From: guido@trentalancia.com (Guido Trentalancia) Date: Wed, 20 Jun 2012 17:56:11 +0200 Subject: [refpolicy] [PATCH]: fix packagekit file context (standard location for the daemon) Message-ID: <1340207771.3570.11.camel@vortex> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com It seems that the current refpolicy file contexts are using a wrong (or at least rather obsolete) location for the PackageKit daemon executable. It's standard location is in /usr/libexec and not /usr/sbin (FC17 also apparently uses the latter). Finally, consider that PackageKit should now ship also with distributions other than Redhat. So, either of these two patches, would probably be a good move: --- refpolicy-04062012/policy/modules/contrib/rpm.fc 2011-09-09 18:29:23.592611047 +0200 +++ refpolicy-04062012-packagekit-fc/policy/modules/contrib/rpm.fc 2012-06-19 19:12:07.420661407 +0200 @@ -13,7 +13,13 @@ /usr/sbin/system-install-packages -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/sbin/yum-updatesd -- gen_context(system_u:object_r:rpm_exec_t,s0) + +ifndef(`distro_redhat', ` +/usr/libexec/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0) +') +ifdef(`distro_redhat', ` /usr/sbin/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0) +') /usr/share/yumex/yumex-yum-backend -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/share/yumex/yum_childtask\.py -- gen_context(system_u:object_r:rpm_exec_t,s0) Or: --- refpolicy-04062012/policy/modules/contrib/rpm.fc 2012-06-20 17:47:29.249999920 +0200 +++ refpolicy-04062012-packagekit-fc-standard/policy/modules/contrib/rpm.fc 2012-06-20 17:46:05.436179710 +0200 @@ -13,7 +13,8 @@ /usr/sbin/system-install-packages -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/sbin/yum-updatesd -- gen_context(system_u:object_r:rpm_exec_t,s0) -/usr/sbin/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0) + +/usr/libexec/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/share/yumex/yumex-yum-backend -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/share/yumex/yum_childtask\.py -- gen_context(system_u:object_r:rpm_exec_t,s0)