• 1

Re: Can you target a single executable with a local policy?

Thanks for the quick response!

Yes, I accept that making PATHTOLIB textrel_shlib_t would solve the situation, but: 1) PATHTOLIB is supplied by a prominent commercial software company and I wouldn't like to tinker with their libraries for fear it would break their executables, which seem to operate fine without the need for textrel_shlib_t'ing their own libraries; 2) well, it's THEIR software and I don't want to change their installation anyway; and 3) if I disinstalled their software after doing the semanage fcontext, presumably the file context information relating to PATHTOLIB would be orphaned and not cleaned up.

So, I would like to stick to policies strictly related to my own executables and their installation and deinstallation scripts.

What would your third option look like, when applied only to my executable or directory of executables? How does a file or path name get entered into the .te file? Would I have to make my own MYEXECUTABLE_t type or category and thus have to supply more than just a simple .te file?

Peter K.

  • 1

Log in