From: lvrabec@redhat.com (Lukas Vrabec) Date: Tue, 2 Aug 2016 16:19:40 +0200 Subject: [refpolicy] [PATCH] Systemd by version 231 starts using shared library and systemd daemons execute it. For this reason lib_t type is needed. In-Reply-To: <5B451C0C-3171-4A5C-8E3A-64803CB1386F@coker.com.au> References: <1469923074-7498-1-git-send-email-lvrabec@redhat.com> <5B451C0C-3171-4A5C-8E3A-64803CB1386F@coker.com.au> Message-ID: <6cb7506e-4258-dd88-eca1-420f1059b99f@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 07/31/2016 04:55 AM, Russell Coker wrote: > 231 is the version number. Needs a numeric regex so the next version doesn't break. > > On 31 July 2016 9:57:54 AM AEST, Lukas Vrabec wrote: >> --- >> policy/modules/system/libraries.fc | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/policy/modules/system/libraries.fc >> b/policy/modules/system/libraries.fc >> index b532946..c4971ab 100644 >> --- a/policy/modules/system/libraries.fc >> +++ b/policy/modules/system/libraries.fc >> @@ -148,6 +148,8 @@ ifdef(`distro_debian',` >> /usr/lib/nvidia/libGL(core)?\.so(\.[^/]*)* >> -- gen_context(system_u:object_r:textrel_shlib_t,s0) >> /usr/lib/xorg/modules/glesx\.so(\.[^/]*)* >> -- gen_context(system_u:object_r:textrel_shlib_t,s0) >> >> +/usr/lib/systemd/libsystemd-shared-231\.so.* -- >> gen_context(system_u:object_r:lib_t,s0) >> + >> /usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:lib_t,s0) >> /usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) >> /usr/(local/)?lib(64)?/(sse2/)?libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) > Yes. You are right. I'll send new patch. -- Lukas Vrabec SELinux Solutions Red Hat, Inc.