From 93b189c558602fc3372add009f0e95f454dd1254 Mon Sep 17 00:00:00 2001 From: Zdenek Pytela Date: Wed, 31 Jan 2024 16:16:15 +0100 Subject: [PATCH 1/3] Rename all /var/run file context entries to /run With the next selinux-policy package update, the "/run = /var/run" equivalency will be inverted to "/var/run = /run" so that the file context specifications entries match the actual filesystem path. All existing file context entries in selinux-policy sources based on the /var/run path need to change to /run. -- NOTE: cherry-picked from the Fedora package 'selinux-policy' upstream: https://github.com/fedora-selinux/selinux-policy/commit/1f76e522ab3e4c6faafde161036aa5bb49a0cbe0 --- mysql.fc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mysql.fc b/mysql.fc index ae7dd80..b20dace 100644 --- a/mysql.fc +++ b/mysql.fc @@ -53,7 +53,7 @@ HOME_DIR/\.my\.cnf -- gen_context(system_u:object_r:mysqld_home_t, s0) /var/log/mysql(/.*)? gen_context(system_u:object_r:mysqld_log_t,s0) /var/log/mysql.* -- gen_context(system_u:object_r:mysqld_log_t,s0) -/var/run/mariadb(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) -/var/run/mysql(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) -/var/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) -/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0) +/run/mariadb(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) +/run/mysql(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) +/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) +/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0) From 8c4a8225eb2ec6332d5665113519275ddbd16ff5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 11 Apr 2024 18:15:46 +0200 Subject: [PATCH 2/3] Alias /usr/sbin to /usr/bin and change all /usr/sbin paths to /usr/bin This is for https://fedoraproject.org/wiki/Changes/Unify_bin_and_sbin. We want to match /usr/bin/foo and /usr/sbin/foo. Instead of duplicating all the paths, introduce the alias and use the new path everywhere. Duplicate paths are removed. (cat **/*.fc | sed -r 's/\s+/ /g' | sort | grep -v '^#' | uniq -c | grep -v ' 1 ') -- NOTE: cherry-picked from the Fedora package 'selinux-policy' upstream: https://github.com/fedora-selinux/selinux-policy/commit/1be14f9b5a99a4eec7f9aba7fbb83bf8dde817f4 --- mysql.fc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/mysql.fc b/mysql.fc index b20dace..1eed5b5 100644 --- a/mysql.fc +++ b/mysql.fc @@ -35,13 +35,13 @@ HOME_DIR/\.my\.cnf -- gen_context(system_u:object_r:mysqld_home_t, s0) /usr/bin/mariadb-upgrade -- gen_context(system_u:object_r:mysqld_exec_t,s0) /usr/libexec/mariadbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/sbin/mariadbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) +/usr/bin/mariadbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) /usr/bin/mariadb-backup -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/sbin/mysqld(-max|-debug)? -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/sbin/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_exec_t,s0) -/usr/sbin/ndbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) +/usr/bin/mysqld(-max|-debug)? -- gen_context(system_u:object_r:mysqld_exec_t,s0) +/usr/bin/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_exec_t,s0) +/usr/bin/ndbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) # # /var From 676ba35014da936a4016fbff5adc1284be98d3ca Mon Sep 17 00:00:00 2001 From: Michal Schorm Date: Tue, 24 Sep 2024 03:34:47 +0200 Subject: [PATCH 3/3] [refactoring] Code style adjustments to align with content from Fedora 'selinux-policy' package This commit contains no functional changes (No-op). It updates code style to closely match the guidelines and structure outlined in the following resource: https://github.com/fedora-selinux/selinux-policy/blob/rawhide/policy/modules/contrib/mysql.fc -- The differences has been introduced in commits: https://github.com/fedora-selinux/selinux-policy/commit/4cd40093595d7d2451e77e38637872d346609297 https://github.com/devexp-db/mysql-selinux/commit/c4825a8fd2bd4e4d0fc66188fb2f95cbf26ca323 --- mysql.fc | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/mysql.fc b/mysql.fc index 1eed5b5..0799345 100644 --- a/mysql.fc +++ b/mysql.fc @@ -28,20 +28,23 @@ HOME_DIR/\.my\.cnf -- gen_context(system_u:object_r:mysqld_home_t, s0) /usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0) /usr/libexec/mysqld_safe-scl-helper -- gen_context(system_u:object_r:mysqld_safe_exec_t,s0) -# mariadb +/usr/bin/mysqld(-max|-debug)? -- gen_context(system_u:object_r:mysqld_exec_t,s0) +/usr/bin/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_exec_t,s0) +/usr/bin/ndbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) + +# +# /usr - mariadb +# /usr/bin/mariadbd-safe -- gen_context(system_u:object_r:mysqld_safe_exec_t,s0) /usr/bin/mariadbd-safe-helper -- gen_context(system_u:object_r:mysqld_exec_t,s0) /usr/bin/mariadb-upgrade -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/libexec/mariadbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) /usr/bin/mariadbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/bin/mariadb-backup -- gen_context(system_u:object_r:mysqld_exec_t,s0) +/usr/libexec/mariadbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/bin/mysqld(-max|-debug)? -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/bin/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_exec_t,s0) -/usr/bin/ndbd -- gen_context(system_u:object_r:mysqld_exec_t,s0) +/usr/bin/mariadb-backup -- gen_context(system_u:object_r:mysqld_exec_t,s0) # # /var