From: debian@mikapflueger.de (Mika =?ISO-8859-1?B?UGZs/Gdlcg==?=) Date: Sat, 11 Aug 2012 21:27:54 +0200 Subject: [refpolicy] [PATCH v1 6/6] Use libexec location for postfix binaries In-Reply-To: <1344711594-11687-7-git-send-email-sven.vermeulen@siphos.be> References: <1344711594-11687-1-git-send-email-sven.vermeulen@siphos.be> <1344711594-11687-7-git-send-email-sven.vermeulen@siphos.be> Message-ID: <20120811212754.2d5a29b7@george.anarkia> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi, Am Sat, 11 Aug 2012 20:59:54 +0200 schrieb Sven Vermeulen : > Recent postfix releases have their binaries at /usr/libexec instead > of /usr/lib. This patch removes the ifdef for distro_redhat since, > even for distributions that would still have the old locations, > having the definitions for the contexts loaded doesn't hurt. > > Add in a small blurb too to reflect the potential deprecation of said > contexts. I think this is wrong. The FHS still does not contain anything about /usr/libexec and consequently, debian doesn't have it. I am not fully aware if this is handled by some /usr/libexec -> /usr/lib build replacement magic for debian, if it is, then you are of course right that the old definitions are not needed anymore and might be removed some time. Cheers, Mika > > Signed-off-by: Sven Vermeulen > --- > postfix.fc | 5 ++--- > 1 files changed, 2 insertions(+), 3 deletions(-) > > diff --git a/postfix.fc b/postfix.fc > index 90bf84e..6d61b82 100644 > --- a/postfix.fc > +++ b/postfix.fc > @@ -1,6 +1,5 @@ > # postfix > /etc/postfix(/.*)? > gen_context(system_u:object_r:postfix_etc_t,s0) > -ifdef(`distro_redhat', ` /usr/libexec/postfix/.* -- > gen_context(system_u:object_r:postfix_exec_t,s0) /usr/libexec/postfix/cleanup > -- > gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/libexec/postfix/lmtp > -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) @@ > -15,7 +14,7 @@ ifdef(`distro_redhat', ` /usr/libexec/postfix/bounce > -- > gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/libexec/postfix/pipe > -- > gen_context(system_u:object_r:postfix_pipe_exec_t,s0) /usr/libexec/postfix/virtual > -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) > -', ` +# Older location for postfix binaries, might be cleaned up in > near future? /usr/lib/postfix/.* -- > gen_context(system_u:object_r:postfix_exec_t,s0) /usr/lib/postfix/cleanup > -- > gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/lib/postfix/local -- > gen_context(system_u:object_r:postfix_local_exec_t,s0) @@ -29,7 +28,7 > @@ ifdef(`distro_redhat', ` /usr/lib/postfix/bounce -- > gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/lib/postfix/pipe -- > gen_context(system_u:object_r:postfix_pipe_exec_t,s0) /usr/lib/postfix/virtual > -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) > -') + /etc/postfix/postfix-script.* -- > gen_context(system_u:object_r:postfix_exec_t,s0) /etc/postfix/prng_exch -- > gen_context(system_u:object_r:postfix_prng_t,s0) /usr/sbin/postcat -- > gen_context(system_u:object_r:postfix_master_exec_t,s0) -- Own your own computer. Don't use Windows 7. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20120811/41bc6946/attachment-0001.bin