commit: c2a314c9ce3a40f510564217177f9ae420447bf1 Author: Laurent Bigonville <bigon <AT> bigon <DOT> be> AuthorDate: Fri Mar 25 21:35:17 2016 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Fri May 13 05:07:33 2016 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=c2a314c9
Add some labels for SELinux tools path in Debian policy/modules/kernel/corecommands.fc | 2 ++ policy/modules/system/selinuxutil.fc | 1 + 2 files changed, 3 insertions(+) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index c228d79..35752e7 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -268,6 +268,8 @@ ifdef(`distro_gentoo',` /usr/lib/debug/usr/bin(/.*)? -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/debug/usr/sbin(/.*)? -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib/selinux/hll(/.*)? gen_context(system_u:object_r:bin_t,s0) + /usr/lib/[^/]*thunderbird[^/]*/thunderbird -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/[^/]*thunderbird[^/]*/thunderbird-bin -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/[^/]*thunderbird[^/]*/open-browser\.sh -- gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc index 59ae92a..8f0db04 100644 --- a/policy/modules/system/selinuxutil.fc +++ b/policy/modules/system/selinuxutil.fc @@ -49,6 +49,7 @@ /var/lib/selinux(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) /var/lib/selinux/[^/]+/semanage\.read\.LOCK -- gen_context(system_u:object_r:semanage_read_lock_t,s0) /var/lib/selinux/[^/]+/semanage\.trans\.LOCK -- gen_context(system_u:object_r:semanage_trans_lock_t,s0) +/usr/lib/selinux/semanage_migrate_store -- gen_context(system_u:object_r:semanage_exec_t,s0) # # /var/run
