diff --git a/refpolicy/policy/modules/admin/consoletype.fc b/refpolicy/policy/modules/admin/consoletype.fc index cf7eb6e..242ca19 100644 --- a/refpolicy/policy/modules/admin/consoletype.fc +++ b/refpolicy/policy/modules/admin/consoletype.fc @@ -1,3 +1,3 @@ # Copyright (C) 2005 Tresys Technology, LLC -/sbin/consoletype -- system_u:object_r:consoletype_exec_t +/sbin/consoletype -- context_template(system_u:object_r:consoletype_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/netutils.fc b/refpolicy/policy/modules/admin/netutils.fc index 30e4697..25fa1a9 100644 --- a/refpolicy/policy/modules/admin/netutils.fc +++ b/refpolicy/policy/modules/admin/netutils.fc @@ -1,14 +1,14 @@ # Copyright (C) 2005 Tresys Technology, LLC -/bin/ping.* -- system_u:object_r:ping_exec_t -/bin/traceroute.* -- system_u:object_r:traceroute_exec_t +/bin/ping.* -- context_template(system_u:object_r:ping_exec_t,s0) +/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0) -/sbin/arping -- system_u:object_r:netutils_exec_t +/sbin/arping -- context_template(system_u:object_r:netutils_exec_t,s0) -/usr/bin/lft -- system_u:object_r:traceroute_exec_t -/usr/bin/nmap -- system_u:object_r:traceroute_exec_t -/usr/bin/traceroute.* -- system_u:object_r:traceroute_exec_t +/usr/bin/lft -- context_template(system_u:object_r:traceroute_exec_t,s0) +/usr/bin/nmap -- context_template(system_u:object_r:traceroute_exec_t,s0) +/usr/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0) -/usr/sbin/traceroute.* -- system_u:object_r:traceroute_exec_t -/usr/sbin/hping2 -- system_u:object_r:ping_exec_t -/usr/sbin/tcpdump -- system_u:object_r:netutils_exec_t +/usr/sbin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0) +/usr/sbin/hping2 -- context_template(system_u:object_r:ping_exec_t,s0) +/usr/sbin/tcpdump -- context_template(system_u:object_r:netutils_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/usermanage.fc b/refpolicy/policy/modules/admin/usermanage.fc index 695d17a..5514373 100644 --- a/refpolicy/policy/modules/admin/usermanage.fc +++ b/refpolicy/policy/modules/admin/usermanage.fc @@ -1,28 +1,28 @@ # Copyright (C) 2005 Tresys Technology, LLC -/usr/bin/chage -- system_u:object_r:passwd_exec_t -/usr/bin/chfn -- system_u:object_r:chfn_exec_t -/usr/bin/chsh -- system_u:object_r:chfn_exec_t -/usr/bin/gpasswd -- system_u:object_r:groupadd_exec_t -/usr/bin/passwd -- system_u:object_r:passwd_exec_t -/usr/bin/vigr -- system_u:object_r:admin_passwd_exec_t -/usr/bin/vipw -- system_u:object_r:admin_passwd_exec_t +/usr/bin/chage -- context_template(system_u:object_r:passwd_exec_t,s0) +/usr/bin/chfn -- context_template(system_u:object_r:chfn_exec_t,s0) +/usr/bin/chsh -- context_template(system_u:object_r:chfn_exec_t,s0) +/usr/bin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0) +/usr/bin/passwd -- context_template(system_u:object_r:passwd_exec_t,s0) +/usr/bin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/bin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/usr/lib(64)?/cracklib_dict.* -- system_u:object_r:crack_db_t +/usr/lib(64)?/cracklib_dict.* -- context_template(system_u:object_r:crack_db_t,s0) -/usr/sbin/crack_[a-z]* -- system_u:object_r:crack_exec_t -/usr/sbin/gpasswd -- system_u:object_r:groupadd_exec_t -/usr/sbin/groupadd -- system_u:object_r:groupadd_exec_t -/usr/sbin/groupdel -- system_u:object_r:groupadd_exec_t -/usr/sbin/groupmod -- system_u:object_r:groupadd_exec_t -/usr/sbin/grpconv -- system_u:object_r:admin_passwd_exec_t -/usr/sbin/grpunconv -- system_u:object_r:admin_passwd_exec_t -/usr/sbin/pwconv -- system_u:object_r:admin_passwd_exec_t -/usr/sbin/pwunconv -- system_u:object_r:admin_passwd_exec_t -/usr/sbin/useradd -- system_u:object_r:useradd_exec_t -/usr/sbin/userdel -- system_u:object_r:useradd_exec_t -/usr/sbin/usermod -- system_u:object_r:useradd_exec_t -/usr/sbin/vigr -- system_u:object_r:admin_passwd_exec_t -/usr/sbin/vipw -- system_u:object_r:admin_passwd_exec_t +/usr/sbin/crack_[a-z]* -- context_template(system_u:object_r:crack_exec_t,s0) +/usr/sbin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/groupadd -- context_template(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/groupdel -- context_template(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/groupmod -- context_template(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/grpconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/grpunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/pwconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/pwunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/useradd -- context_template(system_u:object_r:useradd_exec_t,s0) +/usr/sbin/userdel -- context_template(system_u:object_r:useradd_exec_t,s0) +/usr/sbin/usermod -- context_template(system_u:object_r:useradd_exec_t,s0) +/usr/sbin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/var/cache/cracklib(/.*)? system_u:object_r:crack_db_t +/var/cache/cracklib(/.*)? context_template(system_u:object_r:crack_db_t,s0) diff --git a/refpolicy/policy/modules/apps/gpg.fc b/refpolicy/policy/modules/apps/gpg.fc index bbcec5b..9d2c6be 100644 --- a/refpolicy/policy/modules/apps/gpg.fc +++ b/refpolicy/policy/modules/apps/gpg.fc @@ -1,10 +1,10 @@ # Copyright (C) 2005 Tresys Technology, LLC -/usr/bin/gpg -- system_u:object_r:gpg_exec_t -/usr/bin/gpg-agent -- system_u:object_r:gpg_agent_exec_t -/usr/bin/kgpg -- system_u:object_r:gpg_exec_t -/usr/bin/pinentry.* -- system_u:object_r:pinentry_exec_t +/usr/bin/gpg -- context_template(system_u:object_r:gpg_exec_t,s0) +/usr/bin/gpg-agent -- context_template(system_u:object_r:gpg_agent_exec_t,s0) +/usr/bin/kgpg -- context_template(system_u:object_r:gpg_exec_t,s0) +/usr/bin/pinentry.* -- context_template(system_u:object_r:pinentry_exec_t,s0) -/usr/lib/gnupg/gpgkeys.* -- system_u:object_r:gpg_helper_exec_t +/usr/lib/gnupg/gpgkeys.* -- context_template(system_u:object_r:gpg_helper_exec_t,s0) -#HOME_DIR/\.gnupg(/.+)? system_u:object_r:ROLE_gpg_secret_t +#HOME_DIR/\.gnupg(/.+)? context_template(system_u:object_r:ROLE_gpg_secret_t,s0) diff --git a/refpolicy/policy/modules/kernel/bootloader.fc b/refpolicy/policy/modules/kernel/bootloader.fc index f4dd277..ee74701 100644 --- a/refpolicy/policy/modules/kernel/bootloader.fc +++ b/refpolicy/policy/modules/kernel/bootloader.fc @@ -1,21 +1,21 @@ # Copyright (C) 2005 Tresys Technology, LLC -/vmlinuz.* -l system_u:object_r:boot_t -/initrd\.img.* -l system_u:object_r:boot_t +/vmlinuz.* -l context_template(system_u:object_r:boot_t,s0) +/initrd\.img.* -l context_template(system_u:object_r:boot_t,s0) -/boot(/.*)? system_u:object_r:boot_t -/boot/System\.map-.* -- system_u:object_r:system_map_t +/boot(/.*)? context_template(system_u:object_r:boot_t,s0) +/boot/System\.map-.* -- context_template(system_u:object_r:system_map_t,s0) -/etc/lilo\.conf.* -- system_u:object_r:bootloader_etc_t -/etc/yaboot\.conf.* -- system_u:object_r:bootloader_etc_t +/etc/lilo\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0) +/etc/yaboot\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0) -/etc/mkinitrd/scripts/.* -- system_u:object_r:bootloader_exec_t +/etc/mkinitrd/scripts/.* -- context_template(system_u:object_r:bootloader_exec_t,s0) -/lib(64)?/modules(/.*)? system_u:object_r:modules_object_t +/lib(64)?/modules(/.*)? context_template(system_u:object_r:modules_object_t,s0) -/usr/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t +/usr/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0) -/sbin/grub.* -- system_u:object_r:bootloader_exec_t -/sbin/lilo.* -- system_u:object_r:bootloader_exec_t -/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t -/sbin/ybin.* -- system_u:object_r:bootloader_exec_t +/sbin/grub.* -- context_template(system_u:object_r:bootloader_exec_t,s0) +/sbin/lilo.* -- context_template(system_u:object_r:bootloader_exec_t,s0) +/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0) +/sbin/ybin.* -- context_template(system_u:object_r:bootloader_exec_t,s0) diff --git a/refpolicy/policy/modules/kernel/corenetwork.fc b/refpolicy/policy/modules/kernel/corenetwork.fc index 1906949..e567bba 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.fc +++ b/refpolicy/policy/modules/kernel/corenetwork.fc @@ -1,7 +1,7 @@ # Copyright (C) 2005 Tresys Technology, LLC -/dev/ippp.* -c system_u:object_r:ppp_device_t -/dev/ppp -c system_u:object_r:ppp_device_t -/dev/pppox.* -c system_u:object_r:ppp_device_t +/dev/ippp.* -c context_template(system_u:object_r:ppp_device_t,s0) +/dev/ppp -c context_template(system_u:object_r:ppp_device_t,s0) +/dev/pppox.* -c context_template(system_u:object_r:ppp_device_t,s0) -/dev/net/.* -c system_u:object_r:tun_tap_device_t +/dev/net/.* -c context_template(system_u:object_r:tun_tap_device_t,s0) diff --git a/refpolicy/policy/modules/kernel/devices.fc b/refpolicy/policy/modules/kernel/devices.fc index 7f5345e..3479046 100644 --- a/refpolicy/policy/modules/kernel/devices.fc +++ b/refpolicy/policy/modules/kernel/devices.fc @@ -1,80 +1,80 @@ # Copyright (C) 2005 Tresys Technology, LLC -/dev(/.*)? system_u:object_r:device_t +/dev(/.*)? context_template(system_u:object_r:device_t,s0) -/dev/.*mouse.* -c system_u:object_r:mouse_device_t -/dev/adsp -c system_u:object_r:sound_device_t -/dev/agpgart -c system_u:object_r:agp_device_t -/dev/aload.* -c system_u:object_r:sound_device_t -/dev/amidi.* -c system_u:object_r:sound_device_t -/dev/amixer.* -c system_u:object_r:sound_device_t -/dev/apm_bios -c system_u:object_r:apm_bios_t -/dev/atibm -c system_u:object_r:mouse_device_t -/dev/audio.* -c system_u:object_r:sound_device_t -/dev/beep -c system_u:object_r:sound_device_t -/dev/console -c system_u:object_r:console_device_t -/dev/dsp.* -c system_u:object_r:sound_device_t -/dev/fb[0-9]* -c system_u:object_r:framebuf_device_t -/dev/full -c system_u:object_r:null_device_t -/dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t -/dev/js.* -c system_u:object_r:mouse_device_t -/dev/kmem -c system_u:object_r:memory_device_t -/dev/logibm -c system_u:object_r:mouse_device_t -/dev/lp.* -c system_u:object_r:printer_device_t -/dev/mem -c system_u:object_r:memory_device_t -/dev/microcode -c system_u:object_r:cpu_device_t -/dev/midi.* -c system_u:object_r:sound_device_t -/dev/mixer.* -c system_u:object_r:sound_device_t -/dev/mmetfgrab -c system_u:object_r:scanner_device_t -/dev/mpu401.* -c system_u:object_r:sound_device_t -/dev/null -c system_u:object_r:null_device_t -/dev/nvidia.* -c system_u:object_r:xserver_misc_device_t -/dev/nvram -c system_u:object_r:memory_device_t -/dev/par.* -c system_u:object_r:printer_device_t -/dev/patmgr[01] -c system_u:object_r:sound_device_t -/dev/pmu -c system_u:object_r:power_device_t -/dev/port -c system_u:object_r:memory_device_t -/dev/psaux -c system_u:object_r:mouse_device_t -/dev/rmidi.* -c system_u:object_r:sound_device_t -/dev/radeon -c system_u:object_r:dri_device_t -/dev/radio.* -c system_u:object_r:v4l_device_t -/dev/random -c system_u:object_r:random_device_t -/dev/rtc -c system_u:object_r:clock_device_t -/dev/sequencer -c system_u:object_r:sound_device_t -/dev/sequencer2 -c system_u:object_r:sound_device_t -/dev/smpte.* -c system_u:object_r:sound_device_t -/dev/srnd[0-7] -c system_u:object_r:sound_device_t -/dev/sndstat -c system_u:object_r:sound_device_t -/dev/tlk[0-3] -c system_u:object_r:v4l_device_t -/dev/urandom -c system_u:object_r:urandom_device_t -/dev/usblp.* -c system_u:object_r:printer_device_t +/dev/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/adsp -c context_template(system_u:object_r:sound_device_t,s0) +/dev/agpgart -c context_template(system_u:object_r:agp_device_t,s0) +/dev/aload.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/amidi.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/amixer.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/apm_bios -c context_template(system_u:object_r:apm_bios_t,s0) +/dev/atibm -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/audio.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/beep -c context_template(system_u:object_r:sound_device_t,s0) +/dev/console -c context_template(system_u:object_r:console_device_t,s0) +/dev/dsp.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/fb[0-9]* -c context_template(system_u:object_r:framebuf_device_t,s0) +/dev/full -c context_template(system_u:object_r:null_device_t,s0) +/dev/irlpt[0-9]+ -c context_template(system_u:object_r:printer_device_t,s0) +/dev/js.* -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/kmem -c context_template(system_u:object_r:memory_device_t,s0) +/dev/logibm -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/lp.* -c context_template(system_u:object_r:printer_device_t,s0) +/dev/mem -c context_template(system_u:object_r:memory_device_t,s0) +/dev/microcode -c context_template(system_u:object_r:cpu_device_t,s0) +/dev/midi.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/mixer.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/mmetfgrab -c context_template(system_u:object_r:scanner_device_t,s0) +/dev/mpu401.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/null -c context_template(system_u:object_r:null_device_t,s0) +/dev/nvidia.* -c context_template(system_u:object_r:xserver_misc_device_t,s0) +/dev/nvram -c context_template(system_u:object_r:memory_device_t,s0) +/dev/par.* -c context_template(system_u:object_r:printer_device_t,s0) +/dev/patmgr[01] -c context_template(system_u:object_r:sound_device_t,s0) +/dev/pmu -c context_template(system_u:object_r:power_device_t,s0) +/dev/port -c context_template(system_u:object_r:memory_device_t,s0) +/dev/psaux -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/rmidi.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/radeon -c context_template(system_u:object_r:dri_device_t,s0) +/dev/radio.* -c context_template(system_u:object_r:v4l_device_t,s0) +/dev/random -c context_template(system_u:object_r:random_device_t,s0) +/dev/rtc -c context_template(system_u:object_r:clock_device_t,s0) +/dev/sequencer -c context_template(system_u:object_r:sound_device_t,s0) +/dev/sequencer2 -c context_template(system_u:object_r:sound_device_t,s0) +/dev/smpte.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/srnd[0-7] -c context_template(system_u:object_r:sound_device_t,s0) +/dev/sndstat -c context_template(system_u:object_r:sound_device_t,s0) +/dev/tlk[0-3] -c context_template(system_u:object_r:v4l_device_t,s0) +/dev/urandom -c context_template(system_u:object_r:urandom_device_t,s0) +/dev/usblp.* -c context_template(system_u:object_r:printer_device_t,s0) ifdef(`distro_suse', ` -/dev/usbscanner -c system_u:object_r:scanner_device_t +/dev/usbscanner -c context_template(system_u:object_r:scanner_device_t,s0) ') -/dev/vbi.* -c system_u:object_r:v4l_device_t -/dev/video.* -c system_u:object_r:v4l_device_t -/dev/vttuner -c system_u:object_r:v4l_device_t -/dev/vtx.* -c system_u:object_r:v4l_device_t -/dev/winradio. -c system_u:object_r:v4l_device_t -/dev/zero -c system_u:object_r:zero_device_t +/dev/vbi.* -c context_template(system_u:object_r:v4l_device_t,s0) +/dev/video.* -c context_template(system_u:object_r:v4l_device_t,s0) +/dev/vttuner -c context_template(system_u:object_r:v4l_device_t,s0) +/dev/vtx.* -c context_template(system_u:object_r:v4l_device_t,s0) +/dev/winradio. -c context_template(system_u:object_r:v4l_device_t,s0) +/dev/zero -c context_template(system_u:object_r:zero_device_t,s0) -/dev/cpu/.* -c system_u:object_r:cpu_device_t -/dev/cpu/mtrr -c system_u:object_r:mtrr_device_t +/dev/cpu/.