
on next update.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlHlfKwACgkQrlYvE4MpobN6mgCfaNROJA7B6ckHJBPE7vw/lMY8
U5oAmgOoXazYnoOsoGEUSI51H2xmQF4v
=M74+
-----END PGP SIGNATURE-----
More information about the selinux
mailing list