From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1SYiN4-0002Xm-Sr for garchives@archives.gentoo.org; Sun, 27 May 2012 18:39:19 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 28D95E05E4; Sun, 27 May 2012 18:39:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id EB1AEE05E4 for ; Sun, 27 May 2012 18:39:10 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 252461B4015 for ; Sun, 27 May 2012 18:39:10 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 9099EE5428 for ; Sun, 27 May 2012 18:39:08 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1338143821.15516ae2e99869b6e27f924c418d34fc8875ccb5.SwifT@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/system/selinuxutil.fc X-VCS-Directories: policy/modules/system/ X-VCS-Committer: SwifT X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: 15516ae2e99869b6e27f924c418d34fc8875ccb5 X-VCS-Branch: master Date: Sun, 27 May 2012 18:39:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 88d35624-183c-4b35-a3b6-3216f918cb4e X-Archives-Hash: 4a9c9a0ff29d0f9a73e10f033b16dbdf commit: 15516ae2e99869b6e27f924c418d34fc8875ccb5 Author: Sven Vermeulen siphos be> AuthorDate: Sun May 27 18:37:01 2012 +0000 Commit: Sven Vermeulen siphos be> CommitDate: Sun May 27 18:37:01 2012 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-refp= olicy.git;a=3Dcommit;h=3D15516ae2 Mark the modules directory as semanage_store_t Previously, type transitions (on file/dir) occurred when semanage_t tried= to create a directory inside a selinux_config_t. Recently, this has changed so that this only occurs whe= n said directory (that is created) is called "modules". However, on existing systems, this directory already exists (with the sel= inux_config_t type). As there is no file context to say otherwise, loading a policy fails (as the "tmp/" dir that = it creates doesn't transition) and restoring the contexts of /etc/selinux recursively doesn't help either. By adding the definition for the "modules/" directory, we should now be a= ble to run a restorecon -R /etc/selinux once and have the policy be loaded correctly again. --- policy/modules/system/selinuxutil.fc | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system= /selinuxutil.fc index c985344..93832ae 100644 --- a/policy/modules/system/selinuxutil.fc +++ b/policy/modules/system/selinuxutil.fc @@ -9,6 +9,7 @@ /etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_= config_t,mls_systemhigh) /etc/selinux/([^/]*/)?setrans\.conf -- gen_context(system_u:object_r:sel= inux_config_t,mls_systemhigh) /etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_c= onfig_t,mls_systemhigh) +/etc/selinux/([^/]*/)?modules -d gen_context(system_u:object_r:semanage_= store_t,s0) /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? gen_context(sy= stem_u:object_r:semanage_store_t,s0) /etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK -- gen_context(system= _u:object_r:semanage_read_lock_t,s0) /etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK -- gen_context(syste= m_u:object_r:semanage_trans_lock_t,s0)