I have a requirement to rsync ALL files over to a newly mounted partition. the command is "rsync -AaXxH /home/snapshot/* /target/" I can get this to work in permissive, and with a bit of massaging. I can get an operational system that boots in enforcing on a new disk.
For the life of me I can't determine how I can gain access to copy and write all these files in enforcing.
I have included the simple rules like
files_read_all_files(), but it seems there must be an easier assured way of making sure I don't miss anything. It appears to me that not everyfile in the system is really labeled with the attribute file_type. Is there something I am missing on how to do this? Suggestions?
Nick
--
"THIS time it really is fixed. I mean, how many times can we get it wrong? At some point, we just have to run out of bad ideas.."
Linus Torvalds
Nickolas Gray nick@magitek.ltd
On May 29, 2009, at 10:50 PM, Nickolas Gray wrote:
I have a requirement to rsync ALL files over to a newly mounted partition. the command is "rsync -AaXxH /home/snapshot/* /target/" I can get this to work in permissive, and with a bit of massaging. I can get an operational system that boots in enforcing on a new disk.
For the life of me I can't determine how I can gain access to copy and write all these files in enforcing.
I have included the simple rules like
files_read_all_files(), but it seems there must be an easier assured way of making sure I don't miss anything. It appears to me that not everyfile in the system is really labeled with the attribute file_type. Is there something I am missing on how to do this? Suggestions?
From:
http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/modules/admin/...
... allow backup_t self:capability dac_override; ... files_read_all_files(backup_t) files_read_all_symlinks(backup_t) files_getattr_all_pipes(backup_t) files_getattr_all_sockets(backup_t) ...
joe
Already have these,
I believe my problems have to do with placing the files on the new disk. I am getting relabelto, relabelfrom, rename,add_name, remove_name, and setattr in my audit log On May 29, 2009, at 11:13 PM, Joe Nall wrote:
On May 29, 2009, at 10:50 PM, Nickolas Gray wrote:
I have a requirement to rsync ALL files over to a newly mounted partition. the command is "rsync -AaXxH /home/snapshot/* /target/" I can get this to work in permissive, and with a bit of massaging. I can get an operational system that boots in enforcing on a new disk.
For the life of me I can't determine how I can gain access to copy and write all these files in enforcing.
I have included the simple rules like
files_read_all_files(), but it seems there must be an easier assured way of making sure I don't miss anything. It appears to me that not everyfile in the system is really labeled with the attribute file_type. Is there something I am missing on how to do this? Suggestions?
From:
http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/modules/admin/...
... allow backup_t self:capability dac_override; ... files_read_all_files(backup_t) files_read_all_symlinks(backup_t) files_getattr_all_pipes(backup_t) files_getattr_all_sockets(backup_t) ...
joe
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
--
"THIS time it really is fixed. I mean, how many times can we get it wrong? At some point, we just have to run out of bad ideas.."
Linus Torvalds
Nickolas Gray nick@magitek.ltd
On May 30, 2009, at 6:20 AM, Nickolas Gray wrote:
Already have these,
I believe my problems have to do with placing the files on the new disk. I am getting relabelto, relabelfrom, rename,add_name, remove_name, and setattr in my audit log
look at the macros in /usr/share/selinux/devel/kernel/files.if
files_relabel_all_files
might help
joe
selinux@lists.fedoraproject.org
-
Joe Nall -
Nickolas Gray