diff options
| author |   Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-08-10 18:37:20 +0200 |
|---|---|---|
| committer | Sven Vermeulen <sven.vermeulen@siphos.be> | 2013-08-10 18:37:20 +0200 |
| commit | a8391e8daab80ff772a3a8896d66394c73e884f4 (patch) | |
| tree | 6ed12f592561ec3da350527397e0444921924800 /policy/modules/system/selinuxutil.fc | |
| parent | Mark PostgreSQL service as appropriate initrc script (diff) | |
| download | hardened-refpolicy-a8391e8daab80ff772a3a8896d66394c73e884f4.tar.gz hardened-refpolicy-a8391e8daab80ff772a3a8896d66394c73e884f4.tar.bz2 hardened-refpolicy-a8391e8daab80ff772a3a8896d66394c73e884f4.zip | |
Enable python-exec support
In Gentoo, /usr/sbin/semanage is a symlink to /usr/bin/python-exec which will
then decide which Python version to execute. As semanage is only labeled as
semanage_exec_t if it is a regular file, it now remains bin_t.
We have two choices here - either relabel /usr/sbin/semanage itself, or the
semanage-python* files. We pick the second, because we don't know what
rights/permissions python-exec needs, but it shouldn't be semanage_t.
Diffstat (limited to 'policy/modules/system/selinuxutil.fc')
| -rw-r--r-- | policy/modules/system/selinuxutil.fc | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc index 3f6690c84..335583dde 100644 --- a/policy/modules/system/selinuxutil.fc +++ b/policy/modules/system/selinuxutil.fc @@ -52,3 +52,8 @@ # /var/run # /var/run/restorecond\.pid -- gen_context(system_u:object_r:restorecond_var_run_t,s0) + +ifdef(`distro_gentoo',` +# Support for gentoo python switcheridoo +/usr/sbin/semanage-python.* -- gen_context(system_u:object_r:semanage_exec_t,s0) +') |