From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Thu, 9 Aug 2012 20:47:57 +0200 Subject: [refpolicy] [PATCH v2 2/2] Update with new substitutions In-Reply-To: <50240255.1030004@trentalancia.com> References: <20120809174351.GA32628@siphos.be> <20120809174531.GC32628@siphos.be> <50240255.1030004@trentalancia.com> Message-ID: <20120809184756.GC2643@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thu, Aug 09, 2012 at 08:32:53PM +0200, Guido Trentalancia wrote: > > diff --git a/hadoop.fc b/hadoop.fc > > index 633c470..8bc8a78 100644 > > --- a/hadoop.fc > > +++ b/hadoop.fc > > @@ -1,12 +1,5 @@ > > /etc/hadoop.* gen_context(system_u:object_r:hadoop_etc_t,s0) > > > > -/etc/init\.d/hadoop-(.*-)?datanode -- gen_context(system_u:object_r:hadoop_datanode_initrc_exec_t,s0) > > -/etc/init\.d/hadoop-(.*-)?jobtracker -- gen_context(system_u:object_r:hadoop_jobtracker_initrc_exec_t,s0) > > -/etc/init\.d/hadoop-(.*-)?namenode -- gen_context(system_u:object_r:hadoop_namenode_initrc_exec_t,s0) > > -/etc/init\.d/hadoop-(.*-)?secondarynamenode -- gen_context(system_u:object_r:hadoop_secondarynamenode_initrc_exec_t,s0) > > -/etc/init\.d/hadoop-(.*-)?tasktracker -- gen_context(system_u:object_r:hadoop_tasktracker_initrc_exec_t,s0) > > -/etc/init\.d/zookeeper -- gen_context(system_u:object_r:zookeeper_server_initrc_exec_t,s0) > > - > > zookeeper would not appear anymore if you remove it completely instead > of translating it (look three lines further below). You're right, I was a bit too zealous with deleting lines here. > > diff --git a/tmpreaper.fc b/tmpreaper.fc > > index fcc10e8..42ee122 100644 > > --- a/tmpreaper.fc > > +++ b/tmpreaper.fc > > @@ -1,6 +1,6 @@ > > ifdef(`distro_debian',` > > -/etc/init\.d/mountall-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) > > -/etc/init\.d/mountnfs-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) > > +/etc/rc\.d/init\.d/mountall-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) > > +/etc/rc\.d/init\.d/mountnfs-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) > > Personally speaking, I would not touch what's inside the ifdefs, unless > it's a very well known distribution that one is regularly and actively > using. If I didn't, then the rules for tmpreaper_exec_t would never be hit, and in this case the Debian distribution would fail to have a properly labeled /etc/init.d/mountall-bootclean.sh script. Wkr, Sven Vermeulen