diff options
| author |   Chris PeBenito <pebenito@ieee.org> | 2017-03-25 12:55:52 -0400 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2017-03-30 22:00:10 +0800 |
| commit | 9c069ad294b09ac28ca1fe83ff999e77975c3cd0 (patch) | |
| tree | 36559b5c12953ab5bdf00a85d3c8fb39e27e50e4 | |
| parent | dontaudit net_admin for SO_SNDBUFFORCE (diff) | |
| download | hardened-refpolicy-9c069ad2.tar.gz hardened-refpolicy-9c069ad2.tar.bz2 hardened-refpolicy-9c069ad2.zip | |
/var/run -> /run again
Here's the latest version of my patch to remove all /var/run when it's not
needed. I have removed the subst thing from the patch, but kept a
distro_debian bit that relies on it. So with this patch the policy won't
install if you build it with distro_debian unless you have my subst patch.
Chris, if your automated tests require that it build and install with
distro_debian then skip the patch for sysnetwork.fc.
From Russell Coker
| -rw-r--r-- | policy/modules/contrib/dbus.fc | 4 | ||||
| -rw-r--r-- | policy/modules/contrib/dbus.te | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/policy/modules/contrib/dbus.fc b/policy/modules/contrib/dbus.fc index 725276de9..c2a15358e 100644 --- a/policy/modules/contrib/dbus.fc +++ b/policy/modules/contrib/dbus.fc @@ -20,3 +20,7 @@ HOME_DIR/\.dbus(/.*)? gen_context(system_u:object_r:session_dbusd_home_t,s0) # /var/run prefix exception; https://dbus.freedesktop.org/doc/dbus-specification.html#idm2461 /var/run/dbus/system_bus_socket gen_context(system_u:object_r:system_dbusd_var_run_t,s0) + +ifdef(`distro_debian',` +/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0) +') diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te index f307ddec6..941d2f47a 100644 --- a/policy/modules/contrib/dbus.te +++ b/policy/modules/contrib/dbus.te @@ -1,4 +1,4 @@ -policy_module(dbus, 1.22.3) +policy_module(dbus, 1.22.4) gen_require(` class dbus all_dbus_perms; |