1 |
commit: 9c069ad294b09ac28ca1fe83ff999e77975c3cd0 |
2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
3 |
AuthorDate: Sat Mar 25 16:55:52 2017 +0000 |
4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 30 14:00:10 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=9c069ad2 |
7 |
|
8 |
/var/run -> /run again |
9 |
|
10 |
Here's the latest version of my patch to remove all /var/run when it's not |
11 |
needed. I have removed the subst thing from the patch, but kept a |
12 |
distro_debian bit that relies on it. So with this patch the policy won't |
13 |
install if you build it with distro_debian unless you have my subst patch. |
14 |
Chris, if your automated tests require that it build and install with |
15 |
distro_debian then skip the patch for sysnetwork.fc. |
16 |
|
17 |
From Russell Coker |
18 |
|
19 |
policy/modules/contrib/dbus.fc | 4 ++++ |
20 |
policy/modules/contrib/dbus.te | 2 +- |
21 |
2 files changed, 5 insertions(+), 1 deletion(-) |
22 |
|
23 |
diff --git a/policy/modules/contrib/dbus.fc b/policy/modules/contrib/dbus.fc |
24 |
index 725276de..c2a15358 100644 |
25 |
--- a/policy/modules/contrib/dbus.fc |
26 |
+++ b/policy/modules/contrib/dbus.fc |
27 |
@@ -20,3 +20,7 @@ HOME_DIR/\.dbus(/.*)? gen_context(system_u:object_r:session_dbusd_home_t,s0) |
28 |
|
29 |
# /var/run prefix exception; https://dbus.freedesktop.org/doc/dbus-specification.html#idm2461 |
30 |
/var/run/dbus/system_bus_socket gen_context(system_u:object_r:system_dbusd_var_run_t,s0) |
31 |
+ |
32 |
+ifdef(`distro_debian',` |
33 |
+/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0) |
34 |
+') |
35 |
|
36 |
diff --git a/policy/modules/contrib/dbus.te b/policy/modules/contrib/dbus.te |
37 |
index f307ddec..941d2f47 100644 |
38 |
--- a/policy/modules/contrib/dbus.te |
39 |
+++ b/policy/modules/contrib/dbus.te |
40 |
@@ -1,4 +1,4 @@ |
41 |
-policy_module(dbus, 1.22.3) |
42 |
+policy_module(dbus, 1.22.4) |
43 |
|
44 |
gen_require(` |
45 |
class dbus all_dbus_perms; |