Ygtjki

What mechanic is there to disable a threat instead of killing it?

Could the museum Saturn V's be refitted for one more flight?

How much of data wrangling is a data scientist's job?

How can I deal with my CEO asking me to hire someone with a higher salary than me, a co-founder?

What is a romance in Latin?

How seriously should I take size and weight limits of hand luggage?

How does a predictive coding aid in lossless compression?

In 'Revenger,' what does 'cove' come from?

Ambiguity in the definition of entropy

Determining Impedance With An Antenna Analyzer

Would Slavery Reparations be considered Bills of Attainder and hence Illegal?

Why didn't Miles's spider sense work before?

Extract rows of a table, that include less than x NULLs

Why would the Red Woman birth a shadow if she worshipped the Lord of the Light?

How do I gain back my faith in my PhD degree?

Valid term from quadratic sequence?

Method Does Not Exist error message

What exploit Are these user agents trying to use?

Examples of smooth manifolds admitting inbetween one and a continuum of complex structures

Personal Teleportation: From Rags to Riches

Which is the best way to check return result?

Expand and Contract

How could indestructible materials be used in power generation?

Apex Framework / library for consuming REST services

Is there a way to specify file name using wildcards in selinux type_transition rules?

What is the best way to learn SELinux?Can't add large number of rules to iptablesAre there issues concerning trustworthyness of selinux?Cannot run script using udev rulesSElinux config file missingcause of file i/o operation failure = -1 EACCES (Permission denied)CentOS 7: Nesting SELinux rulesSanest/safest way to allow root-owned/run script to access file in /root under selinuxSELinux file permissions historySELinux - workaround using audit2allow?

2

This kind of rules works perfect if filename matches exactly one specified at the end of rule, but not with wildcards.
The star in the example below does not work. Well, actually it does, but it is treated as a part of filename, not as a "regex"

module test 1.2;


require 
 type unconfined_t;
 type httpd_sys_rw_content_t;
 type usr_t;
 class file create;


type_transition unconfined_t usr_t:file httpd_sys_rw_content_t "test*";

linux selinux

share|improve this question

asked 2 days ago

Владимир ТюхтинВладимир Тюхтин

986

add a comment | 

2

This kind of rules works perfect if filename matches exactly one specified at the end of rule, but not with wildcards.
The star in the example below does not work. Well, actually it does, but it is treated as a part of filename, not as a "regex"

module test 1.2;


require 
 type unconfined_t;
 type httpd_sys_rw_content_t;
 type usr_t;
 class file create;


type_transition unconfined_t usr_t:file httpd_sys_rw_content_t "test*";

linux selinux

share|improve this question

asked 2 days ago

Владимир ТюхтинВладимир Тюхтин

986

add a comment | 

This kind of rules works perfect if filename matches exactly one specified at the end of rule, but not with wildcards.
The star in the example below does not work. Well, actually it does, but it is treated as a part of filename, not as a "regex"

module test 1.2;


require 
 type unconfined_t;
 type httpd_sys_rw_content_t;
 type usr_t;
 class file create;


type_transition unconfined_t usr_t:file httpd_sys_rw_content_t "test*";

linux selinux

share|improve this question

asked 2 days ago

Владимир ТюхтинВладимир Тюхтин

986

module test 1.2;


require 
 type unconfined_t;
 type httpd_sys_rw_content_t;
 type usr_t;
 class file create;


type_transition unconfined_t usr_t:file httpd_sys_rw_content_t "test*";

share|improve this question

asked 2 days ago

Владимир ТюхтинВладимир Тюхтин

986

share|improve this question

asked 2 days ago

Владимир ТюхтинВладимир Тюхтин

986

asked 2 days ago

Владимир ТюхтинВладимир Тюхтин

986

asked 2 days ago

Владимир ТюхтинВладимир Тюхтин

986

1 Answer
1

active

oldest

votes

3

It is not possible, as name transitions do not support wildcards/regular experissions. Red Hat documentation has a note regarding this:

Note that file name transition uses an exact match done by the strcmp() function. Use of regular expressions or wildcard characters is not considered.

share|improve this answer

answered 2 days ago

sebasthsebasth

8,72932450

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I removed my answer, as this one is more directly related to exactly what the OP was asking.
  
  – 0xSheepdog
  2 days ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f509894%2fis-there-a-way-to-specify-file-name-using-wildcards-in-selinux-type-transition-r%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

3

It is not possible, as name transitions do not support wildcards/regular experissions. Red Hat documentation has a note regarding this:

Note that file name transition uses an exact match done by the strcmp() function. Use of regular expressions or wildcard characters is not considered.

share|improve this answer

answered 2 days ago

sebasthsebasth

8,72932450

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I removed my answer, as this one is more directly related to exactly what the OP was asking.
  
  – 0xSheepdog
  2 days ago
  

  
  
  
  

add a comment | 

3

It is not possible, as name transitions do not support wildcards/regular experissions. Red Hat documentation has a note regarding this:

Note that file name transition uses an exact match done by the strcmp() function. Use of regular expressions or wildcard characters is not considered.

share|improve this answer

answered 2 days ago

sebasthsebasth

8,72932450

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I removed my answer, as this one is more directly related to exactly what the OP was asking.
  
  – 0xSheepdog
  2 days ago
  

  
  
  
  

add a comment | 

It is not possible, as name transitions do not support wildcards/regular experissions. Red Hat documentation has a note regarding this:

Note that file name transition uses an exact match done by the strcmp() function. Use of regular expressions or wildcard characters is not considered.

share|improve this answer

answered 2 days ago

sebasthsebasth

8,72932450

share|improve this answer

answered 2 days ago

sebasthsebasth

8,72932450

answered 2 days ago

sebasthsebasth

8,72932450

answered 2 days ago

sebasthsebasth

8,72932450