On 04/08/09 12:20, Daniel J Walsh wrote:
Now that we have labelling equivalence should we just add a
/lib64 /lib
/usr/lib64 /usr/lib
/usr/local/lib64 /usr/local/lib
Seems we could simplify policy and prevent many mistakes. Might speed up regex matching a little bit.
It would also remove the need for the /lib(64)? style regexes
altogether, which are unfortunately close to the start of the pathname
and cause these patterns to score poorly when being considered as a
possible match for a filename.
grep 64 /etc/selinux/targeted/contexts/files/file_contexts | wc
259 735 18694
If were were more aggressive
/usr/local /usr
That looks sane.
/opt /usr
Don't agree with that one. /opt tends to fill with things like
/opt/appname and only then the regular structure underneath there with
/bin, /man etc.
Paul.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
