| 1 |
commit: d98d2b28806a778ca2edfab26a5d81a2e79e8e9a |
| 2 |
Author: Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org> |
| 3 |
AuthorDate: Sat Jul 5 16:42:29 2014 +0000 |
| 4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Jul 29 14:05:26 2014 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d98d2b28 |
| 7 |
|
| 8 |
ftp: fix labels in /var/lock/subsys/ |
| 9 |
|
| 10 |
In the pattern "/var/lock/subsys/*.ftpd", the star is applied to the |
| 11 |
slash instead to the dot. This means that the pattern matches these |
| 12 |
files: |
| 13 |
|
| 14 |
* "Xftpd" in "/var/lock/subsys/" (where X is whatever character) |
| 15 |
* "subsysXftpd" in "/var/lock/" (where X is whatever character) |
| 16 |
|
| 17 |
"/var/lock/subsys/vsftpd", which has been used by vsftpd, is therefore |
| 18 |
not matched by the pattern. |
| 19 |
|
| 20 |
As "*." looks like a typo, this patch replaces it with ".*". |
| 21 |
|
| 22 |
--- |
| 23 |
policy/modules/contrib/ftp.fc | 2 +- |
| 24 |
1 file changed, 1 insertion(+), 1 deletion(-) |
| 25 |
|
| 26 |
diff --git a/policy/modules/contrib/ftp.fc b/policy/modules/contrib/ftp.fc |
| 27 |
index ddb75c1..fa132af 100644 |
| 28 |
--- a/policy/modules/contrib/ftp.fc |
| 29 |
+++ b/policy/modules/contrib/ftp.fc |
| 30 |
@@ -19,7 +19,7 @@ |
| 31 |
|
| 32 |
/usr/libexec/webmin/vsftpd/webalizer/xfer_log -- gen_context(system_u:object_r:xferlog_t,s0) |
| 33 |
|
| 34 |
-/var/lock/subsys/*.ftpd -- gen_context(system_u:object_r:ftpd_lock_t,s0) |
| 35 |
+/var/lock/subsys/.*ftpd -- gen_context(system_u:object_r:ftpd_lock_t,s0) |
| 36 |
|
| 37 |
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0) |
| 38 |
/var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0) |
Archives