|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
I'm trying to set up F17 SELinux to accept the Swedish electronic identity system called "BankID". I had it working under F16 with only a few file context specifications for its libraries. (They need textrel_shlib_t). But it seems like the policy has been tightened up a bit in F17, which made some more tunings necessary. And I fail on one of them. This thing runs as a browser plugin, which starts a program, and creates a few files in the user's home directory. My question is how to define the context for these files. BankID creates a file called ".personal-<username>" and a directory tree ".personal/...". I added a file context like this with semanage: /home/[^/]*/\.personal.* all files system_u:object_r:mozilla_home_t:s0 After relabeling things in the .personal tree gets the mozilla_home_t, but the file .personal-<username> directly in the home directory doesn't. If it exists, it gets the right context when I do restorecon. But it is created and removed each time the plugin is run, and the next time the file is created, it gets user_home_dir_t. Which the plugin in the mozilla_plugin_t context isn't allowed to access, of course. What am I doing wrong?
Description: PGP signature
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
[Fedora Users] [Fedora Legacy] [Fedora Desktop] [Big List of Linux Books] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]