From: pebenito@ieee.org (Chris PeBenito)
Date: Wed, 15 Feb 2017 18:52:29 -0500
Subject: [refpolicy] [PATCH] tiny mon patch
In-Reply-To: <20170214092214.34skcrjynny264h6@athena.coker.com.au>
References: <20170214092214.34skcrjynny264h6@athena.coker.com.au>
Message-ID: <e0036fa5-5ea0-b524-abbb-43b12679d711@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 02/14/17 04:22, Russell Coker via refpolicy wrote:
> When you merged the mon patch you removed the ability for mon_t to execute
> lib_t files.
>
> The following patch re-enables the ability to execute alert scripts.
>
> Index: refpolicy-2.20170212/policy/modules/kernel/corecommands.fc
> ===================================================================
> --- refpolicy-2.20170212.orig/policy/modules/kernel/corecommands.fc
> +++ refpolicy-2.20170212/policy/modules/kernel/corecommands.fc
> @@ -155,6 +155,7 @@ ifdef(`distro_gentoo',`
>  /usr/bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
>
>  /usr/lib/(.*/)?bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib/mon/alert.d(/.*)?		gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib/postfix/configure-instance.sh -- gen_context(system_u:object_r:bin_t,s0)
>
>  /usr/(.*/)?sbin(/.*)?			gen_context(system_u:object_r:bin_t,s0)

Merged, though I moved the line.

-- 
Chris PeBenito