From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 31 Jul 2012 14:51:44 -0400
Subject: [refpolicy] [PATCH 1/3] Add in substitutions for /usr/local
In-Reply-To: <1343495174-6852-2-git-send-email-sven.vermeulen@siphos.be>
References: <1343495174-6852-1-git-send-email-sven.vermeulen@siphos.be>
	<1343495174-6852-2-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <50182940.3090800@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/28/12 13:06, Sven Vermeulen wrote:
> Translate any paths towards /usr/local as if they were to /usr.
> 
> Since the substitutions aren't chained together, we need to define the rules for
> the individual /usr/local/lib* directories as well.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  config/file_contexts.subs_dist |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
> index 32b87a4..72a7a0f 100644
> --- a/config/file_contexts.subs_dist
> +++ b/config/file_contexts.subs_dist
> @@ -4,4 +4,7 @@
>  /run/lock /var/lock
>  /usr/lib32 /usr/lib
>  /usr/lib64 /usr/lib
> +/usr/local /usr

I'm reluctant to make this substitution.  From my experience, too many things don't seem follow this well.

> +/usr/local/lib32 /usr/lib
> +/usr/local/lib64 /usr/lib

I'd be more accepting of this change.

>  /var/run/lock /var/lock
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com