From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 4 May 2012 10:05:41 -0400
Subject: [refpolicy] [PATCH 2/2] Simplify .fc in light of
	file_contexts.subs_dist
In-Reply-To: <20120501080905.GG32060@siphos.be>
References: <20120501080742.GE32060@siphos.be>
	<20120501080905.GG32060@siphos.be>
Message-ID: <4FA3E235.7070003@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 05/01/12 04:09, Sven Vermeulen wrote:
> Now that we have file_contexts.subs_dist, translations that were put in the file context definition files can now be
> cleaned up.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/admin/usermanage.fc    |    2 +-
>  policy/modules/contrib                |    2 +-
>  policy/modules/kernel/corecommands.fc |  113 +++++++++-----------
>  policy/modules/kernel/files.fc        |    1 -
>  policy/modules/services/postgresql.fc |    6 +-
>  policy/modules/services/xserver.fc    |    2 +-
>  policy/modules/system/init.fc         |    2 -
>  policy/modules/system/ipsec.fc        |   12 +-
>  policy/modules/system/libraries.fc    |  188 ++++++++++++++++-----------------
>  policy/modules/system/miscfiles.fc    |    2 +-
>  policy/modules/system/modutils.fc     |    2 -
>  policy/modules/system/selinuxutil.fc  |    2 +-
>  policy/modules/system/unconfined.fc   |    2 +-
>  13 files changed, 157 insertions(+), 179 deletions(-)

> diff --git a/policy/modules/contrib b/policy/modules/contrib
> index df9652e..6c192c7 160000
> --- a/policy/modules/contrib
> +++ b/policy/modules/contrib
> @@ -1 +1 @@
> -Subproject commit df9652e0b0c3e2a7649d16aafd974621e702a222
> +Subproject commit 6c192c747802a866038f470f8f60d5d664507a4f

Please do not send these.

> diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
> index 560dc48..632a560 100644
> --- a/policy/modules/system/libraries.fc
> +++ b/policy/modules/system/libraries.fc
> @@ -37,24 +37,19 @@ ifdef(`distro_redhat',`
>  #
>  /lib					-d	gen_context(system_u:object_r:lib_t,s0)
>  /lib/.*						gen_context(system_u:object_r:lib_t,s0)
> -/lib64					-d	gen_context(system_u:object_r:lib_t,s0)
> -/lib64/.*					gen_context(system_u:object_r:lib_t,s0)
>  /lib/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
> -/lib64/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
>  
>  /lib/security/pam_poldi\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
> -/lib64/security/pam_poldi\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
>  
>  ifdef(`distro_debian',`
> -/lib32					-l	gen_context(system_u:object_r:lib_t,s0)
> -/lib64					-l	gen_context(system_u:object_r:lib_t,s0)
> +/lib					-l	gen_context(system_u:object_r:lib_t,s0)
>  ')
>  
>  ifdef(`distro_gentoo',`
>  /lib					-l	gen_context(system_u:object_r:lib_t,s0)
> -/lib32					-d	gen_context(system_u:object_r:lib_t,s0)
> -/lib32/.*					gen_context(system_u:object_r:lib_t,s0)
> -/lib32/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
> +/lib					-d	gen_context(system_u:object_r:lib_t,s0)
> +/lib/.*					gen_context(system_u:object_r:lib_t,s0)
> +/lib/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
>  ')

Looks like the lines you changed in the Gentoo block should be deleted instead.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com