selinux_verify: stop checking backup files (#176)

Micah Abbott · web-flow · commit dbb94aa0f8e4 · 2017-06-13T13:50:29.000-04:00
New composes done with `rpm-ostree` will have the backups of the `passwd` removed, per coreos/rpm-ostree#693. This will cause the `selinux_verify` role to fail. Since we are already checking the primary file, consensus says that it is safe to remove the checks on that particular backup, as well as the other backups of `group`, `shadow`, and `gshadow`.
diff --git a/roles/selinux_verify/vars/common.yml b/roles/selinux_verify/vars/common.yml
@@ -11,13 +11,9 @@ common_files:
   - { key: '/etc/hosts.allow', value: 'system_u:object_r:net_conf_t:s0' }
   - { key: '/etc/hosts.deny', value: 'system_u:object_r:net_conf_t:s0' }
   - { key: '/etc/group', value: 'system_u:object_r:passwd_file_t:s0' }
-  - { key: '/etc/group-', value: 'system_u:object_r:passwd_file_t:s0' }
   - { key: '/etc/passwd', value: 'system_u:object_r:passwd_file_t:s0' }
-  - { key: '/etc/passwd-', value: 'system_u:object_r:passwd_file_t:s0' }
   - { key: '/etc/gshadow', value: 'system_u:object_r:shadow_t:s0' }
-  - { key: '/etc/gshadow-', value: 'system_u:object_r:shadow_t:s0' }
   - { key: '/etc/shadow', value: 'system_u:object_r:shadow_t:s0' }
-  - { key: '/etc/shadow-', value: 'system_u:object_r:shadow_t:s0' }
   - { key: '/usr/sbin/NetworkManager', value: 'system_u:object_r:NetworkManager_exec_t:s0' }
   - { key: '/usr/bin/ostree', value: 'system_u:object_r:install_exec_t:s0' }
   - { key: '/usr/bin/rpm-ostree', value: 'system_u:object_r:install_exec_t:s0' }
