rpm: Label /usr/share/rpm usr_t (ostree/Atomic systems)

This ensures that hardlinking works, once the corresponding base policy PR is merged: fedora-selinux/selinux-policy#209 See https://bugzilla.redhat.com/show_bug.cgi?id=1526191 coreos/rpm-ostree#959 (comment) coreos/rpm-ostree#1142
cgwalters · Jan 23, 2018 · 0150e4b · 0150e4b
1 parent 8eebcb1
commit 0150e4b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/rpm.fc b/rpm.fc
@@ -30,7 +30,8 @@
 /usr/share/yumex/yumex-yum-backend --	gen_context(system_u:object_r:rpm_exec_t,s0)
 /usr/share/yumex/yum_childtask\.py --	gen_context(system_u:object_r:rpm_exec_t,s0)
 
-/usr/share/rpm(/.*)?			gen_context(system_u:object_r:rpm_var_lib_t,s0)
+# These may be hardlinked, and they're not /var, so just use usr_t
+/usr/share/rpm(/.*)?			gen_context(system_u:object_r:usr_t,s0)
 
 ifdef(`distro_redhat', `
 /usr/sbin/bcfg2				--	gen_context(system_u:object_r:rpm_exec_t,s0)