From: pebenito@ieee.org (Chris PeBenito)
Date: Sat, 19 Aug 2017 12:03:45 -0400
Subject: [refpolicy] [PATCH 1/1] Add "/usr/(.*/)?bin(/.*)?" pattern back
In-Reply-To: <20170817062235.21364-1-nicolas.iooss@m4x.org>
References: <20170817062235.21364-1-nicolas.iooss@m4x.org>
Message-ID: <6b08a168-a928-5c17-578e-1d5e97705803@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 08/17/2017 02:22 AM, Nicolas Iooss via refpolicy wrote:
> Commit 2e7553db639b ("Create / to /usr equivalence for bin, sbin, and
> lib, from Russell Coker.") removed from corecommands.fc:
> 
>      /usr/(.*/)?bin(/.*)?    gen_context(system_u:object_r:bin_t,s0)
> 
> Consequently files like /usr/x86_64-w64-mingw32/bin/objdump get labeled
> as usr_t:
> 
>      $ matchpathcon /usr/x86_64-w64-mingw32/bin/objdump
>      /usr/x86_64-w64-mingw32/bin/objdump system_u:object_r:usr_t
> 
> Make such files labeled as bin_t again.
> ---
>   policy/modules/kernel/corecommands.fc | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index ce4218fed6dd..6573d890d941 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -135,6 +135,7 @@ ifdef(`distro_gentoo',`
>   # /usr
>   #
>   /usr/(.*/)?Bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
> +/usr/(.*/)?bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
>   /usr/bin(/.*)?				gen_context(system_u:object_r:bin_t,s0)
>   /usr/bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
>   /usr/bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)

Merged.

-- 
Chris PeBenito