On Fri, Sep 21, 2018 at 7:21 AM Ted Toth <txt...@gmail.com> wrote: > > On Fri, Sep 21, 2018 at 3:58 AM Petr Lautrbach <plaut...@redhat.com> > wrote: > >> >> Ted Toth <txt...@gmail.com> writes: >> >> > I have something very much like the following in an fc file: >> > /usr/lib64/python2\.(6|7)/site-packages/xyz/paste -- >> > gen_context(system_u:object_r:jxyz_exec_t,s0) >> > >> > and I use the same file on el6 and el7. On el6 the file is >> > labeled as >> > specified in the python2.6 directory. However on el7 where the >> > file gets >> > installed into python2.7 the file is not labeled correctly. On >> > el7 >> > `semanage fcontext -l | grep xyz` shows the file context >> > expected but >> > `matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste` does >> > not return >> > the expected context and `restorecon -RFv >> > /usr/lib64/python2.7/site-packages/xyz` has no affect. The type >> > xyz_exec_t >> > exists on both systems. It's probably something stupid I'm doing >> > but I'm >> > just not seeing it. Has anyone else experienced similar issues? >> > >> >> There's equivalency rule /usr/lib64 -> /usr/lib on el7: >> >> # semanage fcontext -a -t tmp_t >> '/usr/lib64/python2\.(6|7)/site-packages/xyz/paste' >> >> ValueError: File spec >> /usr/lib64/python2\.(6|7)/site-packages/xyz/paste conflicts with >> equivalency rule '/usr/lib64 /usr/lib'; Try adding >> '/usr/lib/python2\.(6|7)/site-packages/xyz/paste' instead >> >> >> # semanage fcontext -a -t tmp_t >> '/usr/lib/python2\.(6|7)/site-packages/xyz/paste' >> >> # matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste >> /usr/lib64/python2.7/site-packages/xyz/paste >> system_u:object_r:tmp_t:s0 >> >> >> Petr >> > > Thanks, where is this equivalency rule defined/documented? >
/usr/lib(64)?/python... doesn't work either how can I make it backward compatible?
_______________________________________________ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
