On Thursday, 26 January 2017 3:41:48 PM AEDT Jason Zaman wrote:
> > > These changes have been tested in Debian and found to give the same
> > > labelling as the policy without this patch in almost all cases. The
> > > exceptions were files where the .fc files in question used one of /bin
> > > or /usr/bin that didn't match what was done in Debian. The small
> > > number of changes to the policy caused by this patch FIXED outstanding
> > > bugs.
> > >
> > > I expect that this won't give any changes to Fedora and it might fix
> > > some bugs for Gentoo and SUSE.
> > >
> > > What it does is remove all duplicates in /bin and /usr/bin etc and uses
> > > a
> > > subs_dist change to make the /usr change not affect policy.
> >
> > I don't have a problem with merging this patch; however, I will delay it
> > at least until after the next release (which is in a few weeks or so).
> > I'd also like to hear from Gentoo people on any impacts this may have.
>
> Sorry its taken so long, I've been busy lately. I will test it on my
> machine soon and get back to you hopefully on the weekend so I get some
> testing in.
It's ok.
> Also Nicolas Iooss did some work recently and has a script that goes
> through to verify that everything in /bin has an equivalent in /usr/bin.
>
> going this subs_dist route would make the fcontexts smaller tho which is
> a plus and less confusion. I just need to be a bit extra careful since
> gentoo is rolling but I dont forsee any issues.
I'd rather have subs_dist than have to run a script against the policy to
verify it.
I've attached a tiny patch with changes I made after sending the first
usrmerge patch.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0170-usrmerge2
Type: text/x-patch
Size: 3330 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20170126/b091b36f/attachment.bin