From: dwalsh@redhat.com (Daniel J Walsh) Date: Mon, 17 Sep 2012 11:25:16 -0400 Subject: [refpolicy] [PATCH] Add Debian location for rtkit-daemon daemon In-Reply-To: <50573EFD.9020603@tresys.com> References: <1347488050-19736-1-git-send-email-bigon@debian.org> <1347538790.2915.20.camel@d30.localdomain> <50520213.40902@redhat.com> <1347552374.2915.27.camel@d30.localdomain> <50573EFD.9020603@tresys.com> Message-ID: <505740DC.6090400@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/17/2012 11:17 AM, Christopher J. PeBenito wrote: > On 09/13/12 12:06, Dominick Grift wrote: >> >> >> On Thu, 2012-09-13 at 11:56 -0400, Daniel J Walsh wrote: >>> On 09/13/2012 08:19 AM, Dominick Grift wrote: >>>> >>>> >>>> On Thu, 2012-09-13 at 00:14 +0200, Laurent Bigonville wrote: >>>>> From: Laurent Bigonville >>>>> >>>>> --- rtkit.fc | 4 ++++ 1 file changed, 4 insertions(+) >>>>> >>>>> diff --git a/rtkit.fc b/rtkit.fc index 52c441e..fd82305 100644 --- >>>>> a/rtkit.fc +++ b/rtkit.fc @@ -1 +1,5 @@ /usr/libexec/rtkit-daemon >>>>> -- gen_context(system_u:object_r:rtkit_daemon_exec_t,s0) + >>>>> +ifdef(`distro_debian',` +/usr/lib/rtkit/rtkit-daemon -- >>>>> gen_context(system_u:object_r:rtkit_daemon_exec_t,s0) +') >>>> >>>> This was merged. Thanks >>>> >>>> >>> I have never been a big fan of the ifdef(DISTRO) stuff in the fc files. >>> Why is it necessary hear? Only reason for this would be if another >>> distro had a file here named /usr/lib/rtkit/rtkit-daemon that they >>> wanted to label differently. Lets not flood the fc files with these >>> macros. I could definitely see Fedora moving to this location. Driven >>> by systemd. >> >> I agree, but until we get consensus cross the board regarding this issue >> i don't see any reason to reject these patches. >> >> removing the ifdef wrappers is trivial so as soon as we can all agree ill >> remove them. >> >> So i would like to hear opinions of at least pebenito. bigon and swift >> about this as well (which i cc'd) > > We can always remove the ifdef if Fedora uses that path. But in this case, > the fc seems odd to me; why would you put a service's executable in > /usr/lib (even as a subdir)? > Systemd is pushing the idea that you put apps that are to be run as a service or by a library into /usr/lib/PACKAGENAME (This apps should never be run using multilib). As opposed to /usr/libexec. These are the directories I have in Fedora 18 /usr/lib/gconv /usr/lib/sse2 /usr/lib/jvm /usr/lib/cups /usr/lib/udev /usr/lib/debug /usr/lib/alsa /usr/lib/krb5 /usr/lib/dracut /usr/lib/kbd /usr/lib/jvm-private /usr/lib/jvm-exports /usr/lib/rtkaio /usr/lib/bonobo /usr/lib/games /usr/lib/binfmt.d /usr/lib/grub /usr/lib/security /usr/lib/crda /usr/lib/gcc /usr/lib/udisks2 /usr/lib/modprobe.d /usr/lib/systemd /usr/lib/python2.7 /usr/lib/mozilla /usr/lib/locale /usr/lib/python3.3 /usr/lib/audit /usr/lib/gems /usr/lib/jvm-commmon /usr/lib/modules /usr/lib/firmware /usr/lib/tmpfiles.d /usr/lib/xen /usr/lib/modules-load.d /usr/lib/i686 /usr/lib/polkit-1 /usr/lib/yum-plugins /usr/lib/sysctl.d /usr/lib/man2html /usr/lib/rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBXQNwACgkQrlYvE4MpobNk2gCeLJAykDVtnEfo7NMYut308v/z LQgAn2+Tibfah9G9+LsbOhSB9W4P0RAf =uwrK -----END PGP SIGNATURE-----