From: russell@coker.com.au (Russell Coker) Date: Tue, 14 Feb 2017 20:22:14 +1100 Subject: [refpolicy] [PATCH] tiny mon patch Message-ID: <20170214092214.34skcrjynny264h6@athena.coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com When you merged the mon patch you removed the ability for mon_t to execute lib_t files. The following patch re-enables the ability to execute alert scripts. Index: refpolicy-2.20170212/policy/modules/kernel/corecommands.fc =================================================================== --- refpolicy-2.20170212.orig/policy/modules/kernel/corecommands.fc +++ refpolicy-2.20170212/policy/modules/kernel/corecommands.fc @@ -155,6 +155,7 @@ ifdef(`distro_gentoo',` /usr/bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0) /usr/lib/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/lib/mon/alert.d(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/lib/postfix/configure-instance.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0)