• Ondrej Mosnacek's avatar
    fixfiles: do not exclude /dev and /run in -C mode · 26a4c19e
    Ondrej Mosnacek authored
    I can't think of a good reason why they should be excluded. On the
    contrary, excluding them can cause trouble very easily if some labeling
    rules for these directories change. For example, we changed the label
    for /dev/nvme* from nvme_device_t to fixed_disk_device_t in Fedora
    (updating the allow rules accordingly) and after policy update they
    ended up with an invalid context, causing denials.
    
    Thus, remove /dev and /run from the excludes. While there, also add
    /root to the basic excludes to match the regex that excludes fc rules
    (that should be effectively no functional change).
    
    I did a sanity check on my system by running `restorecon -nv /dev /run`
    and it didn't report any label differences.
    Signed-off-by: default avatarOndrej Mosnacek <omosnace@redhat.com>
    Acked-by: default avatarPetr Lautrbach <plautrba@redhat.com>
    26a4c19e
Name
Last commit
Last update
..
.tx Loading commit data...
hll Loading commit data...
load_policy Loading commit data...
man Loading commit data...
newrole Loading commit data...
po Loading commit data...
run_init Loading commit data...
scripts Loading commit data...
secon Loading commit data...
semodule Loading commit data...
sestatus Loading commit data...
setfiles Loading commit data...
setsebool Loading commit data...
.gitignore Loading commit data...
COPYING Loading commit data...
Makefile Loading commit data...
VERSION Loading commit data...