From: guido@trentalancia.com (Guido Trentalancia) Date: Tue, 26 Jun 2012 21:39:44 +0200 Subject: [refpolicy] [PATCH v2]: fix packagekit file context (standard location for the daemon) In-Reply-To: <4FE9C1CB.4060804@tresys.com> References: <1340207771.3570.11.camel@vortex> <1340240971.2940.2.camel@vortex> <4FE9BCD9.7010307@tresys.com> <1340718653.12652.1.camel@x220.mydomain.internal> <4FE9C1CB.4060804@tresys.com> Message-ID: <1340739584.2840.2.camel@vortex> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2012-06-26 at 10:06 -0400, Christopher J. PeBenito wrote: > On 06/26/12 09:50, Dominick Grift wrote: > > On Tue, 2012-06-26 at 09:44 -0400, Christopher J. PeBenito wrote: > >> On 06/20/12 21:09, Guido Trentalancia wrote: > >>> Hello again. > >>> > >>> I also noticed that the working directories that it needs to access as a > >>> minimum condition also seems broken, according to the latest version > >>> available: > >> > >> Merged. > >> > >>> --- refpolicy-04062012/policy/modules/contrib/rpm.fc 2012-06-21 01:58:45.505739558 +0200 > >>> +++ refpolicy-04062012-packagekit-fc-standard/policy/modules/contrib/rpm.fc 2012-06-21 02:06:21.475277343 +0200 > >>> @@ -7,13 +7,13 @@ > >>> > >>> /usr/bin/yum -- gen_context(system_u:object_r:rpm_exec_t,s0) > >>> > >>> +/usr/libexec/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0) > >>> /usr/libexec/yumDBUSBackend.py -- gen_context(system_u:object_r:rpm_exec_t,s0) > >>> > >>> /usr/sbin/yum-complete-transaction -- gen_context(system_u:object_r:rpm_exec_t,s0) > >>> > >>> /usr/sbin/system-install-packages -- gen_context(system_u:object_r:rpm_exec_t,s0) > >>> /usr/sbin/yum-updatesd -- gen_context(system_u:object_r:rpm_exec_t,s0) > >>> -/usr/sbin/packagekitd -- gen_context(system_u:object_r:rpm_exec_t,s0) > > > > What about backwards compatibility? This will break systems that have > > this binary still in /usr/sbin/ Backward-compatibility should never come at the expense of compatibility with current situation. Backward-compatibility should only be considered if it can coexist with compatibility with recent versions. > Right. I've restored the line. See above. Regards, Guido