From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 11 Apr 2014 11:24:12 -0400 Subject: [refpolicy] [PATCH] [RFC] Fix strange file patterns In-Reply-To: <1396730265-10523-1-git-send-email-nicolas.iooss@m4x.org> References: <1396730265-10523-1-git-send-email-nicolas.iooss@m4x.org> Message-ID: <5348091C.9040109@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/05/2014 04:37 PM, Nicolas Iooss wrote: > Some file patterns look very strange, like: > > /var/log/cluster/.*\.*log > > I've found such patterns while writing a script that parses the file patterns. > Hence I haven't tested if the new file contexts apply to the existing files. > For example, this patch changes > > /var/run/*.fingerd\.pid > > to > > /var/run/fingerd\.pid > > because "/*" seems weird to me, but this also changes the semantic of the > pattern. Another possibility which doesn't change the meaning is: > > /var/run/?.fingerd\.pid > > I send this patch as an RFC because what I consider abnormal may in fact be > something expected or a workaround to fix some bugs I'm not aware of. Merged. > --- > finger.fc | 2 +- > rhcs.fc | 2 +- > setroubleshoot.fc | 2 +- > 3 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/finger.fc b/finger.fc > index 843940b..623421d 100644 > --- a/finger.fc > +++ b/finger.fc > @@ -7,4 +7,4 @@ > > /var/log/cfingerd\.log.* -- gen_context(system_u:object_r:fingerd_log_t,s0) > > -/var/run/*.fingerd\.pid -- gen_context(system_u:object_r:fingerd_var_run_t,s0) > +/var/run/fingerd\.pid -- gen_context(system_u:object_r:fingerd_var_run_t,s0) > diff --git a/rhcs.fc b/rhcs.fc > index 47de2d6..c619502 100644 > --- a/rhcs.fc > +++ b/rhcs.fc > @@ -14,7 +14,7 @@ > > /var/lib/qdiskd(/.*)? gen_context(system_u:object_r:qdiskd_var_lib_t,s0) > > -/var/log/cluster/.*\.*log <> > +/var/log/cluster/.*\.log <> > /var/log/cluster/dlm_controld\.log.* -- gen_context(system_u:object_r:dlm_controld_var_log_t,s0) > /var/log/cluster/fenced\.log.* -- gen_context(system_u:object_r:fenced_var_log_t,s0) > /var/log/cluster/gfs_controld\.log.* -- gen_context(system_u:object_r:gfs_controld_var_log_t,s0) > diff --git a/setroubleshoot.fc b/setroubleshoot.fc > index 0b3a971..e89c06f 100644 > --- a/setroubleshoot.fc > +++ b/setroubleshoot.fc > @@ -1,6 +1,6 @@ > /usr/sbin/setroubleshootd -- gen_context(system_u:object_r:setroubleshootd_exec_t,s0) > > -/usr/share/setroubleshoot/SetroubleshootFixit\.py* -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0) > +/usr/share/setroubleshoot/SetroubleshootFixit\.py -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0) > > /var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0) > > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com