diff options
| author |   Nicolas Iooss <nicolas.iooss@m4x.org> | 2017-04-15 20:49:07 +0200 |
|---|---|---|
| committer |   Jason Zaman <jason@perfinion.com> | 2017-05-07 23:53:18 +0800 |
| commit | ad561b6028cb137e4169876737059997eec4b2ee (patch) | |
| tree | 5f9f70c11cf715605fbf9560cc39a538e86003b0 /policy/modules/system/logging.fc | |
| parent | Synchronize file patterns for /usr/bin/mount... and /usr/sbin/mount... (diff) | |
| download | hardened-refpolicy-ad561b6028cb137e4169876737059997eec4b2ee.tar.gz hardened-refpolicy-ad561b6028cb137e4169876737059997eec4b2ee.tar.bz2 hardened-refpolicy-ad561b6028cb137e4169876737059997eec4b2ee.zip | |
Support systems with a single /usr/bin directory
On systems such as Arch Linux, all programs which are usually located in
/bin, /sbin, /usr/bin and /usr/sbin are present in /usr/bin and the
other locations are symbolic links to this directory. With such a
configuration, the file contexts which define types for files in
/bin, /sbin and /usr/sbin need to be duplicated to provide definitions
for /usr/bin/...
As the "/bin vs. /usr/bin" part of the needed definitions has already
been done with the "usr merge" patches, the next step consists in
duplicating file contexts for /usr/sbin. This is what this patch does
for all modules which are not in contrib.
This is the second iteration of an idea I have previously posted on
http://oss.tresys.com/pipermail/refpolicy/2017-March/009176.html
Diffstat (limited to 'policy/modules/system/logging.fc')
| -rw-r--r-- | policy/modules/system/logging.fc | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc index 47249063d..9174f94b3 100644 --- a/policy/modules/system/logging.fc +++ b/policy/modules/system/logging.fc @@ -6,6 +6,18 @@ /etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0) /etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) +/usr/bin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0) +/usr/bin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0) +/usr/bin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0) +/usr/bin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0) +/usr/bin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) +/usr/bin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/usr/bin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/usr/bin/rklogd -- gen_context(system_u:object_r:klogd_exec_t,s0) +/usr/bin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/usr/bin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/usr/bin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) + /usr/lib/systemd/system/auditd.* -- gen_context(system_u:object_r:auditd_unit_t,s0) /usr/lib/systemd/system/[^/]*systemd-journal.* -- gen_context(system_u:object_r:syslogd_unit_t,s0) /usr/lib/systemd/system/rsyslog.*\.service -- gen_context(system_u:object_r:syslogd_unit_t,s0) |