RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

files: reduce the scope of the pattern matching /usr/include 

The pattern that matches /usr/include uses a dot, in order probably to
avoid calling m4's function include(). This also matches other paths
such as /usr/inclu/e. Such a side-effect can be avoided by inserting an
empty string which is removed by m4's preprocessing.

Mailing-list discussion: https://lore.kernel.org/selinux-refpolicy/CAJfZ7=krh_TaCBQzFxLM394Sc5-82ZO0DdcfvWON-RXu-wqBVw@mail.gmail.com/t/#u

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2019-08-27 22:39:37 +02:00
parent b0fb76565b
commit c9602a0cac
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
policy/modules/kernel/files.fc
View File

@ -197,7 +197,8 @@ HOME_ROOT/lost\+found/.* <<none>>
/usr/etc(/.*)? gen_context(system_u:object_r:etc_t,s0)
/usr/inclu.e(/.*)? gen_context(system_u:object_r:usr_t,s0)
# Avoid calling m4's include by using en empty string
/usr/include`'(/.*)? gen_context(system_u:object_r:usr_t,s0)
/usr/local/\.journal <<none>>