Hello.
The following "patch on patch", improves the current version of the file_contexts.subs_dist comments recently added by a v1 patch:
Improve the comment at the top of the configuration file file_contexts.subs_dist.
A name change might be considered too, if it proves to lead to further
confusion.
There might be pieces of documentation that could benefit from similar
disambiguations.
A manual page (userspace) is missing (one could easily be created by
linking from file_contexts.5).
Signed-off-by: Guido Trentalancia <[email protected]>
---
config/file_contexts.subs_dist | 20 +++++++++++++++-----
1 file changed, 15 insertions(+), 5 deletions(-)
--- refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
+++ refpolicy-08092012-file_contexts.subs_dist-comment-v2/config/file_contexts.subs_dist 2012-08-20 13:18:35.568288286 +0200
@@ -1,12 +1,22 @@
-# This file can is used to configure base path aliases as in:
+# This file can be optionally used to configure base path aliases
+# for directories as in:
#
-# /aliased_path /original_path_as_configured_in_file_contexts
+# /aliased_path /original_path_as_configured_in_file_contexts
#
# where original_path_as_configured_in_file_contexts is a base
-# path being used in the main file_contexts configuration file.
+# path being used in the file_contexts SELinux policy configuration
+# file.
#
-# It does not perform substitutions as done by sed(1), for
-# example, but aliasing.
+# It does not perform substitutions as done by sed(1), for example,
+# but aliasing (or in other words it creates equivalences between
+# different base directories).
+#
+# With reference to the example syntax shown above, /aliased_path and
+# all files and directories located under it will be labelled exactly
+# as /original_path_as_configured_in_file_contexts and all files and
+# directories located under it.
+#
+# See file_contexts(5) for further information.
#
/lib32 /lib
/lib64 /lib
>On Tue, Aug 14, 2012 at 08:03:58AM -0400, Christopher J. PeBenito wrote:
>> On 08/10/12 09:13, Guido Trentalancia wrote:
>> > Add a comment at the top of the configuration file file_contexts.subs_dist
>> > to clarify that it performs aliasing and not substitutions in the
>> > strict sense of the word.
>> >
>> > A name change might be considered too, if it proves to lead to further
>> > confusion.
>> >
>> > There might be pieces of documentation that could benefit from similar
>> > considerations.
>> >
>> > Also note that a specific manual page is missing.
>> >
>> > Signed-off-by: Guido Trentalancia <[email protected]>
>> > ---
>> > config/file_contexts.subs_dist | 10 ++++++++++
>> > 1 file changed, 10 insertions(+)
>> >
>> > diff -pruN refpolicy-08092012/config/file_contexts.subs_dist refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist
>> > --- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
>> > +++ refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
>> > @@ -1,3 +1,13 @@
>> > +# This file can is used to configure base path aliases as in:
>> > +#
>> > +# /aliased_path /original_path_as_configured_in_file_contexts
>> > +#
>> > +# where original_path_as_configured_in_file_contexts is a base
>> > +# path being used in the main file_contexts configuration file.
>> > +#
>> > +# It does not perform substitutions as done by sed(1), for
>> > +# example, but aliasing.
>> > +#
>> > /lib32 /lib
>> > /lib64 /lib
>> > /run /var/run
>>
>> Merged.
>
>This seems to break policycoreutils:
>
># semanage fcontext -l
>/usr/sbin/semanage: too many values to unpack (expected 2)
>
>Undoing the comment change fixes things again.
At the moment, I can't check the git tree, but if the above means that it has been reverted from the official refpolicy development tree, then here is the full patch (v2) to be applied again from scratch (as soon as userspace has committed the semanage fix):
Add a comment at the top of the configuration file file_contexts.subs_dist
to clarify that it performs aliasing and not substitutions in the
strict sense of the word.
A name change might be considered too, if it proves to lead to further
confusion.
There might be pieces of documentation that could benefit from similar
disambiguations.
A manual page (userspace) is missing (one could easily be created by
linking from file_contexts.5).
Signed-off-by: Guido Trentalancia <[email protected]>
---
config/file_contexts.subs_dist | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
--- refpolicy-08092012/config/file_contexts.subs_dist 2012-06-21 20:10:29.011803405 +0200
+++ refpolicy-08092012-file_contexts.subs_dist-comment-v2/config/file_contexts.subs_dist 2012-08-20 13:18:35.568288286 +0200
@@ -1,3 +1,23 @@
+# This file can be optionally used to configure base path aliases
+# for directories as in:
+#
+# /aliased_path /original_path_as_configured_in_file_contexts
+#
+# where original_path_as_configured_in_file_contexts is a base
+# path being used in the file_contexts SELinux policy configuration
+# file.
+#
+# It does not perform substitutions as done by sed(1), for example,
+# but aliasing (or in other words it creates equivalences between
+# different base directories).
+#
+# With reference to the example syntax shown above, /aliased_path and
+# all files and directories located under it will be labelled exactly
+# as /original_path_as_configured_in_file_contexts and all files and
+# directories located under it.
+#
+# See file_contexts(5) for further information.
+#
/lib32 /lib
/lib64 /lib
/run /var/run
Regards,
Guido
On 08/20/12 06:28, Guido Trentalancia wrote:
> Hello.
>
> The following "patch on patch", improves the current version of the file_contexts.subs_dist comments recently added by a v1 patch:
>
> Improve the comment at the top of the configuration file file_contexts.subs_dist.
>
> A name change might be considered too, if it proves to lead to further
> confusion.
>
> There might be pieces of documentation that could benefit from similar
> disambiguations.
>
> A manual page (userspace) is missing (one could easily be created by
> linking from file_contexts.5).
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> config/file_contexts.subs_dist | 20 +++++++++++++++-----
> 1 file changed, 15 insertions(+), 5 deletions(-)
>
> --- refpolicy-08092012-file_contexts.subs_dist-comment/config/file_contexts.subs_dist 2012-08-10 17:01:36.045451839 +0200
> +++ refpolicy-08092012-file_contexts.subs_dist-comment-v2/config/file_contexts.subs_dist 2012-08-20 13:18:35.568288286 +0200
> @@ -1,12 +1,22 @@
> -# This file can is used to configure base path aliases as in:
> +# This file can be optionally used to configure base path aliases
> +# for directories as in:
> #
> -# /aliased_path /original_path_as_configured_in_file_contexts
> +# /aliased_path /original_path_as_configured_in_file_contexts
> #
> # where original_path_as_configured_in_file_contexts is a base
> -# path being used in the main file_contexts configuration file.
> +# path being used in the file_contexts SELinux policy configuration
> +# file.
> #
> -# It does not perform substitutions as done by sed(1), for
> -# example, but aliasing.
> +# It does not perform substitutions as done by sed(1), for example,
> +# but aliasing (or in other words it creates equivalences between
> +# different base directories).
> +#
> +# With reference to the example syntax shown above, /aliased_path and
> +# all files and directories located under it will be labelled exactly
> +# as /original_path_as_configured_in_file_contexts and all files and
> +# directories located under it.
> +#
> +# See file_contexts(5) for further information.
> #
> /lib32 /lib
> /lib64 /lib
This isn't applying for me.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com