commit: 9c069ad294b09ac28ca1fe83ff999e77975c3cd0 Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> AuthorDate: Sat Mar 25 16:55:52 2017 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Thu Mar 30 14:00:10 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9c069ad2
/var/run -> /run again Here's the latest version of my patch to remove all /var/run when it's not needed. I have removed the subst thing from the patch, but kept a distro_debian bit that relies on it. So with this patch the policy won't install if you build it with distro_debian unless you have my subst patch. Chris, if your automated tests require that it build and install with distro_debian then skip the patch for sysnetwork.fc. >From Russell Coker policy/modules/contrib/dbus.fc | 4 ++++ policy/modules/contrib/dbus.te | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/policy/modules/contrib/dbus.fc b/policy/modules/contrib/dbus.fc index 725276de..c2a15358 100644 --- a/policy/modules/contrib/dbus.fc +++ b/policy/modules/contrib/dbus.fc @@ -20,3 +20,7 @@ HOME_DIR/\.dbus(/.*)? gen_context(system_u:object_r:session_dbusd_home_t,s0) # /var/run prefix exception; https://dbus.freedesktop.org/doc/dbus-specification.html#idm2461 /var/run/dbus/system_bus_socket gen_context(system_u:object_r:system_dbusd_var_run_t,s0) + +ifdef(`distro_debian',` +/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0) +') diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te index f307ddec..941d2f47 100644 --- a/policy/modules/contrib/dbus.te +++ b/policy/modules/contrib/dbus.te @@ -1,4 +1,4 @@ -policy_module(dbus, 1.22.3) +policy_module(dbus, 1.22.4) gen_require(` class dbus all_dbus_perms;
