2017-08-17 06:22:35

by Nicolas Iooss

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] Add "/usr/(.*/)?bin(/.*)?" pattern back

Commit 2e7553db639b ("Create / to /usr equivalence for bin, sbin, and
lib, from Russell Coker.") removed from corecommands.fc:

/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)

Consequently files like /usr/x86_64-w64-mingw32/bin/objdump get labeled
as usr_t:

$ matchpathcon /usr/x86_64-w64-mingw32/bin/objdump
/usr/x86_64-w64-mingw32/bin/objdump system_u:object_r:usr_t

Make such files labeled as bin_t again.
---
policy/modules/kernel/corecommands.fc | 1 +
1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index ce4218fed6dd..6573d890d941 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -135,6 +135,7 @@ ifdef(`distro_gentoo',`
# /usr
#
/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
--
2.14.1


2017-08-19 16:03:45

by Chris PeBenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] Add "/usr/(.*/)?bin(/.*)?" pattern back

On 08/17/2017 02:22 AM, Nicolas Iooss via refpolicy wrote:
> Commit 2e7553db639b ("Create / to /usr equivalence for bin, sbin, and
> lib, from Russell Coker.") removed from corecommands.fc:
>
> /usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
>
> Consequently files like /usr/x86_64-w64-mingw32/bin/objdump get labeled
> as usr_t:
>
> $ matchpathcon /usr/x86_64-w64-mingw32/bin/objdump
> /usr/x86_64-w64-mingw32/bin/objdump system_u:object_r:usr_t
>
> Make such files labeled as bin_t again.
> ---
> policy/modules/kernel/corecommands.fc | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index ce4218fed6dd..6573d890d941 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -135,6 +135,7 @@ ifdef(`distro_gentoo',`
> # /usr
> #
> /usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
> +/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
> /usr/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)

Merged.

--
Chris PeBenito