[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/

Fri, 08 Sep 2017 19:44:18 -0700 

commit:     6e4ce53825874b005a6d13c2fbd08d6b7d89472b
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Wed Aug 23 19:36:42 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri Sep  8 22:48:51 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=6e4ce538

dbus: move comments out of the file context definitions

When loading module dbus from Reference Policy's git master, semodule
fails:

  Invalid syntax
  Bad context
  Bad filecon declaration at
  /var/lib/selinux/refpolicy/tmp/modules/400/dbus/cil:734
  semodule:  Failed!

"/usr/lib/selinux/hll/pp dbus.pp" generates the following lines
(prefixed by the line number):

  733 (filecon "/usr/bin/dbus-daemon(-1)?" file (system_u object_r
      dbusd_exec_t (systemlow systemlow)))
  734 (filecon "/usr/bin/dbus-broker-launch" file (system_u object_r
      dbusd_exec_t # needed by dbus-broker (systemlow systemlow)))
  735 (filecon "/usr/bin/dbus-broker" file (system_u object_r
      dbusd_exec_t # needed by dbus-broker (systemlow systemlow)))

The comments need to be on their own lines in order to be ignored by
semodule.

 policy/modules/contrib/dbus.fc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/policy/modules/contrib/dbus.fc b/policy/modules/contrib/dbus.fc
index c18fd7fd..e9a13ee9 100644
--- a/policy/modules/contrib/dbus.fc
+++ b/policy/modules/contrib/dbus.fc
@@ -8,8 +8,10 @@ HOME_DIR/\.dbus(/.*)?                          
gen_context(system_u:object_r:session_dbusd_home_t,s0)
 /run/user/%{USERID}/dbus-1(/.*)?               
gen_context(system_u:object_r:session_dbusd_runtime_t,s0)
 
 /usr/bin/dbus-daemon(-1)?              --      
gen_context(system_u:object_r:dbusd_exec_t,s0)
-/usr/bin/dbus-broker-launch            --      
gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
-/usr/bin/dbus-broker                   --      
gen_context(system_u:object_r:dbusd_exec_t,s0) # needed by dbus-broker
+
+# needed by dbus-broker
+/usr/bin/dbus-broker-launch            --      
gen_context(system_u:object_r:dbusd_exec_t,s0)
+/usr/bin/dbus-broker                   --      
gen_context(system_u:object_r:dbusd_exec_t,s0)
 
 /usr/lib/dbus-.*/dbus-daemon-launch-helper     --      
gen_context(system_u:object_r:dbusd_exec_t,s0)

Reply via email to