> On 09/17/12 07:45, Laurent Bigonville wrote:
>> From: Laurent Bigonville <[email protected]>
>>
>> ---
>> policy/modules/system/miscfiles.fc | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
>> index fe3427d..9116567 100644
>> --- a/policy/modules/system/miscfiles.fc
>> +++ b/policy/modules/system/miscfiles.fc
>> @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',`
>> /etc/httpd/alias/[^/]*.db(.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)
>> /etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
>> /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
>> +/etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0)
>> /etc/timezone -- gen_context(system_u:object_r:locale_t,s0)
>>
>> ifdef(`distro_redhat',`
>> @@ -43,6 +44,7 @@ ifdef(`distro_redhat',`
>>
>> /usr/man(/.*)? gen_context(system_u:object_r:man_t,s0)
>>
>> +/usr/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
>> /usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
>> /usr/share/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
>> /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
> Merged.
I was wondering whether the above entries should perhaps be added with an ifdef(distro_debian) ?
They are not the default locations for the OpenSSL project as far as I remember...
Regards,
Guido
On Tue, 2012-10-09 at 14:03 +0200, Guido Trentalancia wrote:
> > On 09/17/12 07:45, Laurent Bigonville wrote:
> >> From: Laurent Bigonville <[email protected]>
> >>
> >> ---
> >> policy/modules/system/miscfiles.fc | 2 ++
> >> 1 file changed, 2 insertions(+)
> >>
> >> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> >> index fe3427d..9116567 100644
> >> --- a/policy/modules/system/miscfiles.fc
> >> +++ b/policy/modules/system/miscfiles.fc
> >> @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',`
> >> /etc/httpd/alias/[^/]*.db(.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)
> >> /etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
> >> /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
> >> +/etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0)
> >> /etc/timezone -- gen_context(system_u:object_r:locale_t,s0)
> >>
> >> ifdef(`distro_redhat',`
> >> @@ -43,6 +44,7 @@ ifdef(`distro_redhat',`
> >>
> >> /usr/man(/.*)? gen_context(system_u:object_r:man_t,s0)
> >>
> >> +/usr/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0)
> >> /usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
> >> /usr/share/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
> >> /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
>
> > Merged.
>
> I was wondering whether the above entries should perhaps be added with an ifdef(distro_debian) ?
>
> They are not the default locations for the OpenSSL project as far as I remember...
We decided that if the location is not in use by something else in other
distros that it should be added unconditional
> Regards,
>
> Guido
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy