This patch adds a new subs_dist file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The idea is to allow distributions to ship a subs file as well as let
the user modify subs.

In F16 we are looking at shipping a

file_contexts.subs_dist file like this

cat file_contexts.subs_dist
/run /var/run
/run/lock /var/lock
/var/run/lock /var/lock
/lib64 /lib
/usr/lib64 /usr/lib

The we will remove all (64)?  from policy.

This will allow us to make sure all /usr/lib/libBLAH is labeled the same
as /usr/lib64/libBLAH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2c1ksACgkQrlYvE4MpobNXcQCgqgAiQJxmwa1+NdIq8E3tQRp6
QT0An0ihA60di9CRsEqEdVbSaHOwtte5
=LXgd
-----END PGP SIGNATURE-----

Signed-off-by: Steve Lawrence <slawrence@tresys.com>

1 files changed, 6 insertions, 4 deletions

diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index 2fd19c51..ba316df5 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -56,12 +56,11 @@ static char *selabel_sub(struct selabel_sub *ptr, const char *src)
 	return NULL;
 }
 
-static struct selabel_sub *selabel_subs_init(void)
+static struct selabel_sub *selabel_subs_init(const char *path,struct selabel_sub *list)
 {
 	char buf[1024];
-	FILE *cfg = fopen(selinux_file_context_subs_path(), "r");
+	FILE *cfg = fopen(path, "r");
 	struct selabel_sub *sub;
-	struct selabel_sub *list = NULL;
 
 	if (cfg) {
 		while (fgets_unlocked(buf, sizeof(buf) - 1, cfg)) {
@@ -160,7 +159,10 @@ struct selabel_handle *selabel_open(unsigned int backend,
 	memset(rec, 0, sizeof(*rec));
 	rec->backend = backend;
 	rec->validating = selabel_is_validate_set(opts, nopts);
-	rec->subs = selabel_subs_init();
+
+	rec->subs = NULL;
+	rec->subs = selabel_subs_init(selinux_file_context_subs_dist_path(), rec->subs);
+	rec->subs = selabel_subs_init(selinux_file_context_subs_path(), rec->subs);
 
 	if ((*initfuncs[backend])(rec, opts, nopts)) {
 		free(rec);