FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-26-2011, 02:12 PM
Michael Atighetchi
 
Default problems labeling files

On 7/26/2011 4:05 PM, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/26/2011 09:53 AM, Michael Atighetchi wrote:
>> Hi Daniel,
>>
>> I'm using sepolgen from policycoreutils-gui-2.0.85-28.fc14.x86_64.
>>
>> The policy file that I hand modified (and caused the labeling
>> problems) was attached to the previous email.
>>
>> Note that sepolgen refuses to generate policies for files that have a
>> "." in them, which seems like a pretty significant restriction.
>>
>> Here is the trace:
>>
>> [proxyuser@lime selinux]$ sepolgen -t 3
>> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
>>
>> Name must be alpha numberic with no spaces.
>>
>> sepolgen [ -m ] [ -t type ] [ executable | Name ] valid Types:
>>
>> 0 Standard Init Daemon 1 DBUS System Daemon 2
>> Internet Services Daemon 3 User Application 4 Web
>> Application/Script (CGI) 5 Minimal X Windows User Role 6
>> Minimal Terminal User Role 7 User Role 8 Admin User Role
>> 10 Root Admin User Role 11 Sandbox [proxyuser@lime
>> selinux]$
>>
>> So long Michael
>>
>>
>> On 7/26/2011 3:04 PM, Daniel J Walsh wrote: On 07/26/2011 06:38 AM,
>> Michael Atighetchi wrote:
>>>>> On 7/26/2011 12:29 PM, Dominick Grift wrote:
>>>>>> On Tue, 2011-07-26 at 12:28 +0200, Michael Atighetchi wrote:
>>>>>>> One thing I realized using sepolgen is that it reject
>>>>>>> filenames that have "." in them. In the example below, I
>>>>>>> was trying to label "runSeed.sh", so maybe the fact that it
>>>>>>> has a "." in it broke the labeling ?
>>>>>> Yes sometimes you need to escape dots
>>>>>>
>>>>>> the matchpathcon should expose that
>>>>> Thanks a bunch - I got things working by removing the "." in
>>>>> the filename and rerunning sepolgen on the new file.
>>>>>
>>>>> Support on this mailing list rocks! Michael
>>>>>
>> Could you attach the policy that was generated with the . in the
>> file name? Also what version of sepolgen were you using?
>>> -- selinux mailing list selinux@lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/selinux
>>
> Try
>
> sepolgen -n runseed -t 3
> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
>
> Usage command should mention this field
>
>
> I will add a patch to output the following
>
> # sepolgen -t 3
> /home/proxyuser/trunk/aps-base/crumple-zone/target/runSeed.sh
>
> Name must be alpha numberic with no spaces. Consider using option "-n
> MODULENAME"
>
> sepolgen [ -n moduleName ] [ -m ] [ -t type ] [ executable | Name ]
> valid Types:
>
> 0 Standard Init Daemon
> 1 DBUS System Daemon
> 2 Internet Services Daemon
> 3 User Application
> 4 Web Application/Script (CGI)
> 5 Minimal X Windows User Role
> 6 Minimal Terminal User Role
> 7 User Role
> 8 Admin User Role
> 10 Root Admin User Role
> 11 Sandbox
Got it - thanks.

Michael

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk4uyY0ACgkQrlYvE4MpobMpLACeLHFoFlli+c qlCzR8B+q6x8Et
> s7IAoMIpRLiPNyoktg1yWe4FMW6GJ8Jn
> =eOTQ
> -----END PGP SIGNATURE-----
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


--
Michael Atighetchi
Senior Scientist
Raytheon BBN Technologies
617-873-1679
matighet@bbn.com

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 03:57 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org