* -c context_template(system_u:object_r:cpu_device_t,s0) +/dev/cpu/mtrr -c context_template(system_u:object_r:mtrr_device_t,s0) -/dev/dri/.+ -c system_u:object_r:dri_device_t +/dev/dri/.+ -c context_template(system_u:object_r:dri_device_t,s0) -/dev/input/.*mouse.* -c system_u:object_r:mouse_device_t -/dev/input/event.* -c system_u:object_r:event_device_t -/dev/input/mice -c system_u:object_r:mouse_device_t -/dev/input/js.* -c system_u:object_r:mouse_device_t +/dev/input/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/input/event.* -c context_template(system_u:object_r:event_device_t,s0) +/dev/input/mice -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/input/js.* -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/mapper/control -c system_u:object_r:lvm_control_t +/dev/mapper/control -c context_template(system_u:object_r:lvm_control_t,s0) -/dev/pts(/.*)? <> +/dev/pts(/.*)? <> -/dev/snd/.* -c system_u:object_r:sound_device_t +/dev/snd/.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/usb/dc2xx.* -c system_u:object_r:scanner_device_t -/dev/usb/lp.* -c system_u:object_r:printer_device_t -/dev/usb/mdc800.* -c system_u:object_r:scanner_device_t -/dev/usb/scanner.* -c system_u:object_r:scanner_device_t +/dev/usb/dc2xx.* -c context_template(system_u:object_r:scanner_device_t,s0) +/dev/usb/lp.* -c context_template(system_u:object_r:printer_device_t,s0) +/dev/usb/mdc800.* -c context_template(system_u:object_r:scanner_device_t,s0) +/dev/usb/scanner.* -c context_template(system_u:object_r:scanner_device_t,s0) diff --git a/refpolicy/policy/modules/kernel/storage.fc b/refpolicy/policy/modules/kernel/storage.fc index b5b0068..2be19b2 100644 --- a/refpolicy/policy/modules/kernel/storage.fc +++ b/refpolicy/policy/modules/kernel/storage.fc @@ -1,61 +1,61 @@ # Copyright (C) 2005 Tresys Technology, LLC -/dev/n?(raw)?[qr]ft[0-3] -c system_u:object_r:tape_device_t -/dev/n?[hs]t[0-9].* -c system_u:object_r:tape_device_t -/dev/n?z?qft[0-3] -c system_u:object_r:tape_device_t -/dev/n?osst[0-3].* -c system_u:object_r:tape_device_t -/dev/n?pt[0-9]+ -c system_u:object_r:tape_device_t -/dev/n?tpqic[12].* -c system_u:object_r:tape_device_t -/dev/[shmx]d[^/]* -b system_u:object_r:fixed_disk_device_t -/dev/aztcd -b system_u:object_r:removable_device_t -/dev/bpcd -b system_u:object_r:removable_device_t -/dev/cdu.* -b system_u:object_r:removable_device_t -/dev/cm20.* -b system_u:object_r:removable_device_t -/dev/dasd[^/]* -b system_u:object_r:fixed_disk_device_t -/dev/dm-[0-9]+ -b system_u:object_r:fixed_disk_device_t -/dev/fd[^/]+ -b system_u:object_r:removable_device_t -/dev/flash[^/]* -b system_u:object_r:fixed_disk_device_t -/dev/gscd -b system_u:object_r:removable_device_t -/dev/hitcd -b system_u:object_r:removable_device_t -/dev/ht[0-1] -b system_u:object_r:tape_device_t -/dev/initrd -b system_u:object_r:fixed_disk_device_t -/dev/jsfd -b system_u:object_r:fixed_disk_device_t -/dev/jsflash -c system_u:object_r:fixed_disk_device_t -/dev/loop.* -b system_u:object_r:fixed_disk_device_t -/dev/lvm -c system_u:object_r:fixed_disk_device_t -/dev/mcdx? -b system_u:object_r:removable_device_t -/dev/nb[^/]+ -b system_u:object_r:fixed_disk_device_t -/dev/optcd -b system_u:object_r:removable_device_t -/dev/p[fg][0-3] -b system_u:object_r:removable_device_t -/dev/pcd[0-3] -b system_u:object_r:removable_device_t -/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t -/dev/pg[0-3] -c system_u:object_r:removable_device_t -/dev/ram.* -b system_u:object_r:fixed_disk_device_t -/dev/rawctl -c system_u:object_r:fixed_disk_device_t -/dev/rd.* -b system_u:object_r:fixed_disk_device_t +/dev/n?(raw)?[qr]ft[0-3] -c context_template(system_u:object_r:tape_device_t,s0) +/dev/n?[hs]t[0-9].* -c context_template(system_u:object_r:tape_device_t,s0) +/dev/n?z?qft[0-3] -c context_template(system_u:object_r:tape_device_t,s0) +/dev/n?osst[0-3].* -c context_template(system_u:object_r:tape_device_t,s0) +/dev/n?pt[0-9]+ -c context_template(system_u:object_r:tape_device_t,s0) +/dev/n?tpqic[12].* -c context_template(system_u:object_r:tape_device_t,s0) +/dev/[shmx]d[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/aztcd -b context_template(system_u:object_r:removable_device_t,s0) +/dev/bpcd -b context_template(system_u:object_r:removable_device_t,s0) +/dev/cdu.* -b context_template(system_u:object_r:removable_device_t,s0) +/dev/cm20.* -b context_template(system_u:object_r:removable_device_t,s0) +/dev/dasd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/dm-[0-9]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/fd[^/]+ -b context_template(system_u:object_r:removable_device_t,s0) +/dev/flash[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/gscd -b context_template(system_u:object_r:removable_device_t,s0) +/dev/hitcd -b context_template(system_u:object_r:removable_device_t,s0) +/dev/ht[0-1] -b context_template(system_u:object_r:tape_device_t,s0) +/dev/initrd -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/jsfd -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/jsflash -c context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/loop.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/lvm -c context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/mcdx? -b context_template(system_u:object_r:removable_device_t,s0) +/dev/nb[^/]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/optcd -b context_template(system_u:object_r:removable_device_t,s0) +/dev/p[fg][0-3] -b context_template(system_u:object_r:removable_device_t,s0) +/dev/pcd[0-3] -b context_template(system_u:object_r:removable_device_t,s0) +/dev/pd[a-d][^/]* -b context_template(system_u:object_r:removable_device_t,s0) +/dev/pg[0-3] -c context_template(system_u:object_r:removable_device_t,s0) +/dev/ram.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/rawctl -c context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/rd.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) ifdef(`distro_redhat', ` -/dev/root -b system_u:object_r:fixed_disk_device_t +/dev/root -b context_template(system_u:object_r:fixed_disk_device_t,s0) ') -/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t -/dev/sbpcd.* -b system_u:object_r:removable_device_t -/dev/sg[0-9]+ -c system_u:object_r:scsi_generic_device_t -/dev/sjcd -b system_u:object_r:removable_device_t -/dev/sonycd -b system_u:object_r:removable_device_t -/dev/tape.* -c system_u:object_r:tape_device_t -/dev/ubd[^/]* -b system_u:object_r:fixed_disk_device_t +/dev/s(cd|r)[^/]* -b context_template(system_u:object_r:removable_device_t,s0) +/dev/sbpcd.* -b context_template(system_u:object_r:removable_device_t,s0) +/dev/sg[0-9]+ -c context_template(system_u:object_r:scsi_generic_device_t,s0) +/dev/sjcd -b context_template(system_u:object_r:removable_device_t,s0) +/dev/sonycd -b context_template(system_u:object_r:removable_device_t,s0) +/dev/tape.* -c context_template(system_u:object_r:tape_device_t,s0) +/dev/ubd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/ataraid/.* -b system_u:object_r:fixed_disk_device_t +/dev/ataraid/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/cciss/[^/]* -b system_u:object_r:fixed_disk_device_t +/dev/cciss/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/i2o/hd[^/]* -b system_u:object_r:fixed_disk_device_t +/dev/i2o/hd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/ida/[^/]* -b system_u:object_r:fixed_disk_device_t +/dev/ida/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/mapper/.* -b system_u:object_r:fixed_disk_device_t +/dev/mapper/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/raw/raw[0-9]+ -c system_u:object_r:fixed_disk_device_t +/dev/raw/raw[0-9]+ -c context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/scramdisk/.