From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 24 Jan 2011 09:50:02 -0500
Subject: [refpolicy] [PATCH/RFC 1/19]: patch set to update the git
 reference policy
In-Reply-To: <4D3D8BFA.1000701@gmail.com>
References: <1295829827.3862.60.camel@tesla.lan> <4D3D8BFA.1000701@gmail.com>
Message-ID: <4D3D919A.1080802@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/24/2011 09:26 AM, Dominick Grift wrote:
> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
>> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
>> --- refpolicy-git-18012011/policy/modules/services/dbus.fc	2011-01-08 19:07:21.238740722 +0100
>> +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc	2011-01-18 23:13:43.740999070 +0100
>> @@ -1,11 +1,24 @@
>>  /etc/dbus-1(/.*)?		gen_context(system_u:object_r:dbusd_etc_t,s0)
> 
>>  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-send		--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> 
>>  /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
>>  /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> 
>>  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-send	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +/usr/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
>> +
> 
> I am not sure if labelling all these dbus_exec_t is a good idea or even
> beneficial in any way
> 
Definitely not.
>>  /usr/libexec/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> 
>>  /var/lib/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
>> diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/system/init.fc refpolicy-git-18012011-update/policy/modules/system/init.fc
>> --- refpolicy-git-18012011/policy/modules/system/init.fc	2011-01-08 19:07:21.350758412 +0100
>> +++ refpolicy-git-18012011-update/policy/modules/system/init.fc	2011-01-18 23:13:43.740999070 +0100
>> @@ -34,6 +34,8 @@ ifdef(`distro_gentoo', `
>>  # /sbin
>>  #
>>  /sbin/init(ng)?		--	gen_context(system_u:object_r:init_exec_t,s0)
>> +# because nowadays, /sbin/init is often a symlink to /sbin/upstart
>> +/sbin/upstart		--	gen_context(system_u:object_r:init_exec_t,s0)
> 
>>  ifdef(`distro_gentoo', `
>>  /sbin/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
> 
> 
>> _______________________________________________
>> refpolicy mailing list
>> refpolicy at oss.tresys.com
>> http://oss.tresys.com/mailman/listinfo/refpolicy
> 
_______________________________________________
refpolicy mailing list
refpolicy at oss.tresys.com
http://oss.tresys.com/mailman/listinfo/refpolicy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk09kZYACgkQrlYvE4MpobNd1ACfWcH/QOjVkM2+puln2AJvaTye
07sAoNoOoWE6SK5ODGX1DwrMa5ibAxKi
=6QNt
-----END PGP SIGNATURE-----