From: nicolas.iooss@m4x.org (Nicolas Iooss) Date: Tue, 7 Mar 2017 23:16:28 +0100 Subject: [refpolicy] [PATCH 1/1] Support systems with a single /usr/bin directory In-Reply-To: <201703061822.14761.russell@coker.com.au> References: <20170305143659.12026-1-nicolas.iooss@m4x.org> <201703061822.14761.russell@coker.com.au> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, Mar 6, 2017 at 8:22 AM, Russell Coker wrote: > On Mon, 6 Mar 2017 01:36:59 AM Nicolas Iooss via refpolicy wrote: >> 4/ Modify the file contexts at build time so that patterns which begin >> with /usr/sbin are modified to /usr/s?bin/... I have been using >> /usr/s?bin patterns for several years without experiencing issues so >> this would work, with the same fix as described in the previous option. >> >> 5/ Move everything under /usr/bin and introduce "/usr/sbin /usr/bin" in >> config/file_contexts.subs_dist. >> >> As option 4 is the simplest to implement, do this when the new >> SINGLE_USR_BIN variable is activated in build.conf. > > Option 5 is quite easy to implement, it's a lot easier than the "usr merge" > patch I wrote. Option 4 doesn't seem to be such an easy option, I'll take > your word for it that it's not so hard, but I doubt it could be easier than > option 5. Option 4 is what my patch implements: it runs "sed 's:^/usr/sbin:/usr/s?bin:'" when generating tmp/....mod.fc files. I said it was simple mainly because the patch that implements it is quite small. > What do you think will happen with other distributions in this regard? If > they will do it too then option 5 would be the obvious correct solution. I have not heard anything about projects to merge /usr/sbin with /usr/bin in any other distribution than Arch Linux-based ones and Arch Linux has done it nearly 4 years ago (https://www.archlinux.org/news/binaries-move-to-usrbin-requiring-update-intervention/). As I expect such a change to be handled like the /usr merge (with an announcement so that packages get updated), I believe it will not happen in the near future. Cheers, Nicolas