* -b system_u:object_r:fixed_disk_device_t +/dev/scramdisk/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/usb/rio500 -c system_u:object_r:removable_device_t +/dev/usb/rio500 -c context_template(system_u:object_r:removable_device_t,s0) diff --git a/refpolicy/policy/modules/kernel/terminal.fc b/refpolicy/policy/modules/kernel/terminal.fc index 322511c..a4883ab 100644 --- a/refpolicy/policy/modules/kernel/terminal.fc +++ b/refpolicy/policy/modules/kernel/terminal.fc @@ -1,18 +1,18 @@ # Copyright (C) 2005 Tresys Technology, LLC -/dev/.*tty[^/]* -c system_u:object_r:tty_device_t -/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c system_u:object_r:bsdpty_device_t -/dev/capi.* -c system_u:object_r:tty_device_t -/dev/cu.* -c system_u:object_r:tty_device_t -/dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t -/dev/hvc.* -c system_u:object_r:tty_device_t -/dev/hvsi.* -c system_u:object_r:tty_device_t -/dev/ircomm[0-9]+ -c system_u:object_r:tty_device_t -/dev/ip2[^/]* -c system_u:object_r:tty_device_t -/dev/isdn.* -c system_u:object_r:tty_device_t -/dev/ptmx -c system_u:object_r:ptmx_t -/dev/tty -c system_u:object_r:devtty_t -/dev/ttySG.* -c system_u:object_r:tty_device_t -/dev/vcs[^/]* -c system_u:object_r:tty_device_t +/dev/.*tty[^/]* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c context_template(system_u:object_r:bsdpty_device_t,s0) +/dev/capi.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/cu.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/dcbri[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0) +/dev/hvc.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/hvsi.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/ircomm[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0) +/dev/ip2[^/]* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/isdn.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/ptmx -c context_template(system_u:object_r:ptmx_t,s0) +/dev/tty -c context_template(system_u:object_r:devtty_t,s0) +/dev/ttySG.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/vcs[^/]* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/usb/tty.* -c system_u:object_r:usbtty_device_t +/dev/usb/tty.* -c context_template(system_u:object_r:usbtty_device_t,s0) diff --git a/refpolicy/policy/modules/services/mta.fc b/refpolicy/policy/modules/services/mta.fc index cd0b54c..38323da 100644 --- a/refpolicy/policy/modules/services/mta.fc +++ b/refpolicy/policy/modules/services/mta.fc @@ -1,21 +1,21 @@ # Copyright (C) 2005 Tresys Technology, LLC -/etc/aliases -- system_u:object_r:etc_aliases_t -/etc/aliases\.db -- system_u:object_r:etc_aliases_t +/etc/aliases -- context_template(system_u:object_r:etc_aliases_t,s0) +/etc/aliases\.db -- context_template(system_u:object_r:etc_aliases_t,s0) ifdef(`sendmail.te',`',` -/usr/lib(64)?/sendmail -- system_u:object_r:sendmail_exec_t +/usr/lib(64)?/sendmail -- context_template(system_u:object_r:sendmail_exec_t,s0) -/usr/sbin/sendmail(.sendmail)? -- system_u:object_r:sendmail_exec_t +/usr/sbin/sendmail(.sendmail)? -- context_template(system_u:object_r:sendmail_exec_t,s0) ') -/var/mail(/.*)? system_u:object_r:mail_spool_t +/var/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0) -/var/spool/(client)?mqueue(/.*)? system_u:object_r:mqueue_spool_t +/var/spool/(client)?mqueue(/.*)? context_template(system_u:object_r:mqueue_spool_t,s0) -/var/spool/mail(/.*)? system_u:object_r:mail_spool_t +/var/spool/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0) ifdef(`postfix.te', `', ` -/usr/sbin/sendmail.postfix -- system_u:object_r:sendmail_exec_t -/var/spool/postfix(/.*)? system_u:object_r:mail_spool_t +/usr/sbin/sendmail.postfix -- context_template(system_u:object_r:sendmail_exec_t,s0) +/var/spool/postfix(/.*)? context_template(system_u:object_r:mail_spool_t,s0) ') diff --git a/refpolicy/policy/modules/system/authlogin.fc b/refpolicy/policy/modules/system/authlogin.fc index 22384ce..0673869 100644 --- a/refpolicy/policy/modules/system/authlogin.fc +++ b/refpolicy/policy/modules/system/authlogin.fc @@ -1,36 +1,36 @@ # Copyright (C) 2005 Tresys Technology, LLC -/bin/login -- system_u:object_r:login_exec_t +/bin/login -- context_template(system_u:object_r:login_exec_t,s0) -/etc/\.pwd\.lock -- system_u:object_r:shadow_t -/etc/group\.lock -- system_u:object_r:shadow_t -/etc/gshadow.* -- system_u:object_r:shadow_t -/etc/passwd\.lock -- system_u:object_r:shadow_t -/etc/shadow.* -- system_u:object_r:shadow_t +/etc/\.pwd\.lock -- context_template(system_u:object_r:shadow_t,s0) +/etc/group\.lock -- context_template(system_u:object_r:shadow_t,s0) +/etc/gshadow.* -- context_template(system_u:object_r:shadow_t,s0) +/etc/passwd\.lock -- context_template(system_u:object_r:shadow_t,s0) +/etc/shadow.* -- context_template(system_u:object_r:shadow_t,s0) -/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- system_u:object_r:pam_exec_t +/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- context_template(system_u:object_r:pam_exec_t,s0) -/sbin/pam_console_apply -- system_u:object_r:pam_console_exec_t -/sbin/pam_timestamp_check -- system_u:object_r:pam_exec_t -/sbin/unix_chkpwd -- system_u:object_r:chkpwd_exec_t -/sbin/unix_verify -- system_u:object_r:chkpwd_exec_t +/sbin/pam_console_apply -- context_template(system_u:object_r:pam_console_exec_t,s0) +/sbin/pam_timestamp_check -- context_template(system_u:object_r:pam_exec_t,s0) +/sbin/unix_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0) +/sbin/unix_verify -- context_template(system_u:object_r:chkpwd_exec_t,s0) ifdef(`distro_suse', ` -/sbin/unix2_chkpwd -- system_u:object_r:chkpwd_exec_t +/sbin/unix2_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0) ') -/usr/kerberos/sbin/login\.krb5 -- system_u:object_r:login_exec_t +/usr/kerberos/sbin/login\.krb5 -- context_template(system_u:object_r:login_exec_t,s0) -/usr/sbin/utempter -- system_u:object_r:utempter_exec_t +/usr/sbin/utempter -- context_template(system_u:object_r:utempter_exec_t,s0) -/var/db/shadow.* -- system_u:object_r:shadow_t +/var/db/shadow.* -- context_template(system_u:object_r:shadow_t,s0) -/var/log/btmp.* -- system_u:object_r:faillog_t -/var/log/dmesg -- system_u:object_r:var_log_t -/var/log/faillog -- system_u:object_r:faillog_t -/var/log/lastlog -- system_u:object_r:lastlog_t -/var/log/syslog -- system_u:object_r:var_log_t -/var/log/wtmp.* -- system_u:object_r:wtmp_t +/var/log/btmp.* -- context_template(system_u:object_r:faillog_t,s0) +/var/log/dmesg -- context_template(system_u:object_r:var_log_t,s0) +/var/log/faillog -- context_template(system_u:object_r:faillog_t,s0) +/var/log/lastlog -- context_template(system_u:object_r:lastlog_t,s0) +/var/log/syslog -- context_template(system_u:object_r:var_log_t,s0) +/var/log/wtmp.* -- context_template(system_u:object_r:wtmp_t,s0) -/var/run/console(/.*)? system_u:object_r:pam_var_console_t +/var/run/console(/.*)? context_template(system_u:object_r:pam_var_console_t,s0) -/var/run/sudo(/.*)? system_u:object_r:pam_var_run_t +/var/run/sudo(/.*)? context_template(system_u:object_r:pam_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/clock.fc b/refpolicy/policy/modules/system/clock.fc index 1783155..9f4c567 100644 --- a/refpolicy/policy/modules/system/clock.fc +++ b/refpolicy/policy/modules/system/clock.fc @@ -1,6 +1,6 @@ # Copyright (C) 2005 Tresys Technology, LLC -/etc/adjtime -- system_u:object_r:adjtime_t +/etc/adjtime -- context_template(system_u:object_r:adjtime_t,s0) -/sbin/hwclock -- system_u:object_r:hwclock_exec_t +/sbin/hwclock -- context_template(system_u:object_r:hwclock_exec_t,s0) diff --git a/refpolicy/policy/modules/system/corecommands.fc b/refpolicy/policy/modules/system/corecommands.fc index 67b7ef6..f5257f2 100644 --- a/refpolicy/policy/modules/system/corecommands.fc +++ b/refpolicy/policy/modules/system/corecommands.fc @@ -3,84 +3,84 @@ # # /bin # -/bin(/.