* Linux sandbox and the -i option
@ 2016-03-01 13:31 Bill
2016-03-02 13:53 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Bill @ 2016-03-01 13:31 UTC (permalink / raw)
To: selinux
Is anyone else having issues with the
% sandbox -i [path]
not working? What happens is the context is incorrectly done.
%ls -Zd /tmp/.sandbox_home_[whatever]
gives
unconfined_u:object_r:sandbox_file_t:s0:cxx,cyyy .
BUT
%ls -Z [path] is
gives
unconfined_u:object_r:mozilla_home_t:s0 [path]
This causes all sorts of read/write issues.
I guess I can write a script to do the
chcon, but that is a bit painful and you have to hunt
for the correct sandbox directory (not optimal at all).
Any suggestions?
--
William Chimiak
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Linux sandbox and the -i option
2016-03-01 13:31 Linux sandbox and the -i option Bill
@ 2016-03-02 13:53 ` Stephen Smalley
2016-03-03 12:52 ` Miroslav Grepl
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2016-03-02 13:53 UTC (permalink / raw)
To: w.chimiak, selinux
On 03/01/2016 08:31 AM, Bill wrote:
> Is anyone else having issues with the
> % sandbox -i [path]
> not working? What happens is the context is incorrectly done.
>
> %ls -Zd /tmp/.sandbox_home_[whatever]
> gives
> unconfined_u:object_r:sandbox_file_t:s0:cxx,cyyy .
> BUT
> %ls -Z [path] is
> gives
> unconfined_u:object_r:mozilla_home_t:s0 [path]
>
> This causes all sorts of read/write issues.
>
> I guess I can write a script to do the
> chcon, but that is a bit painful and you have to hunt
> for the correct sandbox directory (not optimal at all).
>
> Any suggestions?
I think this is really a question for the fedora selinux list and/or a
redhat bugzilla, but regardless, you need to provide more information
(e.g. distro version, package version, etc).
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Linux sandbox and the -i option
2016-03-02 13:53 ` Stephen Smalley
@ 2016-03-03 12:52 ` Miroslav Grepl
0 siblings, 0 replies; 3+ messages in thread
From: Miroslav Grepl @ 2016-03-03 12:52 UTC (permalink / raw)
To: Stephen Smalley, w.chimiak, selinux
On 03/02/2016 02:53 PM, Stephen Smalley wrote:
> On 03/01/2016 08:31 AM, Bill wrote:
>> Is anyone else having issues with the
>> % sandbox -i [path]
>> not working? What happens is the context is incorrectly done.
>>
>> %ls -Zd /tmp/.sandbox_home_[whatever]
>> gives
>> unconfined_u:object_r:sandbox_file_t:s0:cxx,cyyy .
>> BUT
>> %ls -Z [path] is
>> gives
>> unconfined_u:object_r:mozilla_home_t:s0 [path]
>>
>> This causes all sorts of read/write issues.
>>
>> I guess I can write a script to do the
>> chcon, but that is a bit painful and you have to hunt
>> for the correct sandbox directory (not optimal at all).
>>
>> Any suggestions?
>
> I think this is really a question for the fedora selinux list and/or a
> redhat bugzilla, but regardless, you need to provide more information
> (e.g. distro version, package version, etc).
Yes, could you please ask on selinux@lists.fedoraproject.org with
package details?
Thank you.
>
>
> _______________________________________________
> Selinux mailing list
> Selinux@tycho.nsa.gov
> To unsubscribe, send email to Selinux-leave@tycho.nsa.gov.
> To get help, send an email containing "help" to
> Selinux-request@tycho.nsa.gov.
--
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-03-03 12:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-01 13:31 Linux sandbox and the -i option Bill
2016-03-02 13:53 ` Stephen Smalley
2016-03-03 12:52 ` Miroslav Grepl
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.