From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 29 Jul 2009 15:28:52 -0400 Subject: [refpolicy] Debian puts alsa config files in a different location In-Reply-To: <87my77kwaz.fsf@anzu.internal.golden-gryphon.com> References: <87hbxwjvc7.fsf@anzu.internal.golden-gryphon.com> <1247575831.31521.40.camel@gorn.columbia.tresys.com> <87my77kwaz.fsf@anzu.internal.golden-gryphon.com> Message-ID: <1248895734.24705.10.camel@gorn> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2009-07-14 at 12:29 -0500, Manoj Srivastava wrote: > On Tue, Jul 14 2009, Christopher J. PeBenito wrote: > > > On Wed, 2009-07-01 at 11:07 -0400, Manoj Srivastava wrote: > > > > This doesn't apply. The var line doesn't seem necessary since there is > > a /var/lib/alsa(/.*) line upstream. Can you update and check to see if > > that works? > > > > In this case, I'd keep the /usr/share/alsa lines you want to add in a > > distro_debian since they seem to be an odd location for a rw config > > file. > > This is against refpolicy git as of this morning. Merged. A couple comments inline. > diff --git a/policy/modules/admin/alsa.fc b/policy/modules/admin/alsa.fc > index 545a817..a534b56 100644 > --- a/policy/modules/admin/alsa.fc > +++ b/policy/modules/admin/alsa.fc > @@ -1,9 +1,15 @@ > /bin/alsaunmute -- gen_context(system_u:object_r:alsa_exec_t,s0) > > -/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) > -/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) > -/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) > -/etc/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) > +/etc/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) > +/etc/asound(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) > +ifdef(`distro_debian', ` > +/var/lib/alsa/asound\.state gen_context(system_u:object_r:alsa_etc_rw_t,s0) I removed this last line since there is a /var/lib/alsa(/.*)? later in the file. That line is alsa_var_lib_t, but it has a similar amount of access. > +/usr/share/alsa/alsa\.conf gen_context(system_u:object_r:alsa_etc_rw_t,s0) Should this be a file only? > +/usr/share/alsa/pcm(/.*)? gen_context(system_u:object_r:alsa_etc_rw_t,s0) > +', ` > +/etc/alsa/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) > +/etc/asound\.state -- gen_context(system_u:object_r:alsa_etc_rw_t,s0) I put these two lines back in the global scope, in case debian users happen to use these old (more common?) locations. > +') > > /sbin/alsactl -- gen_context(system_u:object_r:alsa_exec_t,s0) > /sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0) Also, check your whitespace; this patch replaced tabs with spaces. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150