From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 7 Feb 2017 18:44:11 -0500 Subject: [refpolicy] [PATCH] usrmerge2 In-Reply-To: <4402118.3Y8vQpSpZU@russell.coker.com.au> References: <20170110073005.zagcy5zo3dus3bgn@athena.coker.com.au> <735b11bb-58f4-84d3-6fbe-b19169e033e4@ieee.org> <4402118.3Y8vQpSpZU@russell.coker.com.au> Message-ID: <546ae3f6-3f70-1cb9-53b0-8d71c581392e@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 02/05/17 05:05, Russell Coker wrote: > On Saturday, 4 February 2017 3:20:07 PM AEDT Chris PeBenito wrote: >> I've merged this, but moved lines to their proper places. I found more >> duplicates to remove. I also found some modules_object_t lines that >> have incorrectly been in the files module for a long time. > > Great! > > I've just attached a patch that fixes some minor issues related to usrmerge > that I discovered after sending the initial patch. I think I sent the second > patch to the list before, but you are better with this one as it's against the > latest git. Merged, though I moved some lines around. > diff -ru /home/rjc/src/pol-git/policy/modules/kernel/corecommands.fc /tmp/pol-git/policy/modules/kernel/corecommands.fc > --- /home/rjc/src/pol-git/policy/modules/kernel/corecommands.fc 2017-02-05 20:57:06.659564895 +1100 > +++ /tmp/pol-git/policy/modules/kernel/corecommands.fc 2017-02-05 20:59:39.719756827 +1100 > @@ -247,7 +247,7 @@ > > /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) > > -/usr/local/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) > +/usr/local/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) > /usr/local/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) > /usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0) > /usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0) > @@ -261,6 +261,7 @@ > /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) > /usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0) > > +/usr/share/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) > /usr/share/ajaxterm/ajaxterm.py.* -- gen_context(system_u:object_r:bin_t,s0) > /usr/share/ajaxterm/qweb.py.* -- gen_context(system_u:object_r:bin_t,s0) > /usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0) > diff -ru /home/rjc/src/pol-git/policy/modules/services/xserver.fc /tmp/pol-git/policy/modules/services/xserver.fc > --- /home/rjc/src/pol-git/policy/modules/services/xserver.fc 2017-01-04 21:16:43.475711829 +1100 > +++ /tmp/pol-git/policy/modules/services/xserver.fc 2017-02-05 21:00:45.449564423 +1100 > @@ -61,10 +61,14 @@ > # /usr > # > > -/usr/s?bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > -/usr/s?bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) > -/usr/s?bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > -/usr/s?bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/bin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/bin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/bin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/bin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/sbin/gdm(3)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/sbin/gdm-binary -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/sbin/lxdm(-binary)? -- gen_context(system_u:object_r:xdm_exec_t,s0) > +/usr/sbin/[xkw]dm -- gen_context(system_u:object_r:xdm_exec_t,s0) > /usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0) > /usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0) > /usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0) > diff -ru /home/rjc/src/pol-git/policy/modules/system/sysnetwork.fc /tmp/pol-git/policy/modules/system/sysnetwork.fc > --- /home/rjc/src/pol-git/policy/modules/system/sysnetwork.fc 2017-02-05 20:57:06.671565222 +1100 > +++ /tmp/pol-git/policy/modules/system/sysnetwork.fc 2017-02-05 21:01:59.223593018 +1100 > @@ -39,6 +39,7 @@ > /usr/sbin/dhclient.* -- gen_context(system_u:object_r:dhcpc_exec_t,s0) > /usr/sbin/dhcdbd -- gen_context(system_u:object_r:dhcpc_exec_t,s0) > /usr/sbin/dhcpcd -- gen_context(system_u:object_r:dhcpc_exec_t,s0) > +/usr/sbin/dhcp6c -- gen_context(system_u:object_r:dhcpc_exec_t,s0) > /usr/sbin/ethtool -- gen_context(system_u:object_r:ifconfig_exec_t,s0) > /usr/sbin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) > /usr/sbin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0) -- Chris PeBenito