From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 8 Jul 2014 08:55:29 -0400
Subject: [refpolicy] [PATCH] ftp: fix labels in /var/lock/subsys/
In-Reply-To: <1404578549-19912-1-git-send-email-nicolas.iooss@m4x.org>
References: <1404578549-19912-1-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <53BBEA41.5010507@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 7/5/2014 12:42 PM, Nicolas Iooss wrote:
> In the pattern "/var/lock/subsys/*.ftpd", the star is applied to the
> slash instead to the dot.  This means that the pattern matches these
> files:
> 
> * "Xftpd" in "/var/lock/subsys/" (where X is whatever character)
> * "subsysXftpd" in "/var/lock/" (where X is whatever character)
> 
> "/var/lock/subsys/vsftpd", which has been used by vsftpd, is therefore
> not matched by the pattern.
> 
> As "*." looks like a typo, this patch replaces it with ".*".

Merged.


> ---
>  ftp.fc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ftp.fc b/ftp.fc
> index ddb75c1..fa132af 100644
> --- a/ftp.fc
> +++ b/ftp.fc
> @@ -19,7 +19,7 @@
>  
>  /usr/libexec/webmin/vsftpd/webalizer/xfer_log	--	gen_context(system_u:object_r:xferlog_t,s0)
>  
> -/var/lock/subsys/*.ftpd	--	gen_context(system_u:object_r:ftpd_lock_t,s0)
> +/var/lock/subsys/.*ftpd	--	gen_context(system_u:object_r:ftpd_lock_t,s0)
>  
>  /var/log/muddleftpd\.log.*	--	gen_context(system_u:object_r:xferlog_t,s0)
>  /var/log/proftpd(/.*)?	gen_context(system_u:object_r:xferlog_t,s0)
> 

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com