From: dominick.grift@gmail.com (Dominick Grift) Date: Tue, 09 Oct 2012 14:25:19 +0200 Subject: [refpolicy] [PATCH 2/2] Add Debian locationis for nut executables and configuration files In-Reply-To: <201210091156.q99BuNSD027007@vivaldi11.register.it> References: <201210091156.q99BuNSD027007@vivaldi11.register.it> Message-ID: <1349785519.30521.11.camel@d30.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, 2012-10-09 at 13:56 +0200, Guido Trentalancia wrote: > > From: Laurent Bigonville > > > > --- > > nut.fc | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/nut.fc b/nut.fc > > index 0a929ef..c6c3632 100644 > > --- a/nut.fc > > +++ b/nut.fc > > @@ -1,6 +1,13 @@ > > +/etc/nut(/.*)? gen_context(system_u:object_r:nut_conf_t,s0) > > [cut] > > > + > > +/usr/lib/cgi-bin/nut/upsimage.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0) > > +/usr/lib/cgi-bin/nut/upsset.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0) > > +/usr/lib/cgi-bin/nut/upsstats.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0) > > The above three entries should be probably added to httpd.fc rather than here, I think... I kind of agree but that is not how it is done unfortunately. Others were against that. So this is right > > /usr/sbin/upsd -- gen_context(system_u:object_r:nut_upsd_exec_t,s0) > > /usr/sbin/upsmon -- gen_context(system_u:object_r:nut_upsmon_exec_t,s0) > > -- > > 1.7.10.4 >