[Freeipa-devel] [freeipa PR#6028][opened] selinux: Fix file context definition for /var/run

Wed, 22 Sep 2021 04:53:49 -0700 

   URL: https://github.com/freeipa/freeipa/pull/6028
Author: vmojzis
 Title: #6028: selinux: Fix file context definition for /var/run
Action: opened

PR body:
"""
There is a file context equivalence rule assigning /run the same
contexts as /var/run. Because of it it's necessary to use /var/run
instead of /run in file context definitions.

See:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#File_contexts_and_equivalency_rules

Signed-off-by: Vit Mojzis <vmoj...@redhat.com>
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6028/head:pr6028
git checkout pr6028

From eb9dd7a2317bdf75a4580c1ce3f2ed33b51b1d35 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmoj...@redhat.com>
Date: Wed, 22 Sep 2021 13:48:07 +0200
Subject: [PATCH] selinux: Fix file context definition for /var/run

There is a file context equivalence rule assigning /run the same
contexts as /var/run. Because of it it's necessary to use /var/run
instead of /run in file context definitions.

See:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#File_contexts_and_equivalency_rules

Signed-off-by: Vit Mojzis <vmoj...@redhat.com>
---
 selinux/ipa.fc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selinux/ipa.fc b/selinux/ipa.fc
index 1176f383cd4..f6e3f673228 100644
--- a/selinux/ipa.fc
+++ b/selinux/ipa.fc
@@ -23,7 +23,7 @@
 
 /var/log/ipareplica-conncheck.log.*	--	gen_context(system_u:object_r:ipa_log_t,s0)
 
-/run/ipa(/.*)?              gen_context(system_u:object_r:ipa_var_run_t,s0)
+/var/run/ipa(/.*)?              gen_context(system_u:object_r:ipa_var_run_t,s0)
 
 /usr/libexec/ipa/ipa-custodia					--	gen_context(system_u:object_r:ipa_custodia_exec_t,s0)
 /usr/libexec/ipa/custodia/ipa-custodia-dmldap			--	gen_context(system_u:object_r:ipa_custodia_dmldap_exec_t,s0)

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to