selinux/policycoreutils
Ondrej Mosnacek 26a4c19ecf fixfiles: do not exclude /dev and /run in -C mode
I can't think of a good reason why they should be excluded. On the
contrary, excluding them can cause trouble very easily if some labeling
rules for these directories change. For example, we changed the label
for /dev/nvme* from nvme_device_t to fixed_disk_device_t in Fedora
(updating the allow rules accordingly) and after policy update they
ended up with an invalid context, causing denials.

Thus, remove /dev and /run from the excludes. While there, also add
/root to the basic excludes to match the regex that excludes fc rules
(that should be effectively no functional change).

I did a sanity check on my system by running `restorecon -nv /dev /run`
and it didn't report any label differences.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
2021-05-12 09:36:16 +02:00
..
.tx Update Translations 2013-10-24 13:58:39 -04:00
hll Fix many misspellings 2019-09-18 22:47:35 +02:00
load_policy selinux: Remove legacy local boolean and user code 2019-07-29 23:46:24 +02:00
man selinux_config(5): add a note that runtime disable is deprecated 2020-11-12 21:23:59 +01:00
newrole newrole: support cross-compilation with PAM and audit 2020-09-04 15:56:38 -04:00
po Fix many misspellings 2019-09-18 22:47:35 +02:00
run_init tree-wide: replace last occurrences of security_context_t 2020-03-25 09:54:21 -05:00
scripts fixfiles: do not exclude /dev and /run in -C mode 2021-05-12 09:36:16 +02:00
secon tree-wide: replace last occurrences of security_context_t 2020-03-25 09:54:21 -05:00
semodule semodule: mention ignoredirs setting in genhomedircon man page 2020-04-28 09:27:49 +02:00
sestatus policycoreutils: sestatus belongs to bin not sbin 2021-02-24 11:22:03 +01:00
setfiles policycoreutils/setfiles: do not create useless setfiles.8.man file 2021-04-20 09:02:52 +02:00
setsebool setsebool: report errors from commit phase 2020-04-28 09:26:26 +02:00
.gitignore Move policycoreutils/semodule_package to semodule-utils. 2016-11-16 11:19:51 -05:00
COPYING initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
Makefile Move policycoreutils/semodule_package to semodule-utils. 2016-11-16 11:19:51 -05:00
VERSION Update VERSIONs to 3.2 for release. 2021-03-04 16:42:59 +01:00