Many XFCE4 helper applications are located in /usr/lib locations. This patch
marks those helpers as bin_t.
Recursively marking the directories bin_t does not work properly as these
locations also contain actual libraries.
Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/kernel/corecommands.fc | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 3fae11a..54caebe 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -226,6 +226,15 @@ ifdef(`distro_gentoo',`
/usr/lib(64)?/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/vte/gnome-pty-helper -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/session/xfsm-shutdown-helper -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/session/balou-export-theme -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/session/balou-install-theme -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/xfwm4/helper-dialog -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/xfconf/xfconfd -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/panel/wrapper -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0
/usr/lib(64)?/debug/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
--
1.7.3.4
On 08/23/11 06:51, Sven Vermeulen wrote:
> Many XFCE4 helper applications are located in /usr/lib locations. This patch
> marks those helpers as bin_t.
>
> Recursively marking the directories bin_t does not work properly as these
> locations also contain actual libraries.
>
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> policy/modules/kernel/corecommands.fc | 9 +++++++++
> 1 files changed, 9 insertions(+), 0 deletions(-)
>
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index 3fae11a..54caebe 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -226,6 +226,15 @@ ifdef(`distro_gentoo',`
> /usr/lib(64)?/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0)
> /usr/lib(64)?/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
> /usr/lib(64)?/vte/gnome-pty-helper -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/session/xfsm-shutdown-helper -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/session/balou-export-theme -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/session/balou-install-theme -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/xfwm4/helper-dialog -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/xfconf/xfconfd -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/panel/wrapper -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0
>
> /usr/lib(64)?/debug/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
> /usr/lib(64)?/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
Merged. I rearraged the lines and fixed the last context as its missing
a ")".
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com