*)? system_u:object_r:bin_t -/bin/d?ash -- system_u:object_r:shell_exec_t -/bin/bash -- system_u:object_r:shell_exec_t -/bin/bash2 -- system_u:object_r:shell_exec_t -/bin/ls -- system_u:object_r:ls_exec_t -/bin/sash -- system_u:object_r:shell_exec_t -/bin/tcsh -- system_u:object_r:shell_exec_t -/bin/zsh.* -- system_u:object_r:shell_exec_t +/bin(/.*)? context_template(system_u:object_r:bin_t,s0) +/bin/d?ash -- context_template(system_u:object_r:shell_exec_t,s0) +/bin/bash -- context_template(system_u:object_r:shell_exec_t,s0) +/bin/bash2 -- context_template(system_u:object_r:shell_exec_t,s0) +/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0) +/bin/sash -- context_template(system_u:object_r:shell_exec_t,s0) +/bin/tcsh -- context_template(system_u:object_r:shell_exec_t,s0) +/bin/zsh.* -- context_template(system_u:object_r:shell_exec_t,s0) # # /dev # -/dev/MAKEDEV -- system_u:object_r:sbin_t +/dev/MAKEDEV -- context_template(system_u:object_r:sbin_t,s0) # # /etc # -/etc/hotplug/.*agent -- system_u:object_r:sbin_t -/etc/hotplug/.*rc -- system_u:object_r:sbin_t +/etc/hotplug/.*agent -- context_template(system_u:object_r:sbin_t,s0) +/etc/hotplug/.*rc -- context_template(system_u:object_r:sbin_t,s0) -/etc/hotplug/hotplug\.functions -- system_u:object_r:sbin_t +/etc/hotplug/hotplug\.functions -- context_template(system_u:object_r:sbin_t,s0) -/etc/hotplug\.d/default/default.* system_u:object_r:sbin_t +/etc/hotplug\.d/default/default.* context_template(system_u:object_r:sbin_t,s0) -/etc/netplug\.d(/.*)? system_u:object_r:sbin_t +/etc/netplug\.d(/.*)? context_template(system_u:object_r:sbin_t,s0) ifdef(`targeted_policy', ` -/etc/X11/prefdm -- system_u:object_r:bin_t +/etc/X11/prefdm -- context_template(system_u:object_r:bin_t,s0) ') # # /sbin # -/sbin(/.*)? system_u:object_r:sbin_t -/sbin/insmod_ksymoops_clean -- system_u:object_r:sbin_t +/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0) +/sbin/insmod_ksymoops_clean -- context_template(system_u:object_r:sbin_t,s0) # # /opt # -/opt/.*/bin(/.*)? system_u:object_r:bin_t +/opt/.*/bin(/.*)? context_template(system_u:object_r:bin_t,s0) -/opt/.*/libexec(/.*)? system_u:object_r:bin_t +/opt/.*/libexec(/.*)? context_template(system_u:object_r:bin_t,s0) -/opt/.*/sbin(/.*)? system_u:object_r:sbin_t +/opt/.*/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0) # # /usr # ifdef(`distro_gentoo', ` -/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? system_u:object_r:bin_t +/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? context_template(system_u:object_r:bin_t,s0) ') -/usr(/.*)?/Bin(/.*)? system_u:object_r:bin_t +/usr(/.*)?/Bin(/.*)? context_template(system_u:object_r:bin_t,s0) -/usr(/.*)?/bin(/.*)? system_u:object_r:bin_t +/usr(/.*)?/bin(/.*)? context_template(system_u:object_r:bin_t,s0) -/usr(/.*)?/sbin(/.*)? system_u:object_r:sbin_t +/usr(/.*)?/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0) -/usr/lib(64)?/emacsen-common/.* system_u:object_r:bin_t +/usr/lib(64)?/emacsen-common/.* context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- system_u:object_r:bin_t -/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- system_u:object_r:bin_t -/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- system_u:object_r:bin_t -/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- system_u:object_r:bin_t +/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- context_template(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- context_template(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- context_template(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- context_template(system_u:object_r:bin_t,s0) -/usr/libexec(/.*)? system_u:object_r:bin_t +/usr/libexec(/.*)? context_template(system_u:object_r:bin_t,s0) -/usr/sbin/sesh -- system_u:object_r:shell_exec_t +/usr/sbin/sesh -- context_template(system_u:object_r:shell_exec_t,s0) -/usr/share/gnucash/finance-quote-check -- system_u:object_r:bin_t -/usr/share/gnucash/finance-quote-helper -- system_u:object_r:bin_t +/usr/share/gnucash/finance-quote-check -- context_template(system_u:object_r:bin_t,s0) +/usr/share/gnucash/finance-quote-helper -- context_template(system_u:object_r:bin_t,s0) -/usr/share/mc/extfs/.* -- system_u:object_r:bin_t +/usr/share/mc/extfs/.* -- context_template(system_u:object_r:bin_t,s0) # # /var # -/var/mailman/bin(/.*)? system_u:object_r:bin_t +/var/mailman/bin(/.*)? context_template(system_u:object_r:bin_t,s0) -/var/ftp/bin(/.*)? system_u:object_r:bin_t -/var/ftp/bin/ls -- system_u:object_r:ls_exec_t +/var/ftp/bin(/.*)? context_template(system_u:object_r:bin_t,s0) +/var/ftp/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0) diff --git a/refpolicy/policy/modules/system/files.fc b/refpolicy/policy/modules/system/files.fc index 06a2f29..72f6018 100644 --- a/refpolicy/policy/modules/system/files.fc +++ b/refpolicy/policy/modules/system/files.fc @@ -3,8 +3,8 @@ # # / # -/.* system_u:object_r:default_t -/ -d system_u:object_r:root_t +/.* context_template(system_u:object_r:default_t,s0) +/ -d context_template(system_u:object_r:root_t,s0) /\.journal <> # @@ -12,75 +12,75 @@ # /boot/\.journal <> -/boot/lost\+found(/.*)? system_u:object_r:lost_found_t +/boot/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0) # # /etc # -/etc(/.*)? system_u:object_r:etc_t -/etc/\.fstab\.hal\..+ -- system_u:object_r:etc_runtime_t -/etc/asound\.state -- system_u:object_r:etc_runtime_t -/etc/blkid\.tab.* -- system_u:object_r:etc_runtime_t -/etc/fstab\.REVOKE -- system_u:object_r:etc_runtime_t -/etc/HOSTNAME -- system_u:object_r:etc_runtime_t -/etc/ioctl\.save -- system_u:object_r:etc_runtime_t -/etc/issue -- system_u:object_r:etc_runtime_t -/etc/issue\.net -- system_u:object_r:etc_runtime_t -/etc/localtime -l system_u:object_r:etc_t -/etc/mtab -- system_u:object_r:etc_runtime_t -/etc/motd -- system_u:object_r:etc_runtime_t -/etc/nohotplug -- system_u:object_r:etc_runtime_t -/etc/nologin.* -- system_u:object_r:etc_runtime_t +/etc(/.*)? context_template(system_u:object_r:etc_t,s0) +/etc/\.fstab\.hal\..+ -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/asound\.state -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/blkid\.tab.* -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/fstab\.REVOKE -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/HOSTNAME -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/ioctl\.save -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/issue -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/issue\.net -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/localtime -l context_template(system_u:object_r:etc_t,s0) +/etc/mtab -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/motd -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/nohotplug -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/nologin.* -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/init\.d/functions -- system_u:object_r:etc_t +/etc/init\.d/functions -- context_template(system_u:object_r:etc_t,s0) -/etc/network/ifstate -- system_u:object_r:etc_runtime_t +/etc/network/ifstate -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/ptal/ptal-printd-like -- system_u:object_r:etc_runtime_t +/etc/ptal/ptal-printd-like -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t +/etc/rc\.d/init\.d/functions -- context_template(system_u:object_r:etc_t,s0) -/etc/sysconfig/hwconf -- system_u:object_r:etc_runtime_t -/etc/sysconfig/iptables\.save -- system_u:object_r:etc_runtime_t -/etc/sysconfig/firstboot -- system_u:object_r:etc_runtime_t +/etc/sysconfig/hwconf -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/sysconfig/iptables\.save -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/sysconfig/firstboot -- context_template(system_u:object_r:etc_runtime_t,s0) ifdef(`distro_gentoo', ` -/etc/profile\.env -- system_u:object_r:etc_runtime_t -/etc/csh\.env -- system_u:object_r:etc_runtime_t -/etc/env\.d/.