SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Research Skip Research Menus Research Menu Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: idea: setfiles to exclude specific type This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] From: Yuichi Nakamura <himainu-ynakam_at_miomio.jp> Date: Mon, 22 Nov 2004 12:58:00 -0500 Daniel J Walsh wrote: > Is there any way we could get a list of "variable policy" from the > loaded context? Or should we write a file with this in it. Yes, I think we have to prepare file where list is described. fixfiles will read the file and pass the list to setfiles. > IE, It would be nice to create an attribute (save_context???) That we > could assign to a file context, and have setfiles/restorcon ignore if a > file is se to this context? So httpd_???_context_rw_t, gpg_t, > ssh_key_t, user_tmp_t and others could be ignored if setfiles comes upon > them on a relabel or check? > I guess we could populate a context file via a grep during policy build. That sounds a good idea. I may be misunderstanding, to make sure, I will write flow. In policy.conf, type ssh_key_t, file_type, sysadmfile, save_context; type gpg_key_t, file_type, sysadmfile, save_context; ..etc are described. When "make", types that have "save_context" is written in somewhere (like, /etc/selinux/targeted\|strict/save_contexts). And fixfiles is executed with some option(like fixfiles -x) it reads save_contexts file. In fixfiles, setfiles will be executed like following, setfiles file_contexts / -x ssh_key_t -x gpg_key_t -x .... --- Yuichi Nakamura Japan SELinux Users Group(JSELUG) $B!!!!(Bhttp://www.selinux.gr.jp/ -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. Received on Mon 22 Nov 2004 - 12:58:31 EST This message: [ Message body ] Next message: Colin Walters: "Re: idea: setfiles to exclude specific type" Previous message: Daniel J Walsh: "Re: idea: setfiles to exclude specific type" In reply to: Daniel J Walsh: "Re: idea: setfiles to exclude specific type" Next in thread: Colin Walters: "Re: idea: setfiles to exclude specific type" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom