On 09/06/08 13:54, Christopher J. PeBenito wrote: > On Sat, 2008-06-07 at 14:16 +0100, Martin Orr wrote: >> On a 64-bit Debian system, /usr/lib32 is a symlink to >> /emul/ia32-linux/usr/lib. It should be labelled as lib_t. >> >> I don't know if the distro_debian is necessary - take it out if you want. > > Actually what seems excessive is the (.*/)? in the middle. Is it really > needed? Its very broad, and doesn't sound like its needed. I probably copied it from the lines above. And in fact given the -l, there is not much point in the (/.*)? at the end either. Best wishes, Martin >> plain text document attachment (116_usr_lib32) >> Written by: Martin Orr >> >> Mark /usr/lib32 as type lib_t >> >> Index: policy/modules/system/libraries.fc >> =================================================================== >> --- policy/modules/system/libraries.fc.orig >> +++ policy/modules/system/libraries.fc >> @@ -110,6 +110,9 @@ >> >> /usr/(.*/)?lib(/.*)? gen_context(system_u:object_r:lib_t,s0) >> /usr/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) >> +ifdef(`distro_debian',` >> + /usr/(.*/)?lib32(/.*)? -l gen_context(system_u:object_r:lib_t,s0) >> +') >> >> /usr/(.*/)?lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) >> -- Martin Orr -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
