commit: f04beadc745baa12d14310a2e12757d945d67101
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sat Apr 5 20:37:45 2014 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Fri Apr 11 17:46:46 2014 +0000
URL:
http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f04beadc
Fix strange file patterns
Some file patterns look very strange, like:
/var/log/cluster/.*\.*log
I've found such patterns while writing a script that parses the file patterns.
Hence I haven't tested if the new file contexts apply to the existing files.
For example, this patch changes
/var/run/*.fingerd\.pid
to
/var/run/fingerd\.pid
because "/*" seems weird to me, but this also changes the semantic of the
pattern. Another possibility which doesn't change the meaning is:
/var/run/?.fingerd\.pid
I send this patch as an RFC because what I consider abnormal may in fact be
something expected or a workaround to fix some bugs I'm not aware of.
---
policy/modules/contrib/finger.fc | 2 +-
policy/modules/contrib/rhcs.fc | 2 +-
policy/modules/contrib/setroubleshoot.fc | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/policy/modules/contrib/finger.fc b/policy/modules/contrib/finger.fc
index 843940b..623421d 100644
--- a/policy/modules/contrib/finger.fc
+++ b/policy/modules/contrib/finger.fc
@@ -7,4 +7,4 @@
/var/log/cfingerd\.log.* --
gen_context(system_u:object_r:fingerd_log_t,s0)
-/var/run/*.fingerd\.pid --
gen_context(system_u:object_r:fingerd_var_run_t,s0)
+/var/run/fingerd\.pid --
gen_context(system_u:object_r:fingerd_var_run_t,s0)
diff --git a/policy/modules/contrib/rhcs.fc b/policy/modules/contrib/rhcs.fc
index 47de2d6..c619502 100644
--- a/policy/modules/contrib/rhcs.fc
+++ b/policy/modules/contrib/rhcs.fc
@@ -14,7 +14,7 @@
/var/lib/qdiskd(/.*)? gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
-/var/log/cluster/.*\.*log <<none>>
+/var/log/cluster/.*\.log <<none>>
/var/log/cluster/dlm_controld\.log.* --
gen_context(system_u:object_r:dlm_controld_var_log_t,s0)
/var/log/cluster/fenced\.log.* --
gen_context(system_u:object_r:fenced_var_log_t,s0)
/var/log/cluster/gfs_controld\.log.* --
gen_context(system_u:object_r:gfs_controld_var_log_t,s0)
diff --git a/policy/modules/contrib/setroubleshoot.fc
b/policy/modules/contrib/setroubleshoot.fc
index 0b3a971..e89c06f 100644
--- a/policy/modules/contrib/setroubleshoot.fc
+++ b/policy/modules/contrib/setroubleshoot.fc
@@ -1,6 +1,6 @@
/usr/sbin/setroubleshootd --
gen_context(system_u:object_r:setroubleshootd_exec_t,s0)
-/usr/share/setroubleshoot/SetroubleshootFixit\.py* --
gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
+/usr/share/setroubleshoot/SetroubleshootFixit\.py --
gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
/var/run/setroubleshoot(/.*)?
gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
