LinuxLists.cc - [refpolicy] [PATCH] Systemd by version 231 starts using shared library and systemd daemons execute it. For this reason lib

2016-07-30 23:57:54

Subject: [refpolicy] [PATCH] Systemd by version 231 starts using shared library and systemd daemons execute it. For this reason lib_t type is needed.

---
policy/modules/system/libraries.fc | 2 ++
1 file changed, 2 insertions(+)

diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index b532946..c4971ab 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -148,6 +148,8 @@ ifdef(`distro_debian',`
/usr/lib/nvidia/libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/xorg/modules/glesx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)

+/usr/lib/systemd/libsystemd-shared-231\.so.* -- gen_context(system_u:object_r:lib_t,s0)
+
/usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
--
2.5.5

2016-07-31 02:55:41

by Russell Coker

[permalink] [raw]

Subject: [refpolicy] [PATCH] Systemd by version 231 starts using shared library and systemd daemons execute it. For this reason lib_t type is needed.

231 is the version number. Needs a numeric regex so the next version doesn't break.

On 31 July 2016 9:57:54 AM AEST, Lukas Vrabec <[email protected]> wrote:
>---
> policy/modules/system/libraries.fc | 2 ++
> 1 file changed, 2 insertions(+)
>
>diff --git a/policy/modules/system/libraries.fc
>b/policy/modules/system/libraries.fc
>index b532946..c4971ab 100644
>--- a/policy/modules/system/libraries.fc
>+++ b/policy/modules/system/libraries.fc
>@@ -148,6 +148,8 @@ ifdef(`distro_debian',`
>/usr/lib/nvidia/libGL(core)?\.so(\.[^/]*)*
>-- gen_context(system_u:object_r:textrel_shlib_t,s0)
>/usr/lib/xorg/modules/glesx\.so(\.[^/]*)*
>-- gen_context(system_u:object_r:textrel_shlib_t,s0)
>
>+/usr/lib/systemd/libsystemd-shared-231\.so.* --
>gen_context(system_u:object_r:lib_t,s0)
>+
>/usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
>/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>/usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)

--
Sent from my Nexus 6P with K-9 Mail.

2016-08-02 14:19:40

by Lukas Vrabec

[permalink] [raw]

Subject: [refpolicy] [PATCH] Systemd by version 231 starts using shared library and systemd daemons execute it. For this reason lib_t type is needed.

On 07/31/2016 04:55 AM, Russell Coker wrote:
> 231 is the version number. Needs a numeric regex so the next version doesn't break.
>
> On 31 July 2016 9:57:54 AM AEST, Lukas Vrabec <[email protected]> wrote:
>> ---
>> policy/modules/system/libraries.fc | 2 ++
>> 1 file changed, 2 insertions(+)
>>
>> diff --git a/policy/modules/system/libraries.fc
>> b/policy/modules/system/libraries.fc
>> index b532946..c4971ab 100644
>> --- a/policy/modules/system/libraries.fc
>> +++ b/policy/modules/system/libraries.fc
>> @@ -148,6 +148,8 @@ ifdef(`distro_debian',`
>> /usr/lib/nvidia/libGL(core)?\.so(\.[^/]*)*
>> -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>> /usr/lib/xorg/modules/glesx\.so(\.[^/]*)*
>> -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>>
>> +/usr/lib/systemd/libsystemd-shared-231\.so.* --
>> gen_context(system_u:object_r:lib_t,s0)
>> +
>> /usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0)
>> /usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>> /usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>

Yes.
You are right. I'll send new patch.

--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.