From: dominick.grift@gmail.com (Dominick Grift)
Date: Wed, 08 Aug 2012 16:23:18 +0200
Subject: [refpolicy] [PATCH] Initial BIRD Internet Routing Daemon policy
In-Reply-To: <502266E3.8060003@tresys.com>
References: <1344415924-27382-1-git-send-email-dominick.grift@gmail.com>
	<5022443F.2040601@trentalancia.com>
	<1344426166.2306.31.camel@d30.localdomain>
	<502266E3.8060003@tresys.com>
Message-ID: <1344435798.2306.41.camel@d30.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com



On Wed, 2012-08-08 at 09:17 -0400, Christopher J. PeBenito wrote:
> On 08/08/12 07:42, Dominick Grift wrote:
> > On Wed, 2012-08-08 at 12:49 +0200, Guido Trentalancia wrote:
> >> On 08/08/2012 10:52, Dominick Grift wrote:
> 
> >>> --- /dev/null
> >>> +++ b/bird.fc
> >>> @@ -0,0 +1,11 @@
> >>> +/etc/bird\.conf	--	gen_context(system_u:object_r:bird_etc_t,s0)
> >>> +
> >>> +/etc/default/bird	--	gen_context(system_u:object_r:bird_etc_t,s0)
> >>> +
> >>> +/etc/rc\.d/init\.d/bird	--	gen_context(system_u:object_r:bird_initrc_exec_t,s0)
> >>
> >> You might want to support init script locations for other distributions 
> >> here, as in the oident module that you proposed to modify yesterday (I 
> >> am going to modify the mcelog too for this purpose).
> >>
> >> Debian (but also Gentoo and many others) are currently using /etc/init\.d.
> >>
> >> The rest is unlikely to change, if it does, it's their business to 
> >> modify the contexts, I think.
> > 
> > You have a good point and i have been thinking abou this issue
> > obviously. I decided to go this way because existing init daemons also
> > only have the /etc/rc.d/init.d and not the /etc/init.d.
> > 
> > Maybe a better solution is to just add:
> > 
> > /etc/init.d /etc/rc.d/init.d
> > 
> > to file_contexts.subs_dist
> 
> Its not a bad idea.  I'd take a patch that cleaned this up across the entire policy.
> 

Should be as easy as appending /etc/init.d /etc/rc.d/init.d to
config/file_contexts.subs_dist

However i am not sure if we should escape the periods