But, what does -- stands for, in regular Linux admin work ? I will forget it easily.
Or am I dumb fool not knowing Linux commands?
2009/4/20 Daniel J Walsh dwalsh@redhat.com:
On 04/20/2009 08:47 AM, Shintaro Fujiwara wrote:
Here it is , sir...
Well, actually I'm trying to write my segatex policy. /usr/bin/segatex is actually link to /usr/bin/consolehelper
In my INSTALL script I declared, ################################## ln -s /usr/bin/consolehelper /usr/bin/segatex ##################################
I've been running my program in unconfined domain for several years, but I want to confine it now. So, I tried to label segatex_exec_t to /usr/bin/segatex.
Made it fine, install all-right.
I could find segatex module, you know... But alas, I could not restorecon nor autorelabel.
Why?
# segatex executable will have: # label: system_u:object_r:segatex_exec_t # MLS sensitivity: s0 # MCS categories:<none>
/usr/bin/segatex -- gen_context(system_u:object_r:segatex_exec_t,s0) /usr/share/segatex(/.*)? -- gen_context(system_u:object_r:segatex_etc_t,s0)
The -- tells the system to only label standard files with the segatext label.
If you eliminate "--" it will match everything. If you want to match only symbolic links you would use "-l", Directories "-d". The same symbols that ls uses at the begining of a ls line.
2009/4/20 Daniel J Walshdwalsh@redhat.com:
On 04/20/2009 08:32 AM, Shintaro Fujiwara wrote:
I wrote a policy which declares some label to symbolic link, and I restoreconed, but failed ?
Am I stupid or what should I do to this ?
Thanks.
What does you fc file look like?