From mboxrd@z Thu Jan  1 00:00:00 1970
From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Sat, 8 Feb 2014 10:07:13 -0500
Subject: [refpolicy] [PATCH 1/3] Add two postgresql file contexts from
 gentoo policy
In-Reply-To: <1390670684-21197-2-git-send-email-aranea@aixah.de>
References: <1390670684-21197-1-git-send-email-aranea@aixah.de>
	<1390670684-21197-2-git-send-email-aranea@aixah.de>
Message-ID: <52F64821.1010601@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 1/25/2014 12:24 PM, Luis Ressel wrote:
> ---
>  policy/modules/services/postgresql.fc | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc
> index a26f84f..9b693c4 100644
> --- a/policy/modules/services/postgresql.fc
> +++ b/policy/modules/services/postgresql.fc
> @@ -1,8 +1,11 @@
>  #
>  # /etc
>  #
> -/etc/postgresql(/.*)?			gen_context(system_u:object_r:postgresql_etc_t,s0)
> +/etc/postgresql(-.*)?(/.*)?		gen_context(system_u:object_r:postgresql_etc_t,s0)

Is this intended to handle something like /etc/postgresql-3.9.2/*?

> +/etc/init\.d/postgresql(-.*)?	--	gen_context(system_u:object_r:postgresql_initrc_exec_t,s0)
>  /etc/rc\.d/init\.d/(se)?postgresql --	gen_context(system_u:object_r:postgresql_initrc_exec_t,s0)

We should remove the rc\.d from the existing line instead.  The file context substitutions will take care of instances where someone has init scripts in /etc/rc.d/init.d.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com