* -- system_u:object_r:etc_runtime_t +/etc/profile\.env -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/csh\.env -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/env\.d/.* -- context_template(system_u:object_r:etc_runtime_t,s0) ') # # /initrd # # initrd mount point, only used during boot -/initrd -d system_u:object_r:root_t +/initrd -d context_template(system_u:object_r:root_t,s0) # # /lost+found # -/lost\+found(/.*)? system_u:object_r:lost_found_t +/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0) # # /media # # Mount points; do not relabel subdirectories, since # we don't want to change any removable media by default. -/media(/[^/]*)? -d system_u:object_r:mnt_t +/media(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0) /media/[^/]*/.* <> # # /mnt # -/mnt(/[^/]*)? -d system_u:object_r:mnt_t +/mnt(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0) /mnt/[^/]*/.* <> # # /opt # -/opt(/.*)? system_u:object_r:usr_t +/opt(/.*)? context_template(system_u:object_r:usr_t,s0) -/opt/.*/var/lib(64)?(/.*)? system_u:object_r:var_lib_t +/opt/.*/var/lib(64)?(/.*)? context_template(system_u:object_r:var_lib_t,s0) # # /proc @@ -100,60 +100,60 @@ ifdef(`distro_gentoo', ` # # /tmp # -/tmp -d system_u:object_r:tmp_t +/tmp -d context_template(system_u:object_r:tmp_t,s0) /tmp/.* <> /tmp/\.journal <> -/tmp/lost\+found(/.*)? system_u:object_r:lost_found_t +/tmp/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0) # # /usr # -/usr(/.*)? system_u:object_r:usr_t +/usr(/.*)? context_template(system_u:object_r:usr_t,s0) /usr/\.journal <> -/usr/lost\+found(/.*)? system_u:object_r:lost_found_t +/usr/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0) -/usr/etc(/.*)? system_u:object_r:etc_t +/usr/etc(/.*)? context_template(system_u:object_r:etc_t,s0) -/usr/inclu.e(/.*)? system_u:object_r:usr_t +/usr/inclu.e(/.*)? context_template(system_u:object_r:usr_t,s0) /usr/local/\.journal <> -/usr/local/lost\+found(/.*)? system_u:object_r:lost_found_t +/usr/local/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0) -/usr/share(/.*)?/lib(64)?(/.*)? system_u:object_r:usr_t +/usr/share(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:usr_t,s0) -/usr/src(/.*)? system_u:object_r:src_t +/usr/src(/.*)? context_template(system_u:object_r:src_t,s0) -/usr/tmp -d system_u:object_r:tmp_t +/usr/tmp -d context_template(system_u:object_r:tmp_t,s0) /usr/tmp/.* <> # # /var # -/var(/.*)? system_u:object_r:var_t +/var(/.*)? context_template(system_u:object_r:var_t,s0) /var/\.journal <> -/var/lost\+found(/.*)? system_u:object_r:lost_found_t +/var/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0) -/var/db/.*\.db -- system_u:object_r:etc_t +/var/db/.*\.db -- context_template(system_u:object_r:etc_t,s0) -/var/ftp/etc(/.*)? system_u:object_r:etc_t +/var/ftp/etc(/.*)? context_template(system_u:object_r:etc_t,s0) /var/lib/nfs/rpc_pipefs(/.*)? <> -/usr/local/etc(/.*)? system_u:object_r:etc_t +/usr/local/etc(/.*)? context_template(system_u:object_r:etc_t,s0) -/usr/local/src(/.*)? system_u:object_r:src_t +/usr/local/src(/.*)? context_template(system_u:object_r:src_t,s0) -/var/lock(/.*)? system_u:object_r:var_lock_t +/var/lock(/.*)? context_template(system_u:object_r:var_lock_t,s0) -/var/run(/.*)? system_u:object_r:var_run_t +/var/run(/.*)? context_template(system_u:object_r:var_run_t,s0) /var/run/.*\.*pid <> -/var/spool(/.*)? system_u:object_r:var_spool_t +/var/spool(/.*)? context_template(system_u:object_r:var_spool_t,s0) -/var/tmp -d system_u:object_r:tmp_t +/var/tmp -d context_template(system_u:object_r:tmp_t,s0) /var/tmp/.* <> -/var/tmp/vi\.recover -d system_u:object_r:tmp_t +/var/tmp/vi\.recover -d context_template(system_u:object_r:tmp_t,s0) diff --git a/refpolicy/policy/modules/system/getty.fc b/refpolicy/policy/modules/system/getty.fc index 0ec39d2..57dc23e 100644 --- a/refpolicy/policy/modules/system/getty.fc +++ b/refpolicy/policy/modules/system/getty.fc @@ -1,5 +1,5 @@ # Copyright (C) 2005 Tresys Technology, LLC -/etc/mgetty(/.*)? system_u:object_r:getty_etc_t +/etc/mgetty(/.*)? context_template(system_u:object_r:getty_etc_t,s0) -/sbin/.*getty -- system_u:object_r:getty_exec_t +/sbin/.*getty -- context_template(system_u:object_r:getty_exec_t,s0) diff --git a/refpolicy/policy/modules/system/hostname.fc b/refpolicy/policy/modules/system/hostname.fc index 3248411..8a6d93d 100644 --- a/refpolicy/policy/modules/system/hostname.fc +++ b/refpolicy/policy/modules/system/hostname.fc @@ -1,3 +1,3 @@ # Copyright (C) 2005 Tresys Technology, LLC -/bin/hostname -- system_u:object_r:hostname_exec_t +/bin/hostname -- context_template(system_u:object_r:hostname_exec_t,s0) diff --git a/refpolicy/policy/modules/system/hotplug.fc b/refpolicy/policy/modules/system/hotplug.fc index 62fa976..212c6f7 100644 --- a/refpolicy/policy/modules/system/hotplug.fc +++ b/refpolicy/policy/modules/system/hotplug.fc @@ -1,12 +1,12 @@ # Copyright (C) 2005 Tresys Technology, LLC -/etc/hotplug(/.*)? system_u:object_r:hotplug_etc_t -/etc/hotplug/firmware.agent -- system_u:object_r:hotplug_exec_t +/etc/hotplug(/.*)? context_template(system_u:object_r:hotplug_etc_t,s0) +/etc/hotplug/firmware.agent -- context_template(system_u:object_r:hotplug_exec_t,s0) -/etc/hotplug\.d/.* -- system_u:object_r:hotplug_exec_t +/etc/hotplug\.d/.* -- context_template(system_u:object_r:hotplug_exec_t,s0) -/sbin/hotplug -- system_u:object_r:hotplug_exec_t -/sbin/netplugd -- system_u:object_r:hotplug_exec_t +/sbin/hotplug -- context_template(system_u:object_r:hotplug_exec_t,s0) +/sbin/netplugd -- context_template(system_u:object_r:hotplug_exec_t,s0) -/var/run/usb(/.*)? system_u:object_r:hotplug_var_run_t -/var/run/hotplug(/.*)? system_u:object_r:hotplug_var_run_t +/var/run/usb(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0) +/var/run/hotplug(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/init.fc b/refpolicy/policy/modules/system/init.fc index 7d63f25..05917a0 100644 --- a/refpolicy/policy/modules/system/init.fc +++ b/refpolicy/policy/modules/system/init.fc @@ -4,60 +4,60 @@ # / # ifdef(`distro_redhat', ` -/\.autofsck -- system_u:object_r:etc_runtime_t -/halt -- system_u:object_r:etc_runtime_t +/\.autofsck -- context_template(system_u:object_r:etc_runtime_t,s0) +/halt -- context_template(system_u:object_r:etc_runtime_t,s0) ') # # /etc # -/etc/init\.d/.* -- system_u:object_r:initrc_exec_t +/etc/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0) -/etc/rc\.d/rc -- system_u:object_r:initrc_exec_t -/etc/rc\.d/rc\.sysinit -- system_u:object_r:initrc_exec_t -/etc/rc\.d/rc\.local -- system_u:object_r:initrc_exec_t +/etc/rc\.d/rc -- context_template(system_u:object_r:initrc_exec_t,s0) +/etc/rc\.d/rc\.sysinit -- context_template(system_u:object_r:initrc_exec_t,s0) +/etc/rc\.d/rc\.local -- context_template(system_u:object_r:initrc_exec_t,s0) -/etc/rc\.d/init\.d/.