Date: Wed, 11 Dec 2002 14:12:20 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 22170 for review Message-ID: <200212112212.gBBMCK3f018029@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=22170 Change 22170 by green@green_laptop_2 on 2002/12/11 14:11:35 Get ldconfig(8)'s SEBSD policy/file contexts more correct. It's still trying to access an unlabeled file and, more importantly, like almost every program needs to be able to getattr/open/read "/dev/random", because of libc's dependence on it, as well as read of the lnk_file "/etc/malloc.conf". Affected files ... .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/ldconfig.te#2 edit .. //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/domains/program/ldconfig.te#2 (text+ko) ==== @@ -17,7 +17,7 @@ uses_shlib(ldconfig_t) -file_type_auto_trans(ldconfig_t, etc_t, ld_so_cache_t) +file_type_auto_trans(ldconfig_t, var_run_t, ld_so_cache_t) file_type_auto_trans(ldconfig_t, lib_t, shlib_t) allow ldconfig_t { user_t sysadm_t }:fd use; ==== //depot/projects/trustedbsd/mac/contrib/sebsd/policy/file_contexts/program/ldconfig.fc#3 (text+ko) ==== @@ -1,1 +1,2 @@ /sbin/ldconfig system_u:object_r:ldconfig_exec_t +/var/run/ld(-elf)?\.so\.hints system_u:object_r:ld_so_cache_t To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200212112212.gBBMCK3f018029>