From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Thu, 15 Aug 2013 20:15:09 +0200
Subject: [refpolicy] [PATCH 1/3] Add aide bin /usr/bin and mark /var/lib/aide
In-Reply-To: <1376590511-7480-1-git-send-email-sven.vermeulen@siphos.be>
References: <1376590511-7480-1-git-send-email-sven.vermeulen@siphos.be>
Message-ID: <1376590511-7480-2-git-send-email-sven.vermeulen@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

In Gentoo, the aide binary is at /usr/bin/aide.

Also, the /var/lib/aide directory itself is best labeled as aide_db_t as well to
allow aide to handle its contents.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 aide.fc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/aide.fc b/aide.fc
index df6e4d0..6037ccc 100644
--- a/aide.fc
+++ b/aide.fc
@@ -1,6 +1,7 @@
+/usr/bin/aide	--	gen_context(system_u:object_r:aide_exec_t,mls_systemhigh)
 /usr/sbin/aide	--	gen_context(system_u:object_r:aide_exec_t,mls_systemhigh)
 
-/var/lib/aide(/.*)	gen_context(system_u:object_r:aide_db_t,mls_systemhigh)
+/var/lib/aide(/.*)?	gen_context(system_u:object_r:aide_db_t,mls_systemhigh)
 
 /var/log/aide(/.*)?	gen_context(system_u:object_r:aide_log_t,mls_systemhigh)
 /var/log/aide\.log	--	gen_context(system_u:object_r:aide_log_t,mls_systemhigh)
-- 
1.8.1.5