On Wed, 2009-06-17 at 22:37 +0100, mike cloaked wrote:
If you have generated local selinux policy using semanage fcontext for specific files or directories in F10, is there now a recommended way to automate retrieval of these and then create the same rule set for F11 after a clean F11 install?
I know that you can do # semanage fcontext -C -l and send the output to a file. This will generate lines such as SELinux fcontext type Context
/home/mike/.cxoffice(/.*)? all files system_u:object_r:textrel_shlib_t:s0 /home/mike/.cxoffice/dotwine/drive_c/Windows/System/SHLWAPI.DLL all files system_u:object_r:textrel_shlib_t:s0 /home/mike/.cxoffice/dotwine/drive_c/Windows/System/ole32.dll all files system_u:object_r:textrel_shlib_t:s0 /home/mike/.wine(/.*)? all files system_u:object_r:textrel_shlib_t:s0
However I guess that saving this will still not allow these rules to be written back to the new system in an automated way unless a script is written to parse the lines and create a set of new selinux fcontext lines that will create each local rule with something like: semanage fcontext -a -t textrel_shlib_t /home/mike/.cxoffice(/.*)? with one for each original line in the output generated from the old system before it was replaced?
If there is a cleaner way to achieve this I would like to hear about it?
That's come up before, but no one has implemented --export and --import options as far as I know.
So I think the only way to do it presently is to manually copy the /etc/selinux/targeted/modules/active/file_contexts.local file from the F10 system to the F11 system, and then run semodule -B on the F11 system to force a policy store rebuild. Afterward, you should find it installed in /etc/selinux/targeted/contexts/files/file_contexts.local on the F11 system.