diff options
| author |   Steve Lawrence <slawrence@tresys.com> | 2014-12-03 09:55:26 -0500 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2014-12-04 00:32:15 +0400 |
| commit | 4270746b108fd90b377127c6f20998af640a4869 (patch) | |
| tree | 3c0c6474eb045562fda8651ca76f1beb0e857cf7 /policy/modules/system/selinuxutil.if | |
| parent | Add missing roles interfaces (diff) | |
| download | hardened-refpolicy-4270746b108fd90b377127c6f20998af640a4869.tar.gz hardened-refpolicy-4270746b108fd90b377127c6f20998af640a4869.tar.bz2 hardened-refpolicy-4270746b108fd90b377127c6f20998af640a4869.zip | |
Update policy for selinux userspace moving the policy store to /var/lib/selinux
With the new userspace, the only files in /var/lib/selinux are selinux
store related files, so label it and everything inside it as
semanage_store_t. semanage_var_lib_t is completely removed and now
aliases semanage_store_t for backwards compatibility. This differs from
the v2 patch in that it adds back the ability to manage
selinux_config_t, which is necessary to manage the old module store for
things like migrating from the old to new store and backwards
compatability.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Diffstat (limited to 'policy/modules/system/selinuxutil.if')
| -rw-r--r-- | policy/modules/system/selinuxutil.if | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if index bee06f42..129a6e0b 100644 --- a/policy/modules/system/selinuxutil.if +++ b/policy/modules/system/selinuxutil.if @@ -1041,7 +1041,9 @@ interface(`seutil_manage_module_store',` ') files_search_etc($1) + files_search_var($1) manage_dirs_pattern($1, selinux_config_t, semanage_store_t) + manage_dirs_pattern($1, semanage_store_t, semanage_store_t) manage_files_pattern($1, semanage_store_t, semanage_store_t) manage_lnk_files_pattern($1, semanage_store_t, semanage_store_t) ') |