[refpolicy] [PATCH 1/1] Update file contexts for xfce4 helper applications

Christopher J. PeBenito cpebenito at tresys.com
Wed Aug 24 08:03:34 CDT 2011 

On 08/23/11 06:51, Sven Vermeulen wrote:
> Many XFCE4 helper applications are located in /usr/lib locations. This patch
> marks those helpers as bin_t.
> 
> Recursively marking the directories bin_t does not work properly as these
> locations also contain actual libraries.
> 
> Signed-off-by: Sven Vermeulen <sven.vermeulen at siphos.be>
> ---
>  policy/modules/kernel/corecommands.fc |    9 +++++++++
>  1 files changed, 9 insertions(+), 0 deletions(-)
> 
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index 3fae11a..54caebe 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -226,6 +226,15 @@ ifdef(`distro_gentoo',`
>  /usr/lib(64)?/rpm/rpmv		-- 	gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib(64)?/sftp-server	--	gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib(64)?/vte/gnome-pty-helper --	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/session/xfsm-shutdown-helper	--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/session/balou-export-theme	--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/session/balou-install-theme	--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/xfwm4/helper-dialog		--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/xfconf/xfconfd	--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/panel/wrapper	--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/panel/migrate	--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/exo-1/exo-helper-1	--	gen_context(system_u:object_r:bin_t,s0)
> +/usr/lib(64)?/xfce4/exo-1/exo-compose-mail-1	--	gen_context(system_u:object_r:bin_t,s0
>  
>  /usr/lib(64)?/debug/bin(/.*)?	--	gen_context(system_u:object_r:bin_t,s0)
>  /usr/lib(64)?/debug/sbin(/.*)? --	gen_context(system_u:object_r:bin_t,s0)

Merged.  I rearraged the lines and fixed the last context as its missing
a ")".

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

More information about the refpolicy mailing list