We're forced to use Siteminder, by CA, who have no clue what they're
doing
in *nix. No packages, tarballs...
Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin (all
their binaries, including .so's, are in there, duh... I'm trying to set
the .so's to lib_t.
semanage -fcontext -a -t lib_t
"/<elided>/smwa/webagent/bin(/.*).so"
gives me the completely unexpected response of
semanage: error: argument subcommand: invalid choice: 'lib_t' (choose
from
'import', 'export', 'login', 'user',
'port', 'ibpkey', 'ibendport',
'interface', 'module', 'node', 'fcontext',
'boolean', 'permissive',
'dontaudit')
What am I doing wrong?
mark
On May 8, 2019, at 9:31 AM, mark <m.roth at 5-cent.us> wrote:> > semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so?[snip]> What am I doing wrong?-fcontext isn?t an option, it?s a verb; drop the dash. Also, I?m confused by the parens in your file path. Whether your shell is or not is a different question.
Warren Young wrote:> On May 8, 2019, at 9:31 AM, mark <m.roth at 5-cent.us> wrote: > >> semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so? > > [snip] > >> What am I doing wrong? >><snip>> Also, I?m confused by the parens in your file path. Whether your shell > is or not is a different question.I'm following the manpage, semanage-fcontext, example as much as possible. EXAMPLE remember to run restorecon after you set the file context Add file-context for everything under /web # semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?" # restorecon -R -v /web If semanage worked "normally", I'd have been able to do semanage fcontext -m -t lib_t "/path/smwa/webagent/bin/*.so" Hmmm, didn't complain when I did that... but they're still bin_t, not lib_t. On the selinux list, I was asked for the context of the directory, which is bin_t, which might be correct... if the idiots of CA had a ./lib directory, which they do not. Windows turkeys.... mark mark