diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
--- refpolicy-git-18012011/policy/modules/services/dbus.fc 2011-01-08 19:07:21.238740722 +0100
+++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc 2011-01-18 23:13:43.740999070 +0100
@@ -1,11 +1,24 @@
/etc/dbus-1(/.*)? gen_context(system_u:object_r:dbusd_etc_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
+
/usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
/var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-update/policy/modules/system/init.fc
--- refpolicy-git-18012011/policy/modules/system/init.fc 2011-01-08 19:07:21.350758412 +0100
+++ refpolicy-git-18012011-update/policy/modules/system/init.fc 2011-01-18 23:13:43.740999070 +0100
@@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
# /sbin
#
/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
+# because nowadays, /sbin/init is often a symlink to /sbin/upstart
+/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
ifdef(`distro_gentoo', `
/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
> --- refpolicy-git-18012011/policy/modules/services/dbus.fc 2011-01-08 19:07:21.238740722 +0100
> +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc 2011-01-18 23:13:43.740999070 +0100
> @@ -1,11 +1,24 @@
> /etc/dbus-1(/.*)? gen_context(system_u:object_r:dbusd_etc_t,s0)
>
> /bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
> /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
> /usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +/usr/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> +
I am not sure if labelling all these dbus_exec_t is a good idea or even
beneficial in any way
> /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
> /var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-update/policy/modules/system/init.fc
> --- refpolicy-git-18012011/policy/modules/system/init.fc 2011-01-08 19:07:21.350758412 +0100
> +++ refpolicy-git-18012011-update/policy/modules/system/init.fc 2011-01-18 23:13:43.740999070 +0100
> @@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
> # /sbin
> #
> /sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
> +# because nowadays, /sbin/init is often a symlink to /sbin/upstart
> +/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
>
> ifdef(`distro_gentoo', `
> /sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk09i/oACgkQMlxVo39jgT/NzgCfV//vFrkoXxFfZLjxaNhQonBq
jP0AoJ4hVYn7UUXi/uRsKFWVIAkIGomU
=EkxZ
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/24/2011 09:26 AM, Dominick Grift wrote:
> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
>> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
>> --- refpolicy-git-18012011/policy/modules/services/dbus.fc 2011-01-08 19:07:21.238740722 +0100
>> +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc 2011-01-18 23:13:43.740999070 +0100
>> @@ -1,11 +1,24 @@
>> /etc/dbus-1(/.*)? gen_context(system_u:object_r:dbusd_etc_t,s0)
>
>> /bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
>> /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
>> /usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +
>
> I am not sure if labelling all these dbus_exec_t is a good idea or even
> beneficial in any way
>
Definitely not.
>> /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>
>> /var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
>> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-update/policy/modules/system/init.fc
>> --- refpolicy-git-18012011/policy/modules/system/init.fc 2011-01-08 19:07:21.350758412 +0100
>> +++ refpolicy-git-18012011-update/policy/modules/system/init.fc 2011-01-18 23:13:43.740999070 +0100
>> @@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
>> # /sbin
>> #
>> /sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0)
>> +# because nowadays, /sbin/init is often a symlink to /sbin/upstart
>> +/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0)
>
>> ifdef(`distro_gentoo', `
>> /sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
>
>
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
>
_______________________________________________
refpolicy mailing list
refpolicy at oss.tresys.com
http://oss.tresys.com/mailman/listinfo/refpolicy
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk09kZYACgkQrlYvE4MpobNd1ACfWcH/QOjVkM2+puln2AJvaTye
07sAoNoOoWE6SK5ODGX1DwrMa5ibAxKi
=6QNt
-----END PGP SIGNATURE-----
On Mon, 24/01/2011 at 15.26 +0100, Dominick Grift wrote:
> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
> > --- refpolicy-git-18012011/policy/modules/services/dbus.fc 2011-01-08 19:07:21.238740722 +0100
> > +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc 2011-01-18 23:13:43.740999070 +0100
> > @@ -1,11 +1,24 @@
> > /etc/dbus-1(/.*)? gen_context(system_u:object_r:dbusd_etc_t,s0)
> >
> > /bin/dbus-daemon -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> >
> > /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> >
> > /usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-cleanup-sockets -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-launch -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-monitor -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-send -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-uuidgen -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-binding-tool -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +
>
> I am not sure if labelling all these dbus_exec_t is a good idea or even
> beneficial in any way
Yes, you are right. Only {/bin,/usr/bin}/dbus-daemon should be labelled
that way.
Will change it.
Regards,
Guido