From: debian@mikapflueger.de (Mika =?ISO-8859-1?B?UGZs/Gdlcg==?=) Date: Sun, 12 Aug 2012 16:42:37 +0200 Subject: [refpolicy] [PATCH v1 6/6] Use libexec location for postfix binaries In-Reply-To: <1344765482.20817.6.camel@x220.mydomain.internal> References: <1344711594-11687-1-git-send-email-sven.vermeulen@siphos.be> <1344711594-11687-7-git-send-email-sven.vermeulen@siphos.be> <20120811212754.2d5a29b7@george.anarkia> <1344765482.20817.6.camel@x220.mydomain.internal> Message-ID: <20120812164237.2e3273e3@george.anarkia> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Hi, Am Sun, 12 Aug 2012 11:58:02 +0200 schrieb Dominick Grift : > On Sat, 2012-08-11 at 21:27 +0200, Mika Pfl?ger wrote: > > Hi, > > > > Am Sat, 11 Aug 2012 20:59:54 +0200 > > schrieb Sven Vermeulen : > > > > > Recent postfix releases have their binaries at /usr/libexec > > > instead of /usr/lib. This patch removes the ifdef for > > > distro_redhat since, even for distributions that would still have > > > the old locations, having the definitions for the contexts loaded > > > doesn't hurt. > > > > > > Add in a small blurb too to reflect the potential deprecation of > > > said contexts. > > > > I think this is wrong. The FHS still does not contain anything > > about /usr/libexec and consequently, debian doesn't have it. I am > > not fully aware if this is handled by some /usr/libexec -> /usr/lib > > build replacement magic for debian, if it is, then you are of > > course right that the old definitions are not needed anymore and > > might be removed some time. > > It doesnt really matter imho. If gentoo has the content now > in /usr/libexec then we need to support both unconditionally. I was talking about the "small blurb to reflect the potential deprecation of said contexts.", specifically the line > +# Older location for postfix binaries, might be cleaned up in near \ > future? from the patch. Sorry for the confusing citation of the whole description. I am not at all opposed to have both contexts unconditionally - I just don't want the /usr/lib contexts to go away in the near future with debian then patching them conditionally in again. Cheers, Mika > > > Signed-off-by: Sven Vermeulen > > > --- > > > postfix.fc | 5 ++--- > > > 1 files changed, 2 insertions(+), 3 deletions(-) > > > > > > diff --git a/postfix.fc b/postfix.fc > > > index 90bf84e..6d61b82 100644 > > > --- a/postfix.fc > > > +++ b/postfix.fc > > > @@ -1,6 +1,5 @@ > > > # postfix > > > /etc/postfix(/.*)? > > > gen_context(system_u:object_r:postfix_etc_t,s0) > > > -ifdef(`distro_redhat', ` /usr/libexec/postfix/.* -- > > > gen_context(system_u:object_r:postfix_exec_t,s0) /usr/libexec/postfix/cleanup > > > -- > > > gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/libexec/postfix/lmtp > > > -- gen_context(system_u:object_r:postfix_smtp_exec_t,s0) @@ > > > -15,7 +14,7 @@ ifdef(`distro_redhat', > > > ` /usr/libexec/postfix/bounce -- > > > gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/libexec/postfix/pipe > > > -- > > > gen_context(system_u:object_r:postfix_pipe_exec_t,s0) /usr/libexec/postfix/virtual > > > -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0) > > > -', ` +# Older location for postfix binaries, might be cleaned up > > > in near future? /usr/lib/postfix/.* -- > > > gen_context(system_u:object_r:postfix_exec_t,s0) /usr/lib/postfix/cleanup > > > -- > > > gen_context(system_u:object_r:postfix_cleanup_exec_t,s0) /usr/lib/postfix/local -- > > > gen_context(system_u:object_r:postfix_local_exec_t,s0) @@ -29,7 > > > +28,7 @@ ifdef(`distro_redhat', > > > ` /usr/lib/postfix/bounce -- > > > gen_context(system_u:object_r:postfix_bounce_exec_t,s0) /usr/lib/postfix/pipe -- > > > gen_context(system_u:object_r:postfix_pipe_exec_t,s0) /usr/lib/postfix/virtual > > > -- > > > gen_context(system_u:object_r:postfix_virtual_exec_t,s0) -') > > > + /etc/postfix/postfix-script.* -- > > > gen_context(system_u:object_r:postfix_exec_t,s0) /etc/postfix/prng_exch -- > > > gen_context(system_u:object_r:postfix_prng_t,s0) /usr/sbin/postcat -- > > > gen_context(system_u:object_r:postfix_master_exec_t,s0) > > > > > > > > _______________________________________________ > > refpolicy mailing list > > refpolicy at oss.tresys.com > > http://oss.tresys.com/mailman/listinfo/refpolicy > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy -- Own your own computer. Don't use Windows 7. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20120812/f0480a86/attachment.bin