From: guido@trentalancia.com (Guido Trentalancia) Date: Thu, 09 Aug 2012 20:32:53 +0200 Subject: [refpolicy] [PATCH v2 2/2] Update with new substitutions In-Reply-To: <20120809174531.GC32628@siphos.be> References: <20120809174351.GA32628@siphos.be> <20120809174531.GC32628@siphos.be> Message-ID: <50240255.1030004@trentalancia.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 09/08/2012 19:45, Sven Vermeulen wrote: > The recently introduced substitutions for /usr/local/lib* and /etc/init.d also > reflect in the file contexts of a few contrib modules. > > Signed-off-by: Sven Vermeulen > --- > hadoop.fc | 7 ------- > inetd.fc | 2 +- > tmpreaper.fc | 4 ++-- > 3 files changed, 3 insertions(+), 10 deletions(-) > > diff --git a/hadoop.fc b/hadoop.fc > index 633c470..8bc8a78 100644 > --- a/hadoop.fc > +++ b/hadoop.fc > @@ -1,12 +1,5 @@ > /etc/hadoop.* gen_context(system_u:object_r:hadoop_etc_t,s0) > > -/etc/init\.d/hadoop-(.*-)?datanode -- gen_context(system_u:object_r:hadoop_datanode_initrc_exec_t,s0) > -/etc/init\.d/hadoop-(.*-)?jobtracker -- gen_context(system_u:object_r:hadoop_jobtracker_initrc_exec_t,s0) > -/etc/init\.d/hadoop-(.*-)?namenode -- gen_context(system_u:object_r:hadoop_namenode_initrc_exec_t,s0) > -/etc/init\.d/hadoop-(.*-)?secondarynamenode -- gen_context(system_u:object_r:hadoop_secondarynamenode_initrc_exec_t,s0) > -/etc/init\.d/hadoop-(.*-)?tasktracker -- gen_context(system_u:object_r:hadoop_tasktracker_initrc_exec_t,s0) > -/etc/init\.d/zookeeper -- gen_context(system_u:object_r:zookeeper_server_initrc_exec_t,s0) > - zookeeper would not appear anymore if you remove it completely instead of translating it (look three lines further below). > /etc/rc\.d/init\.d/hadoop-(.*-)?datanode -- gen_context(system_u:object_r:hadoop_datanode_initrc_exec_t,s0) > /etc/rc\.d/init\.d/hadoop-(.*-)?jobtracker -- gen_context(system_u:object_r:hadoop_jobtracker_initrc_exec_t,s0) > /etc/rc\.d/init\.d/hadoop-(.*-)?namenode -- gen_context(system_u:object_r:hadoop_namenode_initrc_exec_t,s0) > diff --git a/inetd.fc b/inetd.fc > index 39d5baa..6107467 100644 > --- a/inetd.fc > +++ b/inetd.fc > @@ -1,7 +1,7 @@ > +/usr/lib/pysieved/pysieved.*\.py -- gen_context(system_u:object_r:inetd_child_exec_t,s0) > > /usr/sbin/identd -- gen_context(system_u:object_r:inetd_child_exec_t,s0) > /usr/sbin/in\..*d -- gen_context(system_u:object_r:inetd_child_exec_t,s0) > -/usr/local/lib/pysieved/pysieved.*\.py -- gen_context(system_u:object_r:inetd_child_exec_t,s0) > > /usr/sbin/inetd -- gen_context(system_u:object_r:inetd_exec_t,s0) > /usr/sbin/rlinetd -- gen_context(system_u:object_r:inetd_exec_t,s0) > diff --git a/tmpreaper.fc b/tmpreaper.fc > index fcc10e8..42ee122 100644 > --- a/tmpreaper.fc > +++ b/tmpreaper.fc > @@ -1,6 +1,6 @@ > ifdef(`distro_debian',` > -/etc/init\.d/mountall-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) > -/etc/init\.d/mountnfs-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) > +/etc/rc\.d/init\.d/mountall-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) > +/etc/rc\.d/init\.d/mountnfs-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) Personally speaking, I would not touch what's inside the ifdefs, unless it's a very well known distribution that one is regularly and actively using. > ') > > /usr/sbin/tmpreaper -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) >