On Thu, Jan 19, 2012 at 7:01 PM, Dominick Grift <dominick.grift@gmail.com> wrote:
On Thu, 2012-01-19 at 14:58 +0530, Nabeel Moidu wrote:
> Hi
>
>
> Can the file context specification recursively assign contexts when
> using regex ?
>
>
> Eg. I have
> a/b/c/d
>
>
> and if I specify in selinuxrule.fc
>
>
> a* gen_context(system_u
bject_r:myapp_exec_t)
>
>
> Will this apply to only files under a or files under a/b, a/b/c and
> a/b/c/d etc. also ?
>
Have a look at source file contexts file to get an impression of how to
use regular expressions.
for example:
http://git.fedorahosted.org/git/?p=selinux-policy.git;a=blob;f=policy/modules/system/miscfiles.fc;h=88fc786b6e22b08bf49e81257d1e4c2f393 2ca52;hb=b246ab21a38788b0ca014ddede8fa4c64bace103
To apply myapp_exec_t to only files under /a and below, i think this
would work:
/a(/.*)? -- gen_context(system_u
bject_r:myapp_exec_t,s0)
The "/a(/.*)?" means "/a and everything below it (recursive)"
The -- means "applies only to files"
-- files
-d directories
-s sock files
-c charachter files
-b block files
.. etc
Perfectly clear. Thanks a lot.*
BTW your videos on youtube are excellent. Thanks for the effort.*
if you dont specify the object class where the spec should apply to then
it applies to any object class
Have a look at examples:
semanage fcontext -l | less
I hope this helps
>
> --
> Thanks and Regards
> Nabeel Moidu
>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
--
Thanks and Regards
Nabeel Moidu
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
FC recursive directories
