From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 8 Aug 2012 10:41:05 -0400
Subject: [refpolicy] [PATCH v6]: mcelog module initial rewrite
In-Reply-To: <502278E8.90900@trentalancia.com>
References: <201208061519.q76FJcDp011962@vivaldi31.register.it>
	<1344267046.29329.57.camel@d30.localdomain>
	<50201053.9000506@trentalancia.com>
	<1344282251.29329.73.camel@d30.localdomain>
	<50215188.7040900@trentalancia.com>
	<1344361404.2306.5.camel@d30.localdomain>
	<50216DFF.1050309@trentalancia.com>
	<1344368916.2306.14.camel@d30.localdomain>
	<50217898.1000106@trentalancia.com>
	<1344371220.2306.18.camel@d30.localdomain>
	<502190FD.4060905@trentalancia.com>
	<50226348.5020303@tresys.com> <502278E8.90900@trentalancia.com>
Message-ID: <50227A81.5000409@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/08/12 10:34, Guido Trentalancia wrote:
> On 08/08/2012 15:02, Christopher J. PeBenito wrote:
>> On 08/07/12 18:04, Guido Trentalancia wrote:

>>> @@ -1 +1,13 @@
>>> +/etc/mcelog(/.*)?        gen_context(system_u:object_r:mcelog_etc_t,s0)
>>> +
>>> +ifdef(`distro_redhat',`
>>> +/etc/mcelog/triggers    -d    gen_context(system_u:object_r:mcelog_etc_t,s0)
>>> +')
>>> +
>>> +/etc/rc\.d/init\.d/mcelog    --
>>> gen_context(system_u:object_r:mcelog_initrc_exec_t,s0)
> 
> Dominick has also noted that Debian (and Gentoo) are actually using a different path for the init scripts. I don't know how to move on with this really, as the rest of the current reference policy only has support for such alternative location in the hadoop module.

We can try the file context substitution feature that Dominick suggested.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com