-----BEGIN PGP SIGNED MESSAGE-----
On 04/27/2012 04:10 PM, email@example.com wrote:
> I'm trying to set up F17 SELinux to accept the Swedish electronic identity
> system called "BankID". I had it working under F16 with only a few file
> context specifications for its libraries. (They need textrel_shlib_t).
> But it seems like the policy has been tightened up a bit in F17, which made
> some more tunings necessary. And I fail on one of them.
> This thing runs as a browser plugin, which starts a program, and creates a
> few files in the user's home directory. My question is how to define the
> context for these files. BankID creates a file called
> ".personal-<username>" and a directory tree ".personal/...". I added a
> file context like this with semanage:
> /home/[^/]*/.personal.* all files
> After relabeling things in the .personal tree gets the mozilla_home_t, but
> the file .personal-<username> directly in the home directory doesn't. If
> it exists, it gets the right context when I do restorecon. But it is
> created and removed each time the plugin is run, and the next time the file
> is created, it gets user_home_dir_t. Which the plugin in the
> mozilla_plugin_t context isn't allowed to access, of course.
> What am I doing wrong?
> -- selinux mailing list firstname.lastname@example.org
Can you get .personal-username into the .personal directory?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
selinux mailing list