From: aranea@aixah.de (Luis Ressel) Date: Wed, 7 Jun 2017 14:15:42 +0200 Subject: [refpolicy] [PATCH] system/miscfiles: Generalize the man_t fc's Message-ID: <20170607121542.9992-1-aranea@aixah.de> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com This won't match subdirectories of /usr/lib, but that shouldn't be a problem, since we have "allow domain lib_t ..." anyway. --- policy/modules/system/miscfiles.fc | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc index fb7e7b20..1f155d59 100644 --- a/policy/modules/system/miscfiles.fc +++ b/policy/modules/system/miscfiles.fc @@ -37,26 +37,21 @@ ifdef(`distro_redhat',` # # /usr # +/usr/(.*/)?man(/.*)? gen_context(system_u:object_r:man_t,s0) + /usr/lib/locale(/.*)? gen_context(system_u:object_r:locale_t,s0) /usr/lib/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0) /usr/local/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0) -/usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0) -/usr/local/share/man(/.*)? gen_context(system_u:object_r:man_t,s0) - /usr/local/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) -/usr/man(/.*)? gen_context(system_u:object_r:man_t,s0) - /usr/share/ca-certificates(/.*)? gen_context(system_u:object_r:cert_t,s0) /usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) /usr/share/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) /usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) /usr/share/locale(/.*)? gen_context(system_u:object_r:locale_t,s0) -/usr/share/man(/.*)? gen_context(system_u:object_r:man_t,s0) -/usr/share/postgresql/[^/]*/man(/.*)? gen_context(system_u:object_r:man_t,s0) /usr/share/X11/locale(/.*)? gen_context(system_u:object_r:locale_t,s0) /usr/share/zoneinfo(/.*)? gen_context(system_u:object_r:locale_t,s0) @@ -65,8 +60,6 @@ ifdef(`distro_redhat',` /usr/X11R6/lib/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) -/usr/X11R6/man(/.*)? gen_context(system_u:object_r:man_t,s0) - ifdef(`distro_gentoo',` /usr/share/misc/(pci|usb)\.ids -- gen_context(system_u:object_r:hwdata_t,s0) ') -- 2.13.1