Package: selinux-policy-default Version: 2:0.2.20091117-1 Severity: normal Fedora and some other distributions use directories /lib and /lib64 for shared objects. Debian uses /lib32 and /lib. We need to correct the file contexts.
diff -ru refpolicy-0.2.20091117.old/policy/modules/system/libraries.fc refpolicy-0.2.20091117/policy/modules/system/libraries.fc --- refpolicy-0.2.20091117.old/policy/modules/system/libraries.fc 2009-08-11 01:01:39.000000000 +1000 +++ refpolicy-0.2.20091117/policy/modules/system/libraries.fc 2010-02-11 20:24:31.000000000 +1100 @@ -37,19 +37,21 @@ # /lib -d gen_context(system_u:object_r:lib_t,s0) /lib/.* gen_context(system_u:object_r:lib_t,s0) +ifdef(`distro_debian',` +/lib32 -d gen_context(system_u:object_r:lib_t,s0) +/lib32/.* gen_context(system_u:object_r:lib_t,s0) +/lib32/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) +/lib64 -l gen_context(system_u:object_r:lib_t,s0) +', ` /lib64 -d gen_context(system_u:object_r:lib_t,s0) /lib64/.* gen_context(system_u:object_r:lib_t,s0) -/lib/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) /lib64/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) +') +/lib/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) /lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /lib64/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -ifdef(`distro_debian',` -/lib32 -l gen_context(system_u:object_r:lib_t,s0) -/lib64 -l gen_context(system_u:object_r:lib_t,s0) -') - ifdef(`distro_gentoo',` /lib -l gen_context(system_u:object_r:lib_t,s0) /lib32 -d gen_context(system_u:object_r:lib_t,s0) @@ -61,7 +63,11 @@ # /opt # /opt/(.*/)?lib(/.*)? gen_context(system_u:object_r:lib_t,s0) +ifdef(`distro_debian',` +/opt/(.*/)?lib32(/.*)? gen_context(system_u:object_r:lib_t,s0) +', ` /opt/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) +') /opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0) /opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/(.*/)?jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0) @@ -109,9 +115,13 @@ /usr/(.*/)?java/.+\.jsa -- gen_context(system_u:object_r:lib_t,s0) /usr/(.*/)?lib(/.*)? gen_context(system_u:object_r:lib_t,s0) +ifdef(`distro_debian',` +/usr/(.*/)?lib32(/.*)? gen_context(system_u:object_r:lib_t,s0) +/usr/(.*/)?lib(32)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) +', ` /usr/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) - /usr/(.*/)?lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) +') /usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
