PERFORCE change 22170 for review
Brian Feldman
green at freebsd.org
Wed Dec 11 22:12:20 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=22170
Change 22170 by green at green_laptop_2 on 2002/12/11 14:11:35
Get ldconfig(8)'s SEBSD policy/file contexts more correct. It's
still trying to access an unlabeled file and, more importantly,
like almost every program needs to be able to getattr/open/read
"/dev/random", because of libc's dependence on it, as well as
read of the lnk_file "/etc/malloc.conf".
Affected files ...
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/ldconfig.te#2 edit
.. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#3 edit
Differences ...
==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/ldconfig.te#2 (text+ko) ====
@@ -17,7 +17,7 @@
uses_shlib(ldconfig_t)
-file_type_auto_trans(ldconfig_t, etc_t, ld_so_cache_t)
+file_type_auto_trans(ldconfig_t, var_run_t, ld_so_cache_t)
file_type_auto_trans(ldconfig_t, lib_t, shlib_t)
allow ldconfig_t { user_t sysadm_t }:fd use;
==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#3 (text+ko) ====
@@ -1,1 +1,2 @@
/sbin/ldconfig system_u:object_r:ldconfig_exec_t
+/var/run/ld(-elf)?\.so\.hints system_u:object_r:ld_so_cache_t
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list