[refpolicy] Questions about genfscon

Haiqing Jiang hqjiang1988 at gmail.com
Mon Jul 9 13:35:28 CDT 2012


Hi all,

Thanks for reading this email. I have a quick question about the syntax of
"genfscon".
I want to re-label some files' context under /proc directory. From current
implementation I can find that
all the contexts under /proc using genfscon syntax in the file of
"ocontext". Then I tried the following cases,
and the confusions are coming:

Case 1: I imitated the labeling syntax in the file of "ocontext", like:
genfscon proc /XXX u:object_r:xxx:s0;
The contexts are changed after re-built. (Working fine)
Case 2: I didn't modify in the "ocontext" file, instead I modify in the
file of "file_context", like: genfscon proc /XXX u:object_r:xxx:s0; It
doesn't work. I cannot find the new contexts. (Not working)
Case 3: I didn't modify in the "ocontext" file, instead I modify in the
file of "file_context" and without using genfscon syntax, like: /proc/XXX
u:object_r:xxx:s0; It doesn't work. I cannot find the new contexts. (Not
working)
Case 4: I didn't modify in the "ocontext" file, instead I modify in the
file of "sepolicy.fc" under /device/samsung/tuna/ and using "genfscon"
syntax and regular label syntax, like: genfscon proc /XXX u:object_r:xxx:s0
and /proc/XXX u:object_r:xxx:s0; They don't work. I cannot find the new
contexts. (Not working)

In all, the only way I can do is to label /proc files contexts in the file
of "ocontext" and to use "genfscon" syntax.
Could someone explain the reasons? Thanks a lot.

-- 
-----------------------------------
Haiqing Jiang, PH.D student

Computer Science Department, North Carolina State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20120709/79d0ddb2/attachment.html 


More information about the refpolicy mailing list