From 4fe994375eb873a2fb7a1205180df832d1f32079 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Mon, 8 Jan 2018 10:52:11 -0500 Subject: [PATCH] rpm: Label /usr/share/rpm usr_t (ostree/Atomic systems) This ensures that hardlinking works, once the corresponding base policy PR is merged: https://github.com/fedora-selinux/selinux-policy/pull/209 See https://bugzilla.redhat.com/show_bug.cgi?id=1526191 https://github.com/projectatomic/rpm-ostree/pull/959#issuecomment-325780234 https://github.com/projectatomic/rpm-ostree/pull/1142 --- rpm.fc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rpm.fc b/rpm.fc index 6ba4338cb6..9c201fc9f6 100644 --- a/rpm.fc +++ b/rpm.fc @@ -30,7 +30,8 @@ /usr/share/yumex/yumex-yum-backend -- gen_context(system_u:object_r:rpm_exec_t,s0) /usr/share/yumex/yum_childtask\.py -- gen_context(system_u:object_r:rpm_exec_t,s0) -/usr/share/rpm(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) +# These may be hardlinked, and they're not /var, so just use usr_t +/usr/share/rpm(/.*)? gen_context(system_u:object_r:usr_t,s0) ifdef(`distro_redhat', ` /usr/sbin/bcfg2 -- gen_context(system_u:object_r:rpm_exec_t,s0)