From 2da886dccf8f1e58d0f21807e65de42a4332ea26 Mon Sep 17 00:00:00 2001 From: Nicolas Iooss Date: Sun, 1 Sep 2019 15:26:55 +0200 Subject: [PATCH] corecommands: no longer use \d In order to detect bugs like the one fixed by commit d938683bf47c ("drbd: fix pattern for /usr/lib/ocf/resource.d/linbit/drbd"), forbid the use of \d in the policy. This was actually only used to match /usr/share/apr-1/build/... with /usr/share/apr(-\d)?/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/share/apr(-\d)?/build/libtool -- gen_context(system_u:object_r:bin_t,s0) Signed-off-by: Nicolas Iooss --- policy/modules/kernel/corecommands.fc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 45f81e0ef..ab494a017 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -288,8 +288,8 @@ ifdef(`distro_gentoo',` /usr/share/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/share/ajaxterm/ajaxterm\.py.* -- gen_context(system_u:object_r:bin_t,s0) /usr/share/ajaxterm/qweb\.py.* -- gen_context(system_u:object_r:bin_t,s0) -/usr/share/apr(-\d)?/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0) -/usr/share/apr(-\d)?/build/libtool -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/apr(-[0-9])?/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/apr(-[0-9])?/build/libtool -- gen_context(system_u:object_r:bin_t,s0) /usr/share/build-1/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/share/build-1/libtool -- gen_context(system_u:object_r:bin_t,s0) /usr/share/dayplanner/dayplanner -- gen_context(system_u:object_r:bin_t,s0)