From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 6 Apr 2017 16:58:24 -0400
Subject: [refpolicy] [PATCH] misc fc changes again
In-Reply-To: <CAJ2a_Dd-wJaAvUJBM3HB9iJ2WtpJPOfiEG765tACNL4NguyaoA@mail.gmail.com>
References: <20170405042415.2rrwzlifetkasgbo@athena.coker.com.au>
	<CAJ2a_Dd-wJaAvUJBM3HB9iJ2WtpJPOfiEG765tACNL4NguyaoA@mail.gmail.com>
Message-ID: <75bd6c89-f2ed-ca74-2c4a-ef5383e02850@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/05/2017 02:21 PM, cgzones via refpolicy wrote:
> 2017-04-05 6:24 GMT+02:00 Russell Coker via refpolicy
> <refpolicy@oss.tresys.com>:

>> --- refpolicy-2.20170402.orig/policy/modules/kernel/files.fc
>> +++ refpolicy-2.20170402/policy/modules/kernel/files.fc
>> @@ -215,6 +215,7 @@ HOME_ROOT/lost\+found/.*    <<none>>
>>  ifdef(`distro_debian',`
>>  # on Debian /lib/init/rw is a tmpfs used like /run
>>  /usr/lib/init/rw(/.*)?         gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
>> +/run/resolvconf(/.*)? -d       gen_context(system_u:object_r:etc_t,s0)

This only mentions the directories, which I think should remain etc_t, 
whereas below it only matches the files, so the files remain net_conf_t. 
  I think this is ok.


> in sysnetwork.fc there is an entry:
> /run/resolvconf/.* -- gen_context(system_u:object_r:net_conf_t,s0)
> this seems a bit inconvenient



-- 
Chris PeBenito