From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Thu, 09 Sep 2010 09:06:43 -0400
Subject: [refpolicy] [seutil 1/1] Redhat does not store selinux
 utilities in	/usr.
In-Reply-To: <20100903154927.GA27693@localhost.localdomain>
References: <20100903154927.GA27693@localhost.localdomain>
Message-ID: <4C88DBE3.9010607@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/03/10 11:49, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>

They still are in /usr on RHEL5.  Also, this doesn't matter too much 
either way, since everything can search /usr due to libraries in /usr/lib.

> ---
> :100644 100644 cecca76... c071664... M	policy/modules/system/selinuxutil.if
>   policy/modules/system/selinuxutil.if |   47 ++++++++++++++++++++++++++-------
>   1 files changed, 37 insertions(+), 10 deletions(-)
>
> diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
> index cecca76..c071664 100644
> --- a/policy/modules/system/selinuxutil.if
> +++ b/policy/modules/system/selinuxutil.if
> @@ -1,4 +1,4 @@
> -##<summary>Policy for SELinux policy and userland applications.</summary>
> +##<summary>SELinux policy and userland applications.</summary>
>
>   #######################################
>   ##<summary>
> @@ -15,9 +15,12 @@ interface(`seutil_domtrans_checkpolicy',`
>   		type checkpolicy_t, checkpolicy_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	domtrans_pattern($1, checkpolicy_exec_t, checkpolicy_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
> @@ -63,9 +66,12 @@ interface(`seutil_exec_checkpolicy',`
>   		type checkpolicy_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	can_exec($1, checkpolicy_exec_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   #######################################
> @@ -167,9 +173,12 @@ interface(`seutil_domtrans_newrole',`
>   		type newrole_t, newrole_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	domtrans_pattern($1, newrole_exec_t, newrole_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
> @@ -216,9 +225,12 @@ interface(`seutil_exec_newrole',`
>   		type newrole_t, newrole_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	can_exec($1, newrole_exec_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
> @@ -374,9 +386,12 @@ interface(`seutil_domtrans_runinit',`
>   		type run_init_t, run_init_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	domtrans_pattern($1, run_init_exec_t, run_init_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
> @@ -511,9 +526,12 @@ interface(`seutil_domtrans_setfiles',`
>   		type setfiles_t, setfiles_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	domtrans_pattern($1, setfiles_exec_t, setfiles_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
> @@ -558,9 +576,12 @@ interface(`seutil_exec_setfiles',`
>   		type setfiles_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	can_exec($1, setfiles_exec_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
> @@ -1002,9 +1023,12 @@ interface(`seutil_domtrans_semanage',`
>   		type semanage_t, semanage_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	domtrans_pattern($1, semanage_exec_t, semanage_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
> @@ -1051,9 +1075,12 @@ interface(`seutil_domtrans_setsebool',`
>   		type setsebool_t, setsebool_exec_t;
>   	')
>
> -	files_search_usr($1)
>   	corecmd_search_bin($1)
>   	domtrans_pattern($1, setsebool_exec_t, setsebool_t)
> +
> +	ifndef(`distro_redhat',`
> +		files_search_usr($1)
> +	')
>   ')
>
>   ########################################
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com