diff --git a/policy/modules/services/fail2ban.fc b/policy/modules/services/fail2ban.fc index fa87ac1..96a4623 100644 --- a/policy/modules/services/fail2ban.fc +++ b/policy/modules/services/fail2ban.fc @@ -1,4 +1,4 @@ -/etc/rc\.d/init\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_script_exec_t,s0) +/etc/rc\.d/init\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0) /usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0) /usr/bin/fail2ban-server -- gen_context(system_u:object_r:fail2ban_exec_t,s0) diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te index e4763b5..b1be911 100644 --- a/policy/modules/services/fail2ban.te +++ b/policy/modules/services/fail2ban.te @@ -10,6 +10,9 @@ type fail2ban_t; type fail2ban_exec_t; init_daemon_domain(fail2ban_t, fail2ban_exec_t) +type fail2ban_initrc_exec_t; +init_script_file(fail2ban_initrc_exec_t) + # log files type fail2ban_log_t; logging_log_file(fail2ban_log_t) @@ -18,9 +21,6 @@ logging_log_file(fail2ban_log_t) type fail2ban_var_run_t; files_pid_file(fail2ban_var_run_t) -type fail2ban_script_exec_t; -init_script_file(fail2ban_script_exec_t) - ######################################## # # fail2ban local policy diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te index 269e5e1..0c6f056 100644 --- a/policy/modules/services/networkmanager.te +++ b/policy/modules/services/networkmanager.te @@ -10,12 +10,12 @@ type NetworkManager_t; type NetworkManager_exec_t; init_daemon_domain(NetworkManager_t, NetworkManager_exec_t) +type NetworkManager_initrc_exec_t; +init_script_file(NetworkManager_initrc_exec_t) + type NetworkManager_log_t; logging_log_file(NetworkManager_log_t) -type NetworkManager_script_exec_t; -init_script_file(NetworkManager_script_exec_t) - type NetworkManager_tmp_t; files_tmp_file(NetworkManager_tmp_t) diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc index 1a6eec2..e79dccc 100644 --- a/policy/modules/services/ntp.fc +++ b/policy/modules/services/ntp.fc @@ -8,7 +8,7 @@ /etc/ntp/keys -- gen_context(system_u:object_r:ntpd_key_t,s0) /etc/ntp/step-tickers.* -- gen_context(system_u:object_r:net_conf_t,s0) -/etc/rc\.d/init\.d/ntpd -- gen_context(system_u:object_r:ntpd_script_exec_t,s0) +/etc/rc\.d/init\.d/ntpd -- gen_context(system_u:object_r:ntpd_initrc_exec_t,s0) /usr/sbin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0) /usr/sbin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0) diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te index f6a6ba1..c5acc6f 100644 --- a/policy/modules/services/ntp.te +++ b/policy/modules/services/ntp.te @@ -13,15 +13,15 @@ type ntpd_t; type ntpd_exec_t; init_daemon_domain(ntpd_t, ntpd_exec_t) +type ntpd_initrc_exec_t; +init_script_file(ntpd_initrc_exec_t) + type ntpd_key_t; files_type(ntpd_key_t) type ntpd_log_t; logging_log_file(ntpd_log_t) -type ntpd_script_exec_t; -init_script_file(ntpd_script_exec_t) - type ntpd_tmp_t; files_tmp_file(ntpd_tmp_t) diff --git a/policy/modules/services/squid.fc b/policy/modules/services/squid.fc index b03b3c9..48f46c5 100644 --- a/policy/modules/services/squid.fc +++ b/policy/modules/services/squid.fc @@ -1,4 +1,4 @@ -/etc/rc.d/init.d/squid -- gen_context(system_u:object_r:squid_script_exec_t,s0) +/etc/rc.d/init.d/squid -- gen_context(system_u:object_r:squid_initrc_exec_t,s0) /etc/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0) /usr/lib/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_squid_script_exec_t,s0) diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te index 0adefbc..e4e3390 100644 --- a/policy/modules/services/squid.te +++ b/policy/modules/services/squid.te @@ -25,12 +25,12 @@ files_type(squid_cache_t) type squid_conf_t; files_type(squid_conf_t) +type squid_initrc_exec_t; +init_script_file(squid_initrc_exec_t) + type squid_log_t; logging_log_file(squid_log_t) -type squid_script_exec_t; -init_script_file(squid_script_exec_t) - type squid_var_run_t; files_pid_file(squid_var_run_t)