diff options
| author |   Nicolas Iooss <nicolas.iooss@m4x.org> | 2017-04-15 20:49:07 +0200 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2017-05-07 23:53:18 +0800 |
| commit | ad561b6028cb137e4169876737059997eec4b2ee (patch) | |
| tree | 5f9f70c11cf715605fbf9560cc39a538e86003b0 /policy/modules/services | |
| parent | Synchronize file patterns for /usr/bin/mount... and /usr/sbin/mount... (diff) | |
| download | hardened-refpolicy-ad561b6028cb137e4169876737059997eec4b2ee.tar.gz hardened-refpolicy-ad561b6028cb137e4169876737059997eec4b2ee.tar.bz2 hardened-refpolicy-ad561b6028cb137e4169876737059997eec4b2ee.zip | |
Support systems with a single /usr/bin directory
On systems such as Arch Linux, all programs which are usually located in
/bin, /sbin, /usr/bin and /usr/sbin are present in /usr/bin and the
other locations are symbolic links to this directory. With such a
configuration, the file contexts which define types for files in
/bin, /sbin and /usr/sbin need to be duplicated to provide definitions
for /usr/bin/...
As the "/bin vs. /usr/bin" part of the needed definitions has already
been done with the "usr merge" patches, the next step consists in
duplicating file contexts for /usr/sbin. This is what this patch does
for all modules which are not in contrib.
This is the second iteration of an idea I have previously posted on
http://oss.tresys.com/pipermail/refpolicy/2017-March/009176.html
Diffstat (limited to 'policy/modules/services')
| -rw-r--r-- | policy/modules/services/ssh.fc | 1 | ||||
| -rw-r--r-- | policy/modules/services/xserver.fc | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/services/ssh.fc b/policy/modules/services/ssh.fc index 71fd227a..4ac3e733 100644 --- a/policy/modules/services/ssh.fc +++ b/policy/modules/services/ssh.fc @@ -6,6 +6,7 @@ HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ssh_home_t,s0) /usr/bin/ssh -- gen_context(system_u:object_r:ssh_exec_t,s0) /usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0) /usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0) +/usr/bin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0) /usr/lib/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0) /usr/lib/ssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0) diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc index 201d28fa..f0392c94 100644 --- a/policy/modules/services/xserver.fc +++ b/policy/modules/services/xserver.fc @@ -70,6 +70,7 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) /usr/bin/sddm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/gpe-dm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/iceauth -- gen_context(system_u:object_r:iceauth_exec_t,s0) +/usr/bin/lightdm -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/slim -- gen_context(system_u:object_r:xdm_exec_t,s0) /usr/bin/Xair -- gen_context(system_u:object_r:xserver_exec_t,s0) /usr/bin/xauth -- gen_context(system_u:object_r:xauth_exec_t,s0) |