MonetDB: Aug2024 - Fixing the SELinux policy: use proper regexps.

Mon, 23 Sep 2024 08:54:01 -0700 

Changeset: 5b43030cb041 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/5b43030cb041
Modified Files:
        misc/selinux/monetdb.fc.in
        misc/selinux/monetdb.te
Branch: Aug2024
Log Message:

Fixing the SELinux policy: use proper regexps.
Also add some comments.


diffs (46 lines):

diff --git a/misc/selinux/monetdb.fc.in b/misc/selinux/monetdb.fc.in
--- a/misc/selinux/monetdb.fc.in
+++ b/misc/selinux/monetdb.fc.in
@@ -8,17 +8,25 @@
 # Copyright August 2008 - 2023 MonetDB B.V.;
 # Copyright 1997 - July 2008 CWI.
 
-@CMAKE_INSTALL_FULL_BINDIR@/monetdbd*                          --      
gen_context(system_u:object_r:monetdbd_exec_t,s0)
-@CMAKE_INSTALL_FULL_BINDIR@/mserver5*                          --      
gen_context(system_u:object_r:mserver5_exec_t,s0)
-@CMAKE_INSTALL_FULL_LIBDIR@/systemd/system/monetdbd.*                  
gen_context(system_u:object_r:monetdbd_unit_file_t,s0)
+# blank: any type file
+# -b: block device
+# -c: character device
+# -d: directory
+# -p: named pipe
+# -l: symbolic link
+# -s: socket file
+# --: regular file
+@CMAKE_INSTALL_FULL_BINDIR@/monetdbd(-.*)?                                     
        gen_context(system_u:object_r:monetdbd_exec_t,s0)
+@CMAKE_INSTALL_FULL_BINDIR@/mserver5(-.*)?                                     
        gen_context(system_u:object_r:mserver5_exec_t,s0)
+@CMAKE_INSTALL_PREFIX@/lib/systemd/system/monetdbd\.service                    
--      gen_context(system_u:object_r:monetdbd_unit_file_t,s0)
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/monetdb(/.*)?                           
        gen_context(system_u:object_r:monetdbd_log_t,s0)
-@CMAKE_INSTALL_FULL_RUNSTATEDIR@/monetdb(/.*)?                                 
gen_context(system_u:object_r:monetdbd_var_run_t,s0)
+@CMAKE_INSTALL_FULL_RUNSTATEDIR@/monetdb(/.*)?                                 
        gen_context(system_u:object_r:monetdbd_var_run_t,s0)
 # database "farm"
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm(/.*)?                       
        gen_context(system_u:object_r:mserver5_db_t,s0)
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm/\.merovingian_properties    
--      gen_context(system_u:object_r:monetdbd_etc_t,s0)
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm/\.merovingian_lock          
--      gen_context(system_u:object_r:monetdbd_lock_t,s0)
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/monetdb5/dbfarm/.*/\.gdk_lock               
--      gen_context(system_u:object_r:mserver5_lock_t,s0)
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb(/.*)?                           
        gen_context(system_u:object_r:mserver5_db_t,s0)
-@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb/\.merovingian_properties        
--      gen_context(system_u:object_r:monetdbd_etc_t,s0)
+@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb/\.merovingian_properties        
        --      gen_context(system_u:object_r:monetdbd_etc_t,s0)
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb/\.merovingian_lock              
--      gen_context(system_u:object_r:monetdbd_lock_t,s0)
 @CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/monetdb/.*/\.gdk_lock                   
--      gen_context(system_u:object_r:mserver5_lock_t,s0)
diff --git a/misc/selinux/monetdb.te b/misc/selinux/monetdb.te
--- a/misc/selinux/monetdb.te
+++ b/misc/selinux/monetdb.te
@@ -8,7 +8,7 @@
 # Copyright August 2008 - 2023 MonetDB B.V.;
 # Copyright 1997 - July 2008 CWI.
 
-policy_module(monetdb, 1.3)
+policy_module(monetdb, 1.4)
 # The above line declares that this file is a SELinux policy file. Its
 # name is monetdb, so the file should be saved as monetdb.te
 
_______________________________________________
checkin-list mailing list -- checkin-list@monetdb.org
To unsubscribe send an email to checkin-list-le...@monetdb.org

Reply via email to