From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 24 Aug 2011 09:03:34 -0400 Subject: [refpolicy] [PATCH 1/1] Update file contexts for xfce4 helper applications In-Reply-To: <20110823105106.GA1590@siphos.be> References: <20110823105106.GA1590@siphos.be> Message-ID: <4E54F6A6.7080808@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 08/23/11 06:51, Sven Vermeulen wrote: > Many XFCE4 helper applications are located in /usr/lib locations. This patch > marks those helpers as bin_t. > > Recursively marking the directories bin_t does not work properly as these > locations also contain actual libraries. > > Signed-off-by: Sven Vermeulen > --- > policy/modules/kernel/corecommands.fc | 9 +++++++++ > 1 files changed, 9 insertions(+), 0 deletions(-) > > diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc > index 3fae11a..54caebe 100644 > --- a/policy/modules/kernel/corecommands.fc > +++ b/policy/modules/kernel/corecommands.fc > @@ -226,6 +226,15 @@ ifdef(`distro_gentoo',` > /usr/lib(64)?/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0) > /usr/lib(64)?/sftp-server -- gen_context(system_u:object_r:bin_t,s0) > /usr/lib(64)?/vte/gnome-pty-helper -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/session/xfsm-shutdown-helper -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/session/balou-export-theme -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/session/balou-install-theme -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/xfwm4/helper-dialog -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/xfconf/xfconfd -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/panel/wrapper -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/panel/migrate -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/exo-1/exo-helper-1 -- gen_context(system_u:object_r:bin_t,s0) > +/usr/lib(64)?/xfce4/exo-1/exo-compose-mail-1 -- gen_context(system_u:object_r:bin_t,s0 > > /usr/lib(64)?/debug/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0) > /usr/lib(64)?/debug/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0) Merged. I rearraged the lines and fixed the last context as its missing a ")". -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com