From: pebenito@ieee.org (Chris PeBenito)
Date: Tue, 6 Jun 2017 20:09:56 -0400
Subject: [refpolicy] [PATCH] system/miscfiles: Also accept the path
 /usr/share/postgresql-$version
In-Reply-To: <20170605204734.24670-1-aranea@aixah.de>
References: <20170605204734.24670-1-aranea@aixah.de>
Message-ID: <5ccf98c0-6d65-0594-1d5d-172d2ada3f1f@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 06/05/2017 04:47 PM, Luis Ressel via refpolicy wrote:
> Currently, miscfiles.fc expects postgresql's files to sit in
> /usr/share/postgresql/, but gentoo uses /usr/share/postgresql-$version/.
>
> services/postgresql.fc already recognizes similarily versioned dirs in
> /usr/lib/.
> ---
>  policy/modules/system/miscfiles.fc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
> index fb7e7b20..b17f8a6f 100644
> --- a/policy/modules/system/miscfiles.fc
> +++ b/policy/modules/system/miscfiles.fc
> @@ -56,7 +56,7 @@ ifdef(`distro_redhat',`
>  /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0)
>  /usr/share/locale(/.*)?		gen_context(system_u:object_r:locale_t,s0)
>  /usr/share/man(/.*)?		gen_context(system_u:object_r:man_t,s0)
> -/usr/share/postgresql/[^/]*/man(/.*)?      gen_context(system_u:object_r:man_t,s0)
> +/usr/share/postgresql/?[^/]*/man(/.*)?	gen_context(system_u:object_r:man_t,s0)
>  /usr/share/X11/locale(/.*)?	gen_context(system_u:object_r:locale_t,s0)
>  /usr/share/zoneinfo(/.*)?	gen_context(system_u:object_r:locale_t,s0)

I wonder if it makes more sense to generalize this by changing 
/usr/man(/.*)? to /usr/(.*/)?man(/.*)? instead.

-- 
Chris PeBenito