From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Sat, 8 Aug 2015 13:16:24 +0200 Subject: [refpolicy] apr build tools In-Reply-To: <20150808125303.52818256@gentp.lnet> References: <20150808125303.52818256@gentp.lnet> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com The corecommands one is actually the place that refpolicy requires. In Gentoo we allow types of the base policy to be used in modular .fc files so that everything related to a module stays within that module. Apr is a special case though. I thought it was apache specific but I have been proven wrong on that. Wkr, Sven Vermeulen On Aug 8, 2015 12:53 PM, "Luis Ressel" wrote: > The Apache Portable Runtime (apr.apache.org), used by their httpd and > various other packages, installs some build tools > to /usr/share/build-1/, among them the two shell scripts "libtool" and > "mkdir.sh". These need a bin_t context. > > In the gentoo policy, we mark them as such in contrib/apache.fc and > kernel/corecommands.fc. I'd like to move those markings to refpolicy, > but I'm not sure which *.fc is appropriate (I'd prefer something like > corecommands.fc which ends up in the base policy; it shouldn't be in > the apache module because the APR and these build scripts are used by > some programs which don't depend on a locally running httpd and > therefore shouldn't require the apache policy). I guess corecommands.fc > is an acceptable place? > > > Regards, > Luis Ressel > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.tresys.com/pipermail/refpolicy/attachments/20150808/3cb40a09/attachment.html