From: dac.override@gmail.com (Dominick Grift) Date: Tue, 4 Apr 2017 09:53:56 +0200 Subject: [refpolicy] [PATCH] misc fc changes In-Reply-To: <201704041749.35398.russell@coker.com.au> References: <20170402085805.2zlddx2evzcgxgop@athena.coker.com.au> <20170404073248.GB10685@t450.enp8s0.d30> <201704041749.35398.russell@coker.com.au> Message-ID: <20170404075356.GD10685@t450.enp8s0.d30> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, Apr 04, 2017 at 05:49:35PM +1000, Russell Coker wrote: > On Tue, 4 Apr 2017 05:32:48 PM Dominick Grift via refpolicy wrote: > > > +/etc/network/if-pre-up.d/.* > > > -- gen_context(system_u:object_r:initrc_exec_t,s0) > > > +/etc/network/if-up.d/.* > > > -- gen_context(system_u:object_r:initrc_exec_t,s0) > > > +/etc/network/if-down.d/.* > > > -- gen_context(system_u:object_r:initrc_exec_t,s0) > > > +/etc/network/if-post-down.d/.* -- > > > gen_context(system_u:object_r:initrc_exec_t,s0) > > > > I would probably use bin_t here if possible but regardless: you might want > > to escape the periods there to avoid possible regex issues later on > > If bin_t was used then we wouldn't get the domain transitions needed to start > daemons in the correct context. > > If at some future time we have something like a /etc/network/if-up-d directory > then we probably want the same context for the files it contains. As for escaping the periods: i mean this (for example): /etc/network/if-pre-up\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) if you do not escape the period then the period might be misinterpreted later on > > -- > My Main Blog http://etbe.coker.com.au/ > My Documents Blog http://doc.coker.com.au/ -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 659 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170404/22e1cc1b/attachment-0001.bin