From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 8 Jul 2014 08:55:32 -0400
Subject: [refpolicy] [PATCH] Label /lib symlink as lib_t for every distro
In-Reply-To: <1404578126-15295-1-git-send-email-nicolas.iooss@m4x.org>
References: <1404578126-15295-1-git-send-email-nicolas.iooss@m4x.org>
Message-ID: <53BBEA44.104@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 7/5/2014 12:35 PM, Nicolas Iooss wrote:
> As in Debian, Gentoo and Arch Linux /lib may be a symlink, move its file
> context definition outside of ifdef blocks.

Merged.



> ---
>  policy/modules/system/libraries.fc | 9 +--------
>  1 file changed, 1 insertion(+), 8 deletions(-)
> 
> diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
> index bea3bdf..b532946 100644
> --- a/policy/modules/system/libraries.fc
> +++ b/policy/modules/system/libraries.fc
> @@ -36,19 +36,12 @@ ifdef(`distro_redhat',`
>  # /lib(64)?
>  #
>  /lib					-d	gen_context(system_u:object_r:lib_t,s0)
> +/lib					-l	gen_context(system_u:object_r:lib_t,s0)
>  /lib/.*						gen_context(system_u:object_r:lib_t,s0)
>  /lib/ld-[^/]*\.so(\.[^/]*)*		--	gen_context(system_u:object_r:ld_so_t,s0)
>  
>  /lib/security/pam_poldi\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
>  
> -ifdef(`distro_debian',`
> -/lib					-l	gen_context(system_u:object_r:lib_t,s0)
> -')
> -
> -ifdef(`distro_gentoo',`
> -/lib					-l	gen_context(system_u:object_r:lib_t,s0)
> -')
> -
>  #
>  # /opt
>  #
> 

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com