From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 8 Aug 2012 09:17:23 -0400
Subject: [refpolicy] [PATCH] Initial BIRD Internet Routing Daemon policy
In-Reply-To: <1344426166.2306.31.camel@d30.localdomain>
References: <1344415924-27382-1-git-send-email-dominick.grift@gmail.com>
	<5022443F.2040601@trentalancia.com>
	<1344426166.2306.31.camel@d30.localdomain>
Message-ID: <502266E3.8060003@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/08/12 07:42, Dominick Grift wrote:
> On Wed, 2012-08-08 at 12:49 +0200, Guido Trentalancia wrote:
>> On 08/08/2012 10:52, Dominick Grift wrote:

>>> --- /dev/null
>>> +++ b/bird.fc
>>> @@ -0,0 +1,11 @@
>>> +/etc/bird\.conf	--	gen_context(system_u:object_r:bird_etc_t,s0)
>>> +
>>> +/etc/default/bird	--	gen_context(system_u:object_r:bird_etc_t,s0)
>>> +
>>> +/etc/rc\.d/init\.d/bird	--	gen_context(system_u:object_r:bird_initrc_exec_t,s0)
>>
>> You might want to support init script locations for other distributions 
>> here, as in the oident module that you proposed to modify yesterday (I 
>> am going to modify the mcelog too for this purpose).
>>
>> Debian (but also Gentoo and many others) are currently using /etc/init\.d.
>>
>> The rest is unlikely to change, if it does, it's their business to 
>> modify the contexts, I think.
> 
> You have a good point and i have been thinking abou this issue
> obviously. I decided to go this way because existing init daemons also
> only have the /etc/rc.d/init.d and not the /etc/init.d.
> 
> Maybe a better solution is to just add:
> 
> /etc/init.d /etc/rc.d/init.d
> 
> to file_contexts.subs_dist

Its not a bad idea.  I'd take a patch that cleaned this up across the entire policy.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com