[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SELinux log
|
From: |
Ricardo Wurmus |
|
Subject: |
Re: SELinux log |
|
Date: |
Thu, 13 Jun 2019 20:52:30 +0200 |
|
User-agent: |
mu4e 1.2.0; emacs 26.2 |
Laura Lazzati <address@hidden> writes:
>> What is the file name of “guix” when running in permissive mode? We
>> need to know this to adjust the policy.
>>
> After running `which guix` I get:
> /usr/local/bin/guix
> I tried to add another label for it but it didn't work. I was going to ask
> you for a good tutorial for writing the policies but I have just found
> https://github.com/SELinuxProject/cil/wiki, I will read it the next days :)
>
> I am attaching the diff file.
Thanks! (Please use “diff -u” in the future; it’s clearer when you’re
used to git diffs.)
I see this:
< (filecon "@storedir@/.../bin/guix"
< file (system_u object_r guix_client_exec_t (low low)))
And that’s not right because "@storedir@/.../bin/guix" is not a correct
file name pattern. That’s why I wrote that these names need to be
checked and can’t be used as is.
Is /usr/local/bin/guix a link? What about what “guix pull” installs?
These will be used by people, so our policy needs to cover them.
--
Ricardo
- Re: SELinux log, (continued)
- Re: SELinux log, Ricardo Wurmus, 2019/06/11
- Re: SELinux log, Laura Lazzati, 2019/06/11
- Re: SELinux log, Ricardo Wurmus, 2019/06/12
- Re: SELinux log, Laura Lazzati, 2019/06/12
- Re: SELinux log, Ricardo Wurmus, 2019/06/12
- Re: SELinux log, Laura Lazzati, 2019/06/12
- Re: SELinux log, Ricardo Wurmus, 2019/06/12
- Re: SELinux log, Laura Lazzati, 2019/06/12
- Re: SELinux log, Ricardo Wurmus, 2019/06/13
- Re: SELinux log, Laura Lazzati, 2019/06/13
- Re: SELinux log,
Ricardo Wurmus <=
- Re: SELinux log, Laura Lazzati, 2019/06/14
- Re: SELinux log, Laura Lazzati, 2019/06/16
- Re: SELinux log, Ricardo Wurmus, 2019/06/16
- Re: SELinux log, Laura Lazzati, 2019/06/16