[refpolicy] [PATCH] [RFC] Fix strange file patterns

[cpebenito@tresys.com (Christopher J. PeBenito)]

Dan/Miroslav, do you have any feedback on these?  They seem like reasonable changes to me.

On 04/08/2014 10:21 AM, Sven Vermeulen wrote:
> I'm OK with the changes. I am not aware of a finger  implementation that uses a single character prefix to "fingerd" that would match the expression as well.
> 
> With kind regard,
>   Sven Vermeulen
> 
> On Apr 5, 2014 10:38 PM, "Nicolas Iooss" <nicolas.iooss at m4x.org <mailto:nicolas.iooss@m4x.org>> wrote:
> 
>     Some file patterns look very strange, like:
> 
>         /var/log/cluster/.*\.*log
> 
>     I've found such patterns while writing a script that parses the file patterns.
>     Hence I haven't tested if the new file contexts apply to the existing files.
>     For example, this patch changes
> 
>         /var/run/*.fingerd\.pid
> 
>     to
> 
>         /var/run/fingerd\.pid
> 
>     because "/*" seems weird to me, but this also changes the semantic of the
>     pattern.  Another possibility which doesn't change the meaning is:
> 
>         /var/run/?.fingerd\.pid
> 
>     I send this patch as an RFC because what I consider abnormal may in fact be
>     something expected or a workaround to fix some bugs I'm not aware of.
>     ---
>      finger.fc         | 2 +-
>      rhcs.fc           | 2 +-
>      setroubleshoot.fc | 2 +-
>      3 files changed, 3 insertions(+), 3 deletions(-)
> 
>     diff --git a/finger.fc b/finger.fc
>     index 843940b..623421d 100644
>     --- a/finger.fc
>     +++ b/finger.fc
>     @@ -7,4 +7,4 @@
> 
>      /var/log/cfingerd\.log.*       --      gen_context(system_u:object_r:fingerd_log_t,s0)
> 
>     -/var/run/*.fingerd\.pid        --      gen_context(system_u:object_r:fingerd_var_run_t,s0)
>     +/var/run/fingerd\.pid  --      gen_context(system_u:object_r:fingerd_var_run_t,s0)
>     diff --git a/rhcs.fc b/rhcs.fc
>     index 47de2d6..c619502 100644
>     --- a/rhcs.fc
>     +++ b/rhcs.fc
>     @@ -14,7 +14,7 @@
> 
>      /var/lib/qdiskd(/.*)?  gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
> 
>     -/var/log/cluster/.*\.*log      <<none>>
>     +/var/log/cluster/.*\.log       <<none>>
>      /var/log/cluster/dlm_controld\.log.*   --      gen_context(system_u:object_r:dlm_controld_var_log_t,s0)
>      /var/log/cluster/fenced\.log.* --      gen_context(system_u:object_r:fenced_var_log_t,s0)
>      /var/log/cluster/gfs_controld\.log.*   --      gen_context(system_u:object_r:gfs_controld_var_log_t,s0)
>     diff --git a/setroubleshoot.fc b/setroubleshoot.fc
>     index 0b3a971..e89c06f 100644
>     --- a/setroubleshoot.fc
>     +++ b/setroubleshoot.fc
>     @@ -1,6 +1,6 @@
>      /usr/sbin/setroubleshootd      --      gen_context(system_u:object_r:setroubleshootd_exec_t,s0)
> 
>     -/usr/share/setroubleshoot/SetroubleshootFixit\.py*     --      gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
>     +/usr/share/setroubleshoot/SetroubleshootFixit\.py      --      gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
> 
>      /var/run/setroubleshoot(/.*)?  gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
> 
>     --
>     1.9.1


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com