* -- system_u:object_r:initrc_exec_t +/etc/rc\.d/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0) ifdef(`targeted_policy', `', ` -/etc/X11/prefdm -- system_u:object_r:initrc_exec_t +/etc/X11/prefdm -- context_template(system_u:object_r:initrc_exec_t,s0) ') # # /dev # -/dev/initctl -p system_u:object_r:initctl_t +/dev/initctl -p context_template(system_u:object_r:initctl_t,s0) # # /sbin # -/sbin/init -- system_u:object_r:init_exec_t +/sbin/init -- context_template(system_u:object_r:init_exec_t,s0) ifdef(`distro_gentoo', ` -/sbin/rc -- system_u:object_r:initrc_exec_t -/sbin/runscript -- system_u:object_r:initrc_exec_t -/sbin/runscript\.sh -- system_u:object_r:initrc_exec_t +/sbin/rc -- context_template(system_u:object_r:initrc_exec_t,s0) +/sbin/runscript -- context_template(system_u:object_r:initrc_exec_t,s0) +/sbin/runscript\.sh -- context_template(system_u:object_r:initrc_exec_t,s0) ') # # /usr # -/usr/sbin/open_init_pty -- system_u:object_r:initrc_exec_t +/usr/sbin/open_init_pty -- context_template(system_u:object_r:initrc_exec_t,s0) # # /var # ifdef(`distro_gentoo', ` -/var/lib/init\.d(/.*)? system_u:object_r:initrc_state_t +/var/lib/init\.d(/.*)? context_template(system_u:object_r:initrc_state_t,s0) ') -/var/run/utmp -- system_u:object_r:initrc_var_run_t -/var/run/runlevel\.dir system_u:object_r:initrc_var_run_t -/var/run/random-seed -- system_u:object_r:initrc_var_run_t -/var/run/setmixer_flag -- system_u:object_r:initrc_var_run_t +/var/run/utmp -- context_template(system_u:object_r:initrc_var_run_t,s0) +/var/run/runlevel\.dir context_template(system_u:object_r:initrc_var_run_t,s0) +/var/run/random-seed -- context_template(system_u:object_r:initrc_var_run_t,s0) +/var/run/setmixer_flag -- context_template(system_u:object_r:initrc_var_run_t,s0) ifdef(`distro_suse', ` -/var/run/sysconfig(/.*)? system_u:object_r:initrc_var_run_t -/var/run/keymap -- system_u:object_r:initrc_var_run_t -/var/run/numlock-on -- system_u:object_r:initrc_var_run_t +/var/run/sysconfig(/.*)? context_template(system_u:object_r:initrc_var_run_t,s0) +/var/run/keymap -- context_template(system_u:object_r:initrc_var_run_t,s0) +/var/run/numlock-on -- context_template(system_u:object_r:initrc_var_run_t,s0) ') diff --git a/refpolicy/policy/modules/system/iptables.fc b/refpolicy/policy/modules/system/iptables.fc index 6957600..93a4d92 100644 --- a/refpolicy/policy/modules/system/iptables.fc +++ b/refpolicy/policy/modules/system/iptables.fc @@ -1,9 +1,9 @@ # Copyright (C) 2005 Tresys Technology, LLC -/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t -/sbin/ipchains.* -- system_u:object_r:iptables_exec_t -/sbin/iptables.* -- system_u:object_r:iptables_exec_t +/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0) +/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0) +/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0) -/usr/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t -/usr/sbin/ipchains.* -- system_u:object_r:iptables_exec_t -/usr/sbin/iptables.* -- system_u:object_r:iptables_exec_t +/usr/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0) +/usr/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0) +/usr/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0) diff --git a/refpolicy/policy/modules/system/libraries.fc b/refpolicy/policy/modules/system/libraries.fc index a4bab59..d7efff8 100644 --- a/refpolicy/policy/modules/system/libraries.fc +++ b/refpolicy/policy/modules/system/libraries.fc @@ -3,48 +3,48 @@ # # /etc # -/etc/ld\.so\.cache -- system_u:object_r:ld_so_cache_t -/etc/ld\.so\.preload -- system_u:object_r:ld_so_cache_t +/etc/ld\.so\.cache -- context_template(system_u:object_r:ld_so_cache_t,s0) +/etc/ld\.so\.preload -- context_template(system_u:object_r:ld_so_cache_t,s0) # # /lib(64)? # -/lib(64)?(/.*)? system_u:object_r:lib_t -/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t -/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t +/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) +/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) +/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0) # # /opt # -/opt/.*/lib(64)?(/.*)? system_u:object_r:lib_t -/opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t +/opt/.*/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) +/opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) # # /usr # -/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t +/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0) -/usr(/.*)?/java/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t -/usr(/.*)?/java/.*\.jar -- system_u:object_r:shlib_t -/usr(/.*)?/java/.*\.jsa -- system_u:object_r:shlib_t +/usr(/.*)?/java/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr(/.*)?/java/.*\.jar -- context_template(system_u:object_r:shlib_t,s0) +/usr(/.*)?/java/.*\.jsa -- context_template(system_u:object_r:shlib_t,s0) -/usr(/.*)?/lib(64)?(/.*)? system_u:object_r:lib_t -/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t +/usr(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) +/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) -/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* system_u:object_r:ld_so_t +/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* context_template(system_u:object_r:ld_so_t,s0) -/usr(/.*)?/nvidia/.*\.so(\..*)? -- system_u:object_r:texrel_shlib_t +/usr(/.*)?/nvidia/.*\.so(\..*)? -- context_template(system_u:object_r:texrel_shlib_t,s0) -/usr/lib/win32/.* -- system_u:object_r:shlib_t +/usr/lib/win32/.* -- context_template(system_u:object_r:shlib_t,s0) -/usr/X11R6/lib/libGL\.so.* -- system_u:object_r:texrel_shlib_t -/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- system_u:object_r:texrel_shlib_t +/usr/X11R6/lib/libGL\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0) # # /var # -/var/ftp/lib(64)?(/.*)? system_u:object_r:lib_t -/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t -/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t +/var/ftp/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) +/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0) +/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) -/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- system_u:object_r:shlib_t +/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- context_template(system_u:object_r:shlib_t,s0) diff --git a/refpolicy/policy/modules/system/locallogin.fc b/refpolicy/policy/modules/system/locallogin.fc index f30b68a..22189de 100644 --- a/refpolicy/policy/modules/system/locallogin.fc +++ b/refpolicy/policy/modules/system/locallogin.fc @@ -1,3 +1,3 @@ # Copyright (C) 2005 Tresys Technology, LLC -/sbin/sulogin -- system_u:object_r:sulogin_exec_t +/sbin/sulogin -- context_template(system_u:object_r:sulogin_exec_t,s0) diff --git a/refpolicy/policy/modules/system/logging.fc b/refpolicy/policy/modules/system/logging.fc index 133039e..b322e0c 100644 --- a/refpolicy/policy/modules/system/logging.fc +++ b/refpolicy/policy/modules/system/logging.fc @@ -1,23 +1,23 @@ # Copyright (C) 2005 Tresys Technology, LLC -/dev/log -s system_u:object_r:devlog_t +/dev/log -s context_template(system_u:object_r:devlog_t,s0) -/sbin/klogd -- system_u:object_r:klogd_exec_t -/sbin/minilogd -- system_u:object_r:syslogd_exec_t -/sbin/syslogd -- system_u:object_r:syslogd_exec_t -/sbin/syslog-ng -- system_u:object_r:syslogd_exec_t +/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0) +/sbin/minilogd -- context_template(system_u:object_r:syslogd_exec_t,s0) +/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0) +/sbin/syslog-ng -- context_template(system_u:object_r:syslogd_exec_t,s0) -/usr/sbin/klogd -- system_u:object_r:klogd_exec_t -/usr/sbin/metalog -- system_u:object_r:syslogd_exec_t -/usr/sbin/syslogd -- system_u:object_r:syslogd_exec_t +/usr/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0) +/usr/sbin/metalog -- context_template(system_u:object_r:syslogd_exec_t,s0) +/usr/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0) ifdef(`distro_suse', ` -/var/lib/stunnel/dev/log -s system_u:object_r:devlog_t +/var/lib/stunnel/dev/log -s context_template(system_u:object_r:devlog_t,s0) ') -/var/log(/.*)? system_u:object_r:var_log_t +/var/log(/.