SELinux: How to add a new security context?

Question

I'm new to SELinux and am trying to add a new security context (label) to test denial. To do this, I try changing a filew to a new context:

chcon -t new_t test

But it fails with "Invalid argument". How do I add the new type "new_t"?

chcon can only apply existing contexts to the file. – Petter H Aug 22 '13 at 19:10 — Petter H, Aug 22 '13 at 19:10

score 3 · Accepted Answer · answered Aug 22 '13 at 20:10

An example for how to create a new type is at http://fedoraproject.org/wiki/PackagingDrafts/SELinux#Creating_new_types

Once you have build the module (make -f /usr/share/selinux/devel/Makefile) and inserted it into SELinux (semodule -i foobar.pp) then you can chcon -t foobar_t test.

SELinux: How to add a new security context?

1 Answers1