Hi,
Thanx for the mail .. i have corrected the problem using audit2allow .. basically the domain needed permissions to access file-system.
Could you please help in this case .. I am struck in kernel space get/setxattrs (FC3-2.6.8-541 fs=etx3)
Should there be a difference between using user-space and kernel-space get/setxattrs to get/set file xattrs ...
I have some trouble with using inode->i_op->get/setxattrs ...
i getxattr from /home and set it to /var/home using inode operations and get this -
ls -Zd /home /var/home drwxr-xr-x+ root root system_u:object_r:home_root_t /home/ drwxr-xr-x+ root root system_u:object_r:home_root_t /var/home/
perfect till now .. but now when i try and create files inside /var/home they get the "root:object_r:var_t" unlike /home where i get "root:object_r:user_home_dir_t" :-(
and on the contrary if i create /var/home and tag with "home_root_t" using setfiles it works perfectly fine ... any clues
I cant use user-space get/setxattr coz I am writing a overlay file-system ... so ....
Does selinux intercept (and probably note down ) get/setxattrs syscalls or any of the type_tranistions.
any suggestions ....
Jaspreet Singh
jaspreet, hi,
it sounds like you're endeavouring to do _exactly_ what i have been trying to do: making a filesystem simultaneously available at a second location.
realistically, you will need to examine types/files.fc and modify genhomedircon.
i recommend you cut/paste genhomedircon's use of HOME_ROOT and HOME_DIR to create a second set of macro substitutions VIRTUAL_HOME_ROOT and VIRTUAL_HOME_DIR.
then, cut/paste the three or so lines in types/files.fc that use HOME_ROOT and HOME_DIR, prepending VIRTUAL_ in the right places.
and you make sure that genhomedircon prepends /var/ whereever the new substitutions VIRTUAL_ are used.
in this way, you will end up with a file_contexts that has double-entries for /home and /var/home.
alternatively, ignore the above and hack genhomedircon to double-output its lines: outputting both a line for /home and also an identical context line for /var/home.
what _i_ did was restrict the system to only having one user: therefore i can get away with using fusexmp to proxy mount /home/sez to /Documents.
therefore, in the file contexts, i can get away without having to hack genhomedircon, i can just add a hacked-up entry like this files/misc/hack.sez.fc:
/Documents sez:object_r:user_t.
l.
On Tue, Nov 02, 2004 at 12:21:45PM +0530, Jaspreet Singh wrote:
Hi,
Thanx for the mail .. i have corrected the problem using audit2allow .. basically the domain needed permissions to access file-system.
Could you please help in this case .. I am struck in kernel space get/setxattrs (FC3-2.6.8-541 fs=etx3)
Should there be a difference between using user-space and kernel-space get/setxattrs to get/set file xattrs ...
I have some trouble with using inode->i_op->get/setxattrs ...
i getxattr from /home and set it to /var/home using inode operations and get this -
ls -Zd /home /var/home drwxr-xr-x+ root root system_u:object_r:home_root_t /home/ drwxr-xr-x+ root root system_u:object_r:home_root_t /var/home/
perfect till now .. but now when i try and create files inside /var/home they get the "root:object_r:var_t" unlike /home where i get "root:object_r:user_home_dir_t" :-(
and on the contrary if i create /var/home and tag with "home_root_t" using setfiles it works perfectly fine ... any clues
I cant use user-space get/setxattr coz I am writing a overlay file-system ... so ....
Does selinux intercept (and probably note down ) get/setxattrs syscalls or any of the type_tranistions.
any suggestions ....
Jaspreet Singh
selinux@lists.fedoraproject.org