From: bigon@debian.org (Laurent Bigonville)
Date: Mon,  3 Mar 2014 23:59:24 +0100
Subject: [refpolicy] [PATCH 1/2] Properly label git-shell and other git
	commands for Debian
Message-ID: <1393887565-1285-1-git-send-email-bigon@debian.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Laurent Bigonville <bigon@bigon.be>

---
 policy/modules/kernel/corecommands.fc | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index e100be3..acc9ddc 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -210,6 +210,8 @@ ifdef(`distro_gentoo',`
 /usr/lib/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/emacsen-common/.*		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/gimp/.*/plug-ins(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/git-core/git-shell	--	gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/lib/git-core(/.*)		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/gnome-settings-daemon/.* --	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/gvfs/.*		--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/ipsec/.*		--	gen_context(system_u:object_r:bin_t,s0)
-- 
1.9.0