[Freeipa-devel] [freeipa PR#6029][opened] [Backport][ipa-4-9] selinux: Fix file context definition for /var/run

Mon, 27 Sep 2021 07:03:26 -0700 

   URL: https://github.com/freeipa/freeipa/pull/6029
Author: rcritten
 Title: #6029: [Backport][ipa-4-9] selinux: Fix file context definition for 
/var/run
Action: opened

PR body:
"""
This PR was opened automatically because PR #6028 was pushed to master and 
backport to ipa-4-9 is required.
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/6029/head:pr6029
git checkout pr6029

From da6277182aeec8919d2c909d59fc234d50f854c7 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <[email protected]>
Date: Wed, 22 Sep 2021 13:48:07 +0200
Subject: [PATCH] selinux: Fix file context definition for /var/run

There is a file context equivalence rule assigning /run the same
contexts as /var/run. Because of it it's necessary to use /var/run
instead of /run in file context definitions.

See:
https://fedoraproject.org/wiki/SELinux/IndependentPolicy#File_contexts_and_equivalency_rules

Signed-off-by: Vit Mojzis <[email protected]>
---
 selinux/ipa.fc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selinux/ipa.fc b/selinux/ipa.fc
index 1176f383cd4..f6e3f673228 100644
--- a/selinux/ipa.fc
+++ b/selinux/ipa.fc
@@ -23,7 +23,7 @@
 
 /var/log/ipareplica-conncheck.log.*	--	gen_context(system_u:object_r:ipa_log_t,s0)
 
-/run/ipa(/.*)?              gen_context(system_u:object_r:ipa_var_run_t,s0)
+/var/run/ipa(/.*)?              gen_context(system_u:object_r:ipa_var_run_t,s0)
 
 /usr/libexec/ipa/ipa-custodia					--	gen_context(system_u:object_r:ipa_custodia_exec_t,s0)
 /usr/libexec/ipa/custodia/ipa-custodia-dmldap			--	gen_context(system_u:object_r:ipa_custodia_dmldap_exec_t,s0)

_______________________________________________
FreeIPA-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to