From owner-p4-projects Wed Dec 11 14:17:15 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EC80A37B404; Wed, 11 Dec 2002 14:17:13 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87FC637B401 for ; Wed, 11 Dec 2002 14:17:13 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F58F43E4A for ; Wed, 11 Dec 2002 14:17:13 -0800 (PST) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gBBMCKmV018032 for ; Wed, 11 Dec 2002 14:12:20 -0800 (PST) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gBBMCK3f018029 for perforce@freebsd.org; Wed, 11 Dec 2002 14:12:20 -0800 (PST) Date: Wed, 11 Dec 2002 14:12:20 -0800 (PST) Message-Id: <200212112212.gBBMCK3f018029@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 22170 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=22170 Change 22170 by green@green_laptop_2 on 2002/12/11 14:11:35 Get ldconfig(8)'s SEBSD policy/file contexts more correct. It's still trying to access an unlabeled file and, more importantly, like almost every program needs to be able to getattr/open/read "/dev/random", because of libc's dependence on it, as well as read of the lnk_file "/etc/malloc.conf". Affected files ... .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/ldconfig.te#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/ldconfig.te#2 (text+ko) ==== @@ -17,7 +17,7 @@ uses_shlib(ldconfig_t) -file_type_auto_trans(ldconfig_t, etc_t, ld_so_cache_t) +file_type_auto_trans(ldconfig_t, var_run_t, ld_so_cache_t) file_type_auto_trans(ldconfig_t, lib_t, shlib_t) allow ldconfig_t { user_t sysadm_t }:fd use; ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#3 (text+ko) ==== @@ -1,1 +1,2 @@ /sbin/ldconfig system_u:object_r:ldconfig_exec_t +/var/run/ld(-elf)?\.so\.hints system_u:object_r:ld_so_cache_t To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message