From: dominick.grift@gmail.com (Dominick Grift) Date: Tue, 09 Oct 2012 14:24:07 +0200 Subject: [refpolicy] [PATCH] Add Debian location for PKI files In-Reply-To: <201210091203.q99C3Daq030336@vivaldi46.register.it> References: <201210091203.q99C3Daq030336@vivaldi46.register.it> Message-ID: <1349785447.30521.9.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2012-10-09 at 14:03 +0200, Guido Trentalancia wrote: > > On 09/17/12 07:45, Laurent Bigonville wrote: > >> From: Laurent Bigonville > >> > >> --- > >> policy/modules/system/miscfiles.fc | 2 ++ > >> 1 file changed, 2 insertions(+) > >> > >> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc > >> index fe3427d..9116567 100644 > >> --- a/policy/modules/system/miscfiles.fc > >> +++ b/policy/modules/system/miscfiles.fc > >> @@ -12,6 +12,7 @@ ifdef(`distro_gentoo',` > >> /etc/httpd/alias/[^/]*.db(.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) > >> /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) > >> /etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) > >> +/etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) > >> /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) > >> > >> ifdef(`distro_redhat',` > >> @@ -43,6 +44,7 @@ ifdef(`distro_redhat',` > >> > >> /usr/man(/.*)? gen_context(system_u:object_r:man_t,s0) > >> > >> +/usr/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0) > >> /usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) > >> /usr/share/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) > >> /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) > > > Merged. > > I was wondering whether the above entries should perhaps be added with an ifdef(distro_debian) ? > > They are not the default locations for the OpenSSL project as far as I remember... We decided that if the location is not in use by something else in other distros that it should be added unconditional > Regards, > > Guido > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy