• Ivan Gyurdiev <ivg2@cornell.edu> [2005-01-13 01:14]:
  > What about a tool that creates a hybrid type on demand, and stores that
  > information in the policy?
  >
  > createcon samba_httpd_content_t --inherit
  > samba_share_t httpd_sys_content_t
  > chcon -R samba_httpd_content_t ~/webserver
  

This seems very useful. I have experimented a bit with this idea this evening; the resulting script is attached. It takes a policy.conf and outputs a new type (plus corresponding rules). The script is not perfect because it parses the policy.conf itself, but it should work for almost all file_types.

You will still need policy sources, but you won't need to go through all sources to find the appropriate rules, the following should do the trick (not tested):

# cd /etc/selinux/strict/src/policy
# make policy.conf
# createcon samba_httpd_content_t samba_share_t httpd_sys_content_t < policy.conf >> domains/misc/local.te
# make reload

Thomas

-- 
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA  D09E C562 2BAE B2F4 ABE7





--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



text/plain attachment: createcon



application/pgp-signature attachment: Digital signature