From: pebenito@ieee.org (Chris PeBenito) Date: Tue, 7 Mar 2017 20:13:50 -0500 Subject: [refpolicy] [PATCH 1/1] Support systems with a single /usr/bin directory In-Reply-To: References: <20170305143659.12026-1-nicolas.iooss@m4x.org> <201703061822.14761.russell@coker.com.au> Message-ID: <3edaac52-76c2-f443-d982-07a6c4cf13d5@ieee.org> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 03/07/17 17:16, Nicolas Iooss via refpolicy wrote: > On Mon, Mar 6, 2017 at 8:22 AM, Russell Coker wrote: >> On Mon, 6 Mar 2017 01:36:59 AM Nicolas Iooss via refpolicy wrote: >>> 4/ Modify the file contexts at build time so that patterns which begin >>> with /usr/sbin are modified to /usr/s?bin/... I have been using >>> /usr/s?bin patterns for several years without experiencing issues so >>> this would work, with the same fix as described in the previous option. >>> >>> 5/ Move everything under /usr/bin and introduce "/usr/sbin /usr/bin" in >>> config/file_contexts.subs_dist. >>> >>> As option 4 is the simplest to implement, do this when the new >>> SINGLE_USR_BIN variable is activated in build.conf. >> >> Option 5 is quite easy to implement, it's a lot easier than the "usr merge" >> patch I wrote. Option 4 doesn't seem to be such an easy option, I'll take >> your word for it that it's not so hard, but I doubt it could be easier than >> option 5. > > Option 4 is what my patch implements: it runs "sed > 's:^/usr/sbin:/usr/s?bin:'" when generating tmp/....mod.fc files. I > said it was simple mainly because the patch that implements it is > quite small. > >> What do you think will happen with other distributions in this regard? If >> they will do it too then option 5 would be the obvious correct solution. > > I have not heard anything about projects to merge /usr/sbin with > /usr/bin in any other distribution than Arch Linux-based ones and Arch > Linux has done it nearly 4 years ago > (https://www.archlinux.org/news/binaries-move-to-usrbin-requiring-update-intervention/). > As I expect such a change to be handled like the /usr merge (with an > announcement so that packages get updated), I believe it will not > happen in the near future. I've been wondering about #5 myself. A lot of the differences between bin and sbin seem to be very arbitrary. I don't think there's anything to gain by treating them separately. -- Chris PeBenito