kernel/files.fc: Label /usr/lib/sysimage as usr_t

Moved from: fedora-selinux/selinux-policy-contrib#43 This ensures that hardlinking works with `/usr/share/rpm` (once the contrib patch to make it `usr_t` is merged too). See https://bugzilla.redhat.com/show_bug.cgi?id=1526191 coreos/rpm-ostree#959 (comment) coreos/rpm-ostree#1142
cgwalters · Jan 23, 2018 · 38c45c8 · 38c45c8
1 parent 42c0853
commit 38c45c8
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
@@ -231,6 +231,9 @@ ifdef(`distro_redhat',`
 
 /usr/share/doc(/.*)?/README.*	gen_context(system_u:object_r:usr_t,s0)
 
+# http://lists.rpm.org/pipermail/rpm-maint/2017-October/006681.html
+/usr/lib/sysimage(/.*)?			gen_context(system_u:object_r:usr_t,s0)
+
 /usr/tmp		-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
 /usr/tmp/.*			<<none>>