From: nicolas.iooss@m4x.org (Nicolas Iooss)
Date: Thu, 17 Aug 2017 08:22:35 +0200
Subject: [refpolicy] [PATCH 1/1] Add "/usr/(.*/)?bin(/.*)?" pattern back
Message-ID: <20170817062235.21364-1-nicolas.iooss@m4x.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Commit 2e7553db639b ("Create / to /usr equivalence for bin, sbin, and
lib, from Russell Coker.") removed from corecommands.fc:

    /usr/(.*/)?bin(/.*)?    gen_context(system_u:object_r:bin_t,s0)

Consequently files like /usr/x86_64-w64-mingw32/bin/objdump get labeled
as usr_t:

    $ matchpathcon /usr/x86_64-w64-mingw32/bin/objdump
    /usr/x86_64-w64-mingw32/bin/objdump system_u:object_r:usr_t

Make such files labeled as bin_t again.
---
 policy/modules/kernel/corecommands.fc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index ce4218fed6dd..6573d890d941 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -135,6 +135,7 @@ ifdef(`distro_gentoo',`
 # /usr
 #
 /usr/(.*/)?Bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
+/usr/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/bin(/.*)?				gen_context(system_u:object_r:bin_t,s0)
 /usr/bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
 /usr/bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
-- 
2.14.1