[systemd-devel] SELinux type transition rule not working
Ian Pilcher
arequipeno at gmail.com
Fri Mar 3 15:36:48 UTC 2017
On 03/02/2017 12:12 AM, Jason Zaman wrote:
> On Wed, Mar 01, 2017 at 05:51:01PM -0600, Ian Pilcher wrote:
>> On 03/01/2017 05:28 PM, Ian Pilcher wrote:
>>> Per Lennart's response, systemd *should* be honoring the file context
>>> rules when creating the directory. It's almost as if the directory is
>>> being created with the proper context, but something is changing it
>>> after the fact. I have absolutely no idea what that might be, though.
>
> Try using auditd to get details on everything going on in there:
> auditctl -w /var/run/squoxy -p rwa -k watchsquoxy
>
> then start things up and get everything matching with:
> ausearch -k watchsquoxy
And wouldn't you know ... I can't reproduce the behavior now. Sheesh!
Must be one of these fancy new quantum computers. (Something about
rebooting 3 times comes to mind.)
> also, not sure if it was just weirdness in your email formatting, but
> you dont need the ^ at the front of an fcontext:
> ^/var/run/squoxy
Does SELinux add an implicit ^ at the beginning of each expression?
Otherwise, wouldn't /run/squoxy(/.*)? also match /foo/run/squoxy? (Not
necessarily likely, but ...)
--
========================================================================
Ian Pilcher arequipeno at gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
More information about the systemd-devel
mailing list