From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Sat, 5 Apr 2014 22:37:45 +0200 Subject: [refpolicy] [PATCH] [RFC] Fix strange file patterns Message-ID: <1396730265-10523-1-git-send-email-nicolas.iooss@m4x.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Some file patterns look very strange, like: /var/log/cluster/.*\.*log I've found such patterns while writing a script that parses the file patterns. Hence I haven't tested if the new file contexts apply to the existing files. For example, this patch changes /var/run/*.fingerd\.pid to /var/run/fingerd\.pid because "/*" seems weird to me, but this also changes the semantic of the pattern. Another possibility which doesn't change the meaning is: /var/run/?.fingerd\.pid I send this patch as an RFC because what I consider abnormal may in fact be something expected or a workaround to fix some bugs I'm not aware of. --- finger.fc | 2 +- rhcs.fc | 2 +- setroubleshoot.fc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/finger.fc b/finger.fc index 843940b..623421d 100644 --- a/finger.fc +++ b/finger.fc @@ -7,4 +7,4 @@ /var/log/cfingerd\.log.* -- gen_context(system_u:object_r:fingerd_log_t,s0) -/var/run/*.fingerd\.pid -- gen_context(system_u:object_r:fingerd_var_run_t,s0) +/var/run/fingerd\.pid -- gen_context(system_u:object_r:fingerd_var_run_t,s0) diff --git a/rhcs.fc b/rhcs.fc index 47de2d6..c619502 100644 --- a/rhcs.fc +++ b/rhcs.fc @@ -14,7 +14,7 @@ /var/lib/qdiskd(/.*)? gen_context(system_u:object_r:qdiskd_var_lib_t,s0) -/var/log/cluster/.*\.*log <> +/var/log/cluster/.*\.log <> /var/log/cluster/dlm_controld\.log.* -- gen_context(system_u:object_r:dlm_controld_var_log_t,s0) /var/log/cluster/fenced\.log.* -- gen_context(system_u:object_r:fenced_var_log_t,s0) /var/log/cluster/gfs_controld\.log.* -- gen_context(system_u:object_r:gfs_controld_var_log_t,s0) diff --git a/setroubleshoot.fc b/setroubleshoot.fc index 0b3a971..e89c06f 100644 --- a/setroubleshoot.fc +++ b/setroubleshoot.fc @@ -1,6 +1,6 @@ /usr/sbin/setroubleshootd -- gen_context(system_u:object_r:setroubleshootd_exec_t,s0) -/usr/share/setroubleshoot/SetroubleshootFixit\.py* -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0) +/usr/share/setroubleshoot/SetroubleshootFixit\.py -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0) /var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0) -- 1.9.1