From d172b3b45d24acab4b8c85473a40a2e567d8ec52 Mon Sep 17 00:00:00 2001 From: James Carter Date: Wed, 11 Apr 2018 14:55:21 -0400 Subject: [PATCH] Move the use of initrc_var_run_t from files.fc to init.fc The type initrc_var_run_t is actually declared in init.te and moving it removes a dependency of the base module (which files is a part) on a module. Moved the file contexts to label motd for debian systems with the initrc_var_run_t type from files.fc to init.fc. Signed-off-by: James Carter --- policy/modules/kernel/files.fc | 5 ----- policy/modules/system/init.fc | 2 ++ 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc index 5223af277..c3496c218 100644 --- a/policy/modules/kernel/files.fc +++ b/policy/modules/kernel/files.fc @@ -270,8 +270,3 @@ ifndef(`distro_redhat',` /var/tmp/systemd-private-[^/]+/tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh) /var/tmp/systemd-private-[^/]+/tmp/.* <> /var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0) - -ifdef(`distro_debian',` -/run/motd -- gen_context(system_u:object_r:initrc_var_run_t,s0) -/run/motd\.dynamic -- gen_context(system_u:object_r:initrc_var_run_t,s0) -') diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 548a8631c..71d2ef21a 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -68,6 +68,8 @@ ifdef(`distro_redhat',` ifdef(`distro_debian',` /run/hotkey-setup -- gen_context(system_u:object_r:initrc_var_run_t,s0) /run/kdm/.* -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/run/motd -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/run/motd\.dynamic -- gen_context(system_u:object_r:initrc_var_run_t,s0) /etc/network/if-pre-up\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) /etc/network/if-up\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) /etc/network/if-down\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)