From mboxrd@z Thu Jan 1 00:00:00 1970 From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Wed, 31 Oct 2012 10:43:17 -0400 Subject: [refpolicy] [PATCH v1] Changes to the miscfiles policy module In-Reply-To: <1351625272.4200.12.camel@d30.localdomain> References: <507ae8e5.2354b40a.147c.024d@mx.google.com> <1351625272.4200.12.camel@d30.localdomain> Message-ID: <50913905.2000509@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 10/30/12 15:27, Dominick Grift wrote: > I changed this so that miscfiles policy module depends on it. > > I think this should take away your previous concerns. > > Can this be merged now? This is actually the reverse of what I was saying. Miscfiles shouldn't be unconditionally depending on a higher layer module. I think the only solution is to have the cache type be in miscfiles so the files will be labeled right, even if mandb isn't installed. > On Sun, 2012-10-14 at 18:31 +0200, dominick.grift at gmail.com wrote: >> From: Dominick Grift >> >> >> If you use the miscfiles policy module then you depend on the mandv policy module >> >> Change various miscfiles man interfaces to include relevant mandb >> interface calls >> >> Signed-off-by: Dominick Grift >> diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc >> index 9116567..016974b 100644 >> --- a/policy/modules/system/miscfiles.fc >> +++ b/policy/modules/system/miscfiles.fc >> @@ -77,7 +77,6 @@ >> >> /var/cache/fontconfig(/.*)? gen_context(system_u:object_r:fonts_cache_t,s0) >> /var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0) >> -/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0) >> >> /var/named/chroot/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) >> >> diff --git a/policy/modules/system/miscfiles.if b/policy/modules/system/miscfiles.if >> index 926ba65..0a504f0 100644 >> --- a/policy/modules/system/miscfiles.if >> +++ b/policy/modules/system/miscfiles.if >> @@ -491,6 +491,8 @@ >> >> allow $1 man_t:dir search_dir_perms; >> files_search_usr($1) >> + >> + mandb_search_cache($1) >> ') >> >> ######################################## >> @@ -531,6 +533,8 @@ >> allow $1 man_t:dir list_dir_perms; >> read_files_pattern($1, man_t, man_t) >> read_lnk_files_pattern($1, man_t, man_t) >> + >> + mandb_read_cache_content($1) >> ') >> >> ######################################## >> @@ -557,6 +561,8 @@ >> delete_dirs_pattern($1, man_t, man_t) >> delete_files_pattern($1, man_t, man_t) >> delete_lnk_files_pattern($1, man_t, man_t) >> + >> + mandb_delete_cache_content($1) >> ') >> >> ######################################## >> @@ -578,6 +584,8 @@ >> manage_dirs_pattern($1, man_t, man_t) >> manage_files_pattern($1, man_t, man_t) >> read_lnk_files_pattern($1, man_t, man_t) >> + >> + mandb_manage_cache_content($1) >> ') >> >> ######################################## > > > _______________________________________________ > refpolicy mailing list > refpolicy at oss.tresys.com > http://oss.tresys.com/mailman/listinfo/refpolicy > -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com