From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-468636-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SYiN4-0002Xm-Sr
	for garchives@archives.gentoo.org; Sun, 27 May 2012 18:39:19 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 28D95E05E4;
	Sun, 27 May 2012 18:39:11 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id EB1AEE05E4
	for <gentoo-commits@lists.gentoo.org>; Sun, 27 May 2012 18:39:10 +0000 (UTC)
Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163])
	(using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 252461B4015
	for <gentoo-commits@lists.gentoo.org>; Sun, 27 May 2012 18:39:10 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by hornbill.gentoo.org (Postfix) with ESMTP id 9099EE5428
	for <gentoo-commits@lists.gentoo.org>; Sun, 27 May 2012 18:39:08 +0000 (UTC)
From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" <sven.vermeulen@siphos.be>
Message-ID: <1338143821.15516ae2e99869b6e27f924c418d34fc8875ccb5.SwifT@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/system/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/system/selinuxutil.fc
X-VCS-Directories: policy/modules/system/
X-VCS-Committer: SwifT
X-VCS-Committer-Name: Sven Vermeulen
X-VCS-Revision: 15516ae2e99869b6e27f924c418d34fc8875ccb5
X-VCS-Branch: master
Date: Sun, 27 May 2012 18:39:08 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 88d35624-183c-4b35-a3b6-3216f918cb4e
X-Archives-Hash: 4a9c9a0ff29d0f9a73e10f033b16dbdf

commit:     15516ae2e99869b6e27f924c418d34fc8875ccb5
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun May 27 18:37:01 2012 +0000
Commit:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun May 27 18:37:01 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/hardened-refp=
olicy.git;a=3Dcommit;h=3D15516ae2

Mark the modules directory as semanage_store_t

Previously, type transitions (on file/dir) occurred when semanage_t tried=
 to create a directory inside a
selinux_config_t. Recently, this has changed so that this only occurs whe=
n said directory (that is created) is called
"modules".

However, on existing systems, this directory already exists (with the sel=
inux_config_t type). As there is no file
context to say otherwise, loading a policy fails (as the "tmp/" dir that =
it creates doesn't transition) and restoring
the contexts of /etc/selinux recursively doesn't help either.

By adding the definition for the "modules/" directory, we should now be a=
ble to run a restorecon -R /etc/selinux once
and have the policy be loaded correctly again.

---
 policy/modules/system/selinuxutil.fc |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system=
/selinuxutil.fc
index c985344..93832ae 100644
--- a/policy/modules/system/selinuxutil.fc
+++ b/policy/modules/system/selinuxutil.fc
@@ -9,6 +9,7 @@
 /etc/selinux/([^/]*/)?policy(/.*)?	gen_context(system_u:object_r:policy_=
config_t,mls_systemhigh)
 /etc/selinux/([^/]*/)?setrans\.conf --	gen_context(system_u:object_r:sel=
inux_config_t,mls_systemhigh)
 /etc/selinux/([^/]*/)?seusers	--	gen_context(system_u:object_r:selinux_c=
onfig_t,mls_systemhigh)
+/etc/selinux/([^/]*/)?modules	-d	gen_context(system_u:object_r:semanage_=
store_t,s0)
 /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? gen_context(sy=
stem_u:object_r:semanage_store_t,s0)
 /etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK -- gen_context(system=
_u:object_r:semanage_read_lock_t,s0)
 /etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK -- gen_context(syste=
m_u:object_r:semanage_trans_lock_t,s0)