Hi all,
I have a directory which is set to label its contents with a particular label, and I have a file within this directory that is set to receive a different label. If this file is deleted, and a new file with the same name is created, the new file receives the label from the parent directory instead of its correct label. If I relabel the filesystem, the file gets the correct label, but I would like to have it labeled correctly when it is created. Is this possible?
Thanks in advance, Ken.
On Wed, Jun 22, 2011 at 5:24 PM, mantaray_1 mantaray_1@cox.net wrote:
Hi all,
I have a directory which is set to label its contents with a particular label, and I have a file within this directory that is set to receive a different label. If this file is deleted, and a new file with the same name is created, the new file receives the label from the parent directory instead of its correct label. If I relabel the filesystem, the file gets the correct label, but I would like to have it labeled correctly when it is created. Is this possible?
Thanks in advance, Ken.
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Not unless the creating app calls setfscreatecon with the context you'd like them to be prior to creating the file.
Ted
Ted Toth wrote:
On Wed, Jun 22, 2011 at 5:24 PM, mantaray_1 mantaray_1@cox.net wrote:
Hi all,
I have a directory which is set to label its contents with a
particular
label, and I have a file within this directory that is set to receive
a
different label. If this file is deleted, and a new file with the
same
name is created, the new file receives the label from the parent directory instead of its correct label. If I relabel the filesystem, the file gets the correct label, but I would like to have it labeled correctly when it is created. Is this possible?
Thanks in advance, Ken.
Not unless the creating app calls setfscreatecon with the context you'd like them to be prior to creating the file.
Ted
You can relabel the file itself after creation: "restorecon <filename>" or have restorecond watch for the file's creation. See "man restorecond".
Moray. To err is human; to purr, feline.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 04:21 AM, Moray Henderson wrote:
Ted Toth wrote:
On Wed, Jun 22, 2011 at 5:24 PM, mantaray_1 mantaray_1@cox.net wrote:
Hi all,
I have a directory which is set to label its contents with a
particular
label, and I have a file within this directory that is set to receive
a
different label. If this file is deleted, and a new file with the
same
name is created, the new file receives the label from the parent directory instead of its correct label. If I relabel the filesystem, the file gets the correct label, but I would like to have it labeled correctly when it is created. Is this possible?
Thanks in advance, Ken.
Not unless the creating app calls setfscreatecon with the context you'd like them to be prior to creating the file.
Ted
You can relabel the file itself after creation: "restorecon <filename>" or have restorecond watch for the file's creation. See "man restorecond".
Moray. ?To err is human; to purr, feline.?
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Read
http://danwalsh.livejournal.com/43170.html
Regards to all I want to build a policy for PgPool-II, a connection pooler and load balancer application for PostgreSQL and I heard that Tresys has a poweful Eclipse-based IDE for this Where I can find it and download it?
Thanks a lot for your time
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 04:17 PM, Marcos Ortiz wrote:
Regards to all I want to build a policy for PgPool-II, a connection pooler and load balancer application for PostgreSQL and I heard that Tresys has a poweful Eclipse-based IDE for this Where I can find it and download it?
Thanks a lot for your time
yum install eclipse-slide
Dominick, Are using Fedora 15? I using it too but many of my colleagues use Ubuntu and Debian like development environments, for that reason I´m looking the Eclipse plugin to give it to them.
El 6/23/2011 10:45 AM, Dominick Grift escribió:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 04:17 PM, Marcos Ortiz wrote:
Regards to all I want to build a policy for PgPool-II, a connection pooler and load balancer application for PostgreSQL and I heard that Tresys has a poweful Eclipse-based IDE for this Where I can find it and download it?
Thanks a lot for your time
yum install eclipse-slide -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk4DUYYACgkQMlxVo39jgT+omQCfZR3NtdUcyrmG85SLksLX9G3b EvYAnAzG6QwnDl7FremkefymFZZ0QUuF =H4ra
-----END PGP SIGNATURE-----
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 04:51 PM, Marcos Ortiz wrote:
Dominick, Are using Fedora 15? I using it too but many of my colleagues use Ubuntu and Debian like development environments, for that reason I´m looking the Eclipse plugin to give it to them.
As far as i know buntu also has it packaged.
But i guess you can also get it here:
http://oss.tresys.com/projects/slide
Marcos,
For Fedora your best bet it to use yum to install.
For Ubuntu your best bet is it follow the instructions on http://oss.tresys.com/projects/slide/wiki/download under the section 'Using the Eclipse Update Site', but having said that, there are some differences on Ubuntu about where some packages are compared to Fedora and it will probably NOT work directly. I have gotten SLIDE to work on ubuntu but it took some work. I think the biggest thing was the setools eclipse package (required by SLIDE) looks for the setools stuff in /usr/lib (or /usr/lib64) but it is somewhere else on Ubuntu. You will see some broken symlinks for the files that can't be found (libjapol.so, libjpoldiff.so, libjqpol.so and libjseaudit.so) where the setools plugin is installed.
I'm not sure this is very clear, but give it a try and if you need assistance feel free to ask.
Dave Sugar dsugar@tresys.com
-----Original Message----- From: selinux-bounces@lists.fedoraproject.org [mailto:selinux-bounces@lists.fedoraproject.org] On Behalf Of Dominick Grift Sent: Thursday, June 23, 2011 10:52 AM To: Marcos Ortiz Cc: selinux@lists.fedoraproject.org Subject: Re: SLIDE download
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 04:51 PM, Marcos Ortiz wrote:
Dominick, Are using Fedora 15? I using it too but many of my colleagues use Ubuntu and Debian like development environments, for that reason I´m looking the Eclipse plugin to give it to them.
