From: guido@trentalancia.com (Guido Trentalancia)
Date: Mon, 24 Jan 2011 16:05:18 +0100
Subject: [refpolicy] [PATCH/RFC 1/19]: patch set to update the git
 reference policy
In-Reply-To: <4D3D8BFA.1000701@gmail.com>
References: <1295829827.3862.60.camel@tesla.lan> <4D3D8BFA.1000701@gmail.com>
Message-ID: <1295881518.19674.5.camel@tesla.lan>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Mon, 24/01/2011 at 15.26 +0100, Dominick Grift wrote:
> On 01/24/2011 01:43 AM, Guido Trentalancia wrote:
> > diff -pruN -x .git -x corenetwork.if -x corenetwork.te -x booleans.conf refpolicy-git-18012011/policy/modules/services/dbus.fc refpolicy-git-18012011-update/policy/modules/services/dbus.fc
> > --- refpolicy-git-18012011/policy/modules/services/dbus.fc	2011-01-08 19:07:21.238740722 +0100
> > +++ refpolicy-git-18012011-update/policy/modules/services/dbus.fc	2011-01-18 23:13:43.740999070 +0100
> > @@ -1,11 +1,24 @@
> >  /etc/dbus-1(/.*)?		gen_context(system_u:object_r:dbusd_etc_t,s0)
> >  
> >  /bin/dbus-daemon 	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-send		--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> >  
> >  /lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> >  /lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:dbusd_exec_t,s0)
> >  
> >  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-cleanup-sockets	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-launch	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-monitor	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-send	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-uuidgen	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +/usr/bin/dbus-binding-tool	--	gen_context(system_u:object_r:dbusd_exec_t,s0)
> > +
> 
> I am not sure if labelling all these dbus_exec_t is a good idea or even
> beneficial in any way

Yes, you are right. Only {/bin,/usr/bin}/dbus-daemon should be labelled
that way.

Will change it.

Regards,

Guido