From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 9 Oct 2012 09:33:44 -0400 Subject: [refpolicy] [PATCH 2/2] Add Debian locationis for nut executables and configuration files In-Reply-To: <1349785519.30521.11.camel@d30.localdomain> References: <201210091156.q99BuNSD027007@vivaldi11.register.it> <1349785519.30521.11.camel@d30.localdomain> Message-ID: <507427B8.1080909@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/09/12 08:25, Dominick Grift wrote: > > > On Tue, 2012-10-09 at 13:56 +0200, Guido Trentalancia wrote: >>> From: Laurent Bigonville >>> >>> --- >>> nut.fc | 7 +++++++ >>> 1 file changed, 7 insertions(+) >>> >>> diff --git a/nut.fc b/nut.fc >>> index 0a929ef..c6c3632 100644 >>> --- a/nut.fc >>> +++ b/nut.fc >>> @@ -1,6 +1,13 @@ >>> +/etc/nut(/.*)? gen_context(system_u:object_r:nut_conf_t,s0) >> >> [cut] >> >>> + >>> +/usr/lib/cgi-bin/nut/upsimage.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0) >>> +/usr/lib/cgi-bin/nut/upsset.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0) >>> +/usr/lib/cgi-bin/nut/upsstats.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0) >> >> The above three entries should be probably added to httpd.fc rather than here, I think... > > I kind of agree but that is not how it is done unfortunately. Others > were against that. > > So this is right Right. Its an exception needed for using the content template. The fc entries need to go where the types are declared. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com