From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Tue, 8 Apr 2014 16:21:12 +0200 Subject: [refpolicy] [PATCH] [RFC] Fix strange file patterns In-Reply-To: <1396730265-10523-1-git-send-email-nicolas.iooss@m4x.org> References: <1396730265-10523-1-git-send-email-nicolas.iooss@m4x.org> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com I'm OK with the changes. I am not aware of a finger implementation that uses a single character prefix to "fingerd" that would match the expression as well. With kind regard, Sven Vermeulen On Apr 5, 2014 10:38 PM, "Nicolas Iooss" wrote: > Some file patterns look very strange, like: > > /var/log/cluster/.*\.*log > > I've found such patterns while writing a script that parses the file > patterns. > Hence I haven't tested if the new file contexts apply to the existing > files. > For example, this patch changes > > /var/run/*.fingerd\.pid > > to > > /var/run/fingerd\.pid > > because "/*" seems weird to me, but this also changes the semantic of the > pattern. Another possibility which doesn't change the meaning is: > > /var/run/?.fingerd\.pid > > I send this patch as an RFC because what I consider abnormal may in fact be > something expected or a workaround to fix some bugs I'm not aware of. > --- > finger.fc | 2 +- > rhcs.fc | 2 +- > setroubleshoot.fc | 2 +- > 3 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/finger.fc b/finger.fc > index 843940b..623421d 100644 > --- a/finger.fc > +++ b/finger.fc > @@ -7,4 +7,4 @@ > > /var/log/cfingerd\.log.* -- > gen_context(system_u:object_r:fingerd_log_t,s0) > > -/var/run/*.fingerd\.pid -- > gen_context(system_u:object_r:fingerd_var_run_t,s0) > +/var/run/fingerd\.pid -- > gen_context(system_u:object_r:fingerd_var_run_t,s0) > diff --git a/rhcs.fc b/rhcs.fc > index 47de2d6..c619502 100644 > --- a/rhcs.fc > +++ b/rhcs.fc > @@ -14,7 +14,7 @@ > > /var/lib/qdiskd(/.*)? gen_context(system_u:object_r:qdiskd_var_lib_t,s0) > > -/var/log/cluster/.*\.*log <> > +/var/log/cluster/.*\.log <> > /var/log/cluster/dlm_controld\.log.* -- > gen_context(system_u:object_r:dlm_controld_var_log_t,s0) > /var/log/cluster/fenced\.log.* -- > gen_context(system_u:object_r:fenced_var_log_t,s0) > /var/log/cluster/gfs_controld\.log.* -- > gen_context(system_u:object_r:gfs_controld_var_log_t,s0) > diff --git a/setroubleshoot.fc b/setroubleshoot.fc > index 0b3a971..e89c06f 100644 > --- a/setroubleshoot.fc > +++ b/setroubleshoot.fc > @@ -1,6 +1,6 @@ > /usr/sbin/setroubleshootd -- > gen_context(system_u:object_r:setroubleshootd_exec_t,s0) > > -/usr/share/setroubleshoot/SetroubleshootFixit\.py* -- > gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0) > +/usr/share/setroubleshoot/SetroubleshootFixit\.py -- > gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0) > > /var/run/setroubleshoot(/.*)? > gen_context(system_u:object_r:setroubleshoot_var_run_t,s0) > > -- > 1.9.1 > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20140408/f0dbccb1/attachment.html