From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Tue, 23 Aug 2011 12:51:07 +0200 Subject: [refpolicy] [PATCH 1/1] Update file contexts for xfce4 helper applications Message-ID: <20110823105106.GA1590@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Many XFCE4 helper applications are located in /usr/lib locations. This patch marks those helpers as bin_t. Recursively marking the directories bin_t does not work properly as these locations also contain actual libraries. Signed-off-by: Sven Vermeulen --- policy/modules/kernel/corecommands.fc | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 3fae11a..54caebe 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -226,6 +226,15 @@ ifdef(`distro_gentoo',` /usr/lib(64)?/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/sftp-server -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/vte/gnome-pty-helper -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/session/xfsm-shutdown-helper -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/session/balou-export-theme -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/session/balou-install-theme -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/xfwm4/helper-dialog -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/xfconf/xfconfd -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/panel/wrapper -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0 /usr/lib(64)?/debug/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0) /usr/lib(64)?/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0) -- 1.7.3.4