As far as i know buntu also has it packaged.
But i guess you can also get it here:
http://oss.tresys.com/projects/slide
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
OK, then the best way to use SLIDE is using Fedora. Well, I have to convince to the other security engineers to use Fedora like me. Thanks a lot for the answers.
El 6/23/2011 11:20 AM, David Sugar escribió:
Marcos,
For Fedora your best bet it to use yum to install.
For Ubuntu your best bet is it follow the instructions on http://oss.tresys.com/projects/slide/wiki/download under the section 'Using the Eclipse Update Site', but having said that, there are some differences on Ubuntu about where some packages are compared to Fedora and it will probably NOT work directly. I have gotten SLIDE to work on ubuntu but it took some work. I think the biggest thing was the setools eclipse package (required by SLIDE) looks for the setools stuff in /usr/lib (or /usr/lib64) but it is somewhere else on Ubuntu. You will see some broken symlinks for the files that can't be found (libjapol.so, libjpoldiff.so, libjqpol.so and libjseaudit.so) where the setools plugin is installed.
I'm not sure this is very clear, but give it a try and if you need assistance feel free to ask.
Dave Sugar dsugar@tresys.com
-----Original Message----- From: selinux-bounces@lists.fedoraproject.org [mailto:selinux-bounces@lists.fedoraproject.org] On Behalf Of Dominick Grift Sent: Thursday, June 23, 2011 10:52 AM To: Marcos Ortiz Cc: selinux@lists.fedoraproject.org Subject: Re: SLIDE download
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 04:51 PM, Marcos Ortiz wrote:
Dominick, Are using Fedora 15? I using it too but many of my colleagues use Ubuntu and Debian like development environments, for that reason I´m looking the Eclipse plugin to give it to them.
As far as i know buntu also has it packaged.
But i guess you can also get it here:
http://oss.tresys.com/projects/slide
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk4DUywACgkQMlxVo39jgT84PgCdG+qbBahPBuImkkuNeS6d1Yj0 xZUAoJ0/ZAf+ZbQsHKKFUlhPP0zegSl5 =ZgwG
-----END PGP SIGNATURE-----
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 05:43 PM, Marcos Ortiz wrote:
OK, then the best way to use SLIDE is using Fedora. Well, I have to convince to the other security engineers to use Fedora like me. Thanks a lot for the answers.
I use SLIDE most of the time for policy development as well but just for the record: Eclipse SLIDE is not required.
You can do it just as easily with your favourite text editor and some grepping.
SLIDE does help me write policy more efficient, and for me its not just SLLDE that is beneficial its the whole Eclipse suite, git integrated, python, bash.
But the more one gets familiar with policy the less beneficial SLIDE gets. SLIDE helps identify typos and syntax errors because of its highlighting features. So if i am unsure whether i am typing some interface call properly then highlighting will allow me to determine that quickly.
But once you know all or most of the interfaces then using a simple text editor gets more interesting since vi is almost everywhere available.
The filter functions, declaration window, policy browser and search functionality is also nice, but for me the highlighting has proven the most handy (its just more efficient to write policy correct the first time instead of writing what you think is right the first time around, then trying to build it, and fix subsequent syntax and other errors.)
On 06/23/2011 11:26 AM, Dominick Grift wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/23/2011 05:43 PM, Marcos Ortiz wrote:
OK, then the best way to use SLIDE is using Fedora. Well, I have to convince to the other security engineers to use Fedora like me. Thanks a lot for the answers.
I use SLIDE most of the time for policy development as well but just for the record: Eclipse SLIDE is not required.
I know that it is not required, but is more easy to me to collaborate with my colleagues that they all are Eclipse´s fans (like me)
You can do it just as easily with your favourite text editor and some grepping.
SLIDE does help me write policy more efficient, and for me its not just SLLDE that is beneficial its the whole Eclipse suite, git integrated, python, bash.
That´s another good reason to use it, because I use Python, R, Java and Bash on my daily work, and if it can integrate it with SELinux, better.
But the more one gets familiar with policy the less beneficial SLIDE gets. SLIDE helps identify typos and syntax errors because of its highlighting features. So if i am unsure whether i am typing some interface call properly then highlighting will allow me to determine that quickly.
We are out of time and SLIDE can help us to work more quickly and efficiently.
But once you know all or most of the interfaces then using a simple text editor gets more interesting since vi is almost everywhere available.
That´s the second step for us, because all servers that we manage doesn´t have graphical interface, so, we use Vim for these tasks too
The filter functions, declaration window, policy browser and search functionality is also nice, but for me the highlighting has proven the most handy (its just more efficient to write policy correct the first time instead of writing what you think is right the first time around, then trying to build it, and fix subsequent syntax and other errors.)
Good, if you need any help on the development, it´s a interesting project to work. Regards
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk4DYkgACgkQMlxVo39jgT/fgACePkvskj3N4IDFHuS7zBnk01NE vAwAni32Wead3mxkNevk02LA4f7VpUiD =5OMR -----END PGP SIGNATURE-----
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
David Sugar -
Dominick Grift -
mantaray_1 -
Marcos Ortiz Valmaseda -
Moray Henderson -
Ted Toth