semanage syntax

[m.roth at 5-cent.us]

Daniel J Walsh wrote:
> On 07/16/2013 11:39 AM, m.roth at 5-cent.us wrote:
>> From: Daniel J Walsh <dwalsh at redhat.com> On 07/12/2013 11:41 AM,
>> m.roth at 5-cent.us wrote:
>>
>>> Something I have not yet found while googling: we have a package
>>> (bloody CA idiots) that has a directory with *both* executables and
libraries.
>>> I want to change only the .so's to textrel_shlib_t; I do not want to
>>> change the directory, or the executables. Pardon my ignorance of what I
>>> consider to be an obscure wildcard usage, but how do do this? I've tried
>>> semanage fcontext -a -t textrel_shlib_t
"/usr/local/opt/smwa/webagent/bin/*.so"
>> You need to use regular expressions.
>>
>> # semanage fcontext -a -t textrel_shlib_t
>> "/usr/local/opt/smwa/webagent/bin/.*\.so" # restorecon -R -v
>> /usr/local/opt/smwa
>>
>> Should work.
>>
>>> with and without parens around the asterisk, and around the last slash
>>> and the asterisk....
>>
>> Well... after seeing errors in /var/log/messages concerning my previous
>> tries, I looked in
>> /etc/selinux/targeted/contexts/files/file_contexts.local, and saw all of
>> them entered; I noted it was autogenerated by semanage. I did something
>> I'm sure is not approved, I just deleted all the previous attempts from
that
>> file. I then ran the command, as you have it, above, and that did *not*
>> work. One question: *will* it work if smwa is a symlink, not a hard full
>> path?
>>
> No restorecon will not follow the symlink.  Why not label the real path?

I was hoping, so that when they give us another edition of the thing, I'd
just have to run restorecon... but thanks *very* much. I gave the full
link, and it worked.
>
> If you want to work under the covers edit
>
> /etc/selinux/targeted/modules/active/file_contexts.local
>
> Which will copy over
>
> /etc/selinux/targeted/contexts/files/file_contexts.local
>
> on next update.

Ok. I was just trying to get rid of useless crap. Thanks again, Dan.

       mark