On Sunday, 6 January 2019 6:04:14 AM AEDT Chris PeBenito wrote: > > Index: refpolicy-2.20180701/policy/modules/admin/apt.fc > > =================================================================== > > --- refpolicy-2.20180701.orig/policy/modules/admin/apt.fc > > +++ refpolicy-2.20180701/policy/modules/admin/apt.fc > > @@ -1,9 +1,12 @@ > > /etc/cron\.daily/apt -- > > gen_context(system_u:object_r:apt_exec_t,s0) > > > > -ifndef(`distro_redhat',` > > +/usr/bin/apt -- > > gen_context(system_u:object_r:apt_exec_t,s0) /usr/bin/apt-get -- > > gen_context(system_u:object_r:apt_exec_t,s0) -/usr/bin/apt-shell > > -- gen_context(system_u:object_r:apt_exec_t,s0) /usr/bin/aptitude > > -- gen_context(system_u:object_r:apt_exec_t,s0) > > +/usr/sbin/update-apt-xapian-index -- > > gen_context(system_u:object_r:apt_exec_t,s0) + > > +ifndef(`distro_redhat',` > > +/usr/bin/apt-shell -- > > gen_context(system_u:object_r:apt_exec_t,s0) /usr/sbin/synaptic -- > > gen_context(system_u:object_r:apt_exec_t,s0) > > /usr/lib/packagekit/packagekitd -- > > gen_context(system_u:object_r:apt_exec_t,s0) /var/cache/PackageKit(/.*)? > > gen_context(system_u:object_r:apt_var_cache_t,s0) > I modified some of these changes, as it results in file context > conflicts with the RPM module. More accurately, I removed the fc > entries in RPM that label the apt executables. I moved the apt-shell > back out of the ifndef block. > > I think the synaptic and packagekit fc entries, which are in both apt > and rpm modules, may need to be dropped and move to the distro's > patches. Either that, or this ifndef needs to turn into ifdef debian > (or something else). > > Otherwise merged. I agree that things should be reconsidered with apt policy. Do we even need separate apt and rpm policy given that both package managers have access to write everything and change config files? -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
