From: hqjiang1988@gmail.com (Haiqing Jiang) Date: Mon, 9 Jul 2012 11:35:28 -0700 Subject: [refpolicy] Questions about genfscon Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi all, Thanks for reading this email. I have a quick question about the syntax of "genfscon". I want to re-label some files' context under /proc directory. From current implementation I can find that all the contexts under /proc using genfscon syntax in the file of "ocontext". Then I tried the following cases, and the confusions are coming: Case 1: I imitated the labeling syntax in the file of "ocontext", like: genfscon proc /XXX u:object_r:xxx:s0; The contexts are changed after re-built. (Working fine) Case 2: I didn't modify in the "ocontext" file, instead I modify in the file of "file_context", like: genfscon proc /XXX u:object_r:xxx:s0; It doesn't work. I cannot find the new contexts. (Not working) Case 3: I didn't modify in the "ocontext" file, instead I modify in the file of "file_context" and without using genfscon syntax, like: /proc/XXX u:object_r:xxx:s0; It doesn't work. I cannot find the new contexts. (Not working) Case 4: I didn't modify in the "ocontext" file, instead I modify in the file of "sepolicy.fc" under /device/samsung/tuna/ and using "genfscon" syntax and regular label syntax, like: genfscon proc /XXX u:object_r:xxx:s0 and /proc/XXX u:object_r:xxx:s0; They don't work. I cannot find the new contexts. (Not working) In all, the only way I can do is to label /proc files contexts in the file of "ocontext" and to use "genfscon" syntax. Could someone explain the reasons? Thanks a lot. -- ----------------------------------- Haiqing Jiang, PH.D student Computer Science Department, North Carolina State University -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20120709/79d0ddb2/attachment.html