FHS: Drop limitation for only non-executable files in /usr/share

[people/stevee/pakfire.git] / src / libpakfire / fhs.c

diff --git a/src/libpakfire/fhs.c b/src/libpakfire/fhs.c
index 6daf8258b601f68f596e56c15278da68988ad4d1..e819b8651dcde1d24a38494d171e28f5e99c1705 100644 (file)
--- a/src/libpakfire/fhs.c
+++ b/src/libpakfire/fhs.c
@@ -61,6 +61,11 @@ static const struct pakfire_fhs_check {
        { "/usr/bin/*",           S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
        { "/usr/sbin/*",          S_IFDIR,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 
+       // Permitted setuid binaries
+       { "/usr/bin/passwd",      S_IFREG, 4755, "root", "root", 0 },
+       { "/usr/bin/su",          S_IFREG, 4755, "root", "root", 0 },
+       { "/usr/bin/sudo",        S_IFREG, 4755, "root", "root", 0 },
+
        // Any files in /usr/{,s}bin must be owned by root and have 0755
        { "/usr/bin/*",           S_IFREG, 0755, "root", "root", 0 },
        { "/usr/sbin/*",          S_IFREG, 0755, "root", "root", 0 },
@@ -82,9 +87,6 @@ static const struct pakfire_fhs_check {
        { "/usr/lib/firmware/**", S_IFREG, 0644, "root", "root", 0 },
        { "/usr/lib/firmware/**", S_IFDIR, 0755, "root", "root", 0 },
 
-       // /usr/share cannot have any exectuable files
-       { "/usr/share/**",        S_IFREG,    0,   NULL,   NULL, PAKFIRE_FHS_NOEXEC },
-
        // /var
        { "/var",                 S_IFDIR, 0755, "root", "root", 0 },
        { "/var/cache",           S_IFDIR, 0755, "root", "root", 0 },
@@ -142,6 +144,7 @@ static const struct pakfire_fhs_check {
 
        // root
        { "/root",                S_IFDIR, 0700, "root", "root", 0 },
+       { "/root/.*",             S_IFREG, 0644, "root", "root", 0 },
        { "/root/**",                   0,    0,   NULL,   NULL, PAKFIRE_FHS_MUSTNOTEXIST },
 
        // /run