*)? context_template(system_u:object_r:var_log_t,s0) -/var/run/klogd\.pid -- system_u:object_r:klogd_var_run_t -/var/run/log -s system_u:object_r:devlog_t -/var/run/metalog\.pid -- system_u:object_r:syslogd_var_run_t -/var/run/syslogd\.pid -- system_u:object_r:syslogd_var_run_t +/var/run/klogd\.pid -- context_template(system_u:object_r:klogd_var_run_t,s0) +/var/run/log -s context_template(system_u:object_r:devlog_t,s0) +/var/run/metalog\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0) +/var/run/syslogd\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/lvm.fc b/refpolicy/policy/modules/system/lvm.fc index d31ccfe..a648e4c 100644 --- a/refpolicy/policy/modules/system/lvm.fc +++ b/refpolicy/policy/modules/system/lvm.fc @@ -7,85 +7,85 @@ # # /etc # -/etc/lvm(/.*)? system_u:object_r:lvm_etc_t -/etc/lvm/\.cache -- system_u:object_r:lvm_metadata_t +/etc/lvm(/.*)? context_template(system_u:object_r:lvm_etc_t,s0) +/etc/lvm/\.cache -- context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvm/archive(/.*)? system_u:object_r:lvm_metadata_t +/etc/lvm/archive(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvm/backup(/.*)? system_u:object_r:lvm_metadata_t +/etc/lvm/backup(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvm/lock(/.*)? system_u:object_r:lvm_lock_t +/etc/lvm/lock(/.*)? context_template(system_u:object_r:lvm_lock_t,s0) -/etc/lvmtab(/.*)? system_u:object_r:lvm_metadata_t +/etc/lvmtab(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvmtab\.d(/.*)? system_u:object_r:lvm_metadata_t +/etc/lvmtab\.d(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) # # /lib # -/lib/lvm-10(/.*) -- system_u:object_r:lvm_exec_t +/lib/lvm-10(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0) -/lib/lvm-200(/.*) -- system_u:object_r:lvm_exec_t +/lib/lvm-200(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0) # # /sbin # -/sbin/cryptsetup -- system_u:object_r:lvm_exec_t -/sbin/dmsetup -- system_u:object_r:lvm_exec_t -/sbin/dmsetup\.static -- system_u:object_r:lvm_exec_t -/sbin/e2fsadm -- system_u:object_r:lvm_exec_t -/sbin/lvchange -- system_u:object_r:lvm_exec_t -/sbin/lvcreate -- system_u:object_r:lvm_exec_t -/sbin/lvdisplay -- system_u:object_r:lvm_exec_t -/sbin/lvextend -- system_u:object_r:lvm_exec_t -/sbin/lvm -- system_u:object_r:lvm_exec_t -/sbin/lvm\.static -- system_u:object_r:lvm_exec_t -/sbin/lvmchange -- system_u:object_r:lvm_exec_t -/sbin/lvmdiskscan -- system_u:object_r:lvm_exec_t -/sbin/lvmiopversion -- system_u:object_r:lvm_exec_t -/sbin/lvmsadc -- system_u:object_r:lvm_exec_t -/sbin/lvmsar -- system_u:object_r:lvm_exec_t -/sbin/lvreduce -- system_u:object_r:lvm_exec_t -/sbin/lvremove -- system_u:object_r:lvm_exec_t -/sbin/lvrename -- system_u:object_r:lvm_exec_t -/sbin/lvresize -- system_u:object_r:lvm_exec_t -/sbin/lvs -- system_u:object_r:lvm_exec_t -/sbin/lvscan -- system_u:object_r:lvm_exec_t -/sbin/pvchange -- system_u:object_r:lvm_exec_t -/sbin/pvcreate -- system_u:object_r:lvm_exec_t -/sbin/pvdata -- system_u:object_r:lvm_exec_t -/sbin/pvdisplay -- system_u:object_r:lvm_exec_t -/sbin/pvmove -- system_u:object_r:lvm_exec_t -/sbin/pvremove -- system_u:object_r:lvm_exec_t -/sbin/pvs -- system_u:object_r:lvm_exec_t -/sbin/pvscan -- system_u:object_r:lvm_exec_t -/sbin/vgcfgbackup -- system_u:object_r:lvm_exec_t -/sbin/vgcfgrestore -- system_u:object_r:lvm_exec_t -/sbin/vgchange -- system_u:object_r:lvm_exec_t -/sbin/vgchange\.static -- system_u:object_r:lvm_exec_t -/sbin/vgck -- system_u:object_r:lvm_exec_t -/sbin/vgcreate -- system_u:object_r:lvm_exec_t -/sbin/vgdisplay -- system_u:object_r:lvm_exec_t -/sbin/vgexport -- system_u:object_r:lvm_exec_t -/sbin/vgextend -- system_u:object_r:lvm_exec_t -/sbin/vgimport -- system_u:object_r:lvm_exec_t -/sbin/vgmerge -- system_u:object_r:lvm_exec_t -/sbin/vgmknodes -- system_u:object_r:lvm_exec_t -/sbin/vgreduce -- system_u:object_r:lvm_exec_t -/sbin/vgremove -- system_u:object_r:lvm_exec_t -/sbin/vgrename -- system_u:object_r:lvm_exec_t -/sbin/vgs -- system_u:object_r:lvm_exec_t -/sbin/vgscan -- system_u:object_r:lvm_exec_t -/sbin/vgscan\.static -- system_u:object_r:lvm_exec_t -/sbin/vgsplit -- system_u:object_r:lvm_exec_t -/sbin/vgwrapper -- system_u:object_r:lvm_exec_t +/sbin/cryptsetup -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/dmsetup -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/dmsetup\.static -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/e2fsadm -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvchange -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvcreate -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvextend -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvm\.static -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmchange -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmdiskscan -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmiopversion -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmsadc -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmsar -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvreduce -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvremove -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvrename -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvresize -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvs -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/lvscan -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvchange -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvcreate -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvdata -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvmove -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvremove -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvs -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/pvscan -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgcfgbackup -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgcfgrestore -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgchange -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgchange\.static -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgck -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgcreate -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgdisplay -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgexport -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgextend -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgimport -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgmerge -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgmknodes -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgreduce -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgremove -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgrename -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgs -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgscan -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgscan\.static -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgsplit -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/vgwrapper -- context_template(system_u:object_r:lvm_exec_t,s0) # # /usr # -/usr/sbin/lvm -- system_u:object_r:lvm_exec_t +/usr/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0) # # /var # -/var/lock/lvm(/.*)? system_u:object_r:lvm_lock_t +/var/lock/lvm(/.*)? context_template(system_u:object_r:lvm_lock_t,s0) diff --git a/refpolicy/policy/modules/system/miscfiles.fc b/refpolicy/policy/modules/system/miscfiles.fc index 2fb5a58..3cea8f6 100644 --- a/refpolicy/policy/modules/system/miscfiles.fc +++ b/refpolicy/policy/modules/system/miscfiles.fc @@ -3,53 +3,53 @@ # # /etc # -/etc/localtime -- system_u:object_r:locale_t +/etc/localtime -- context_template(system_u:object_r:locale_t,s0) # # /opt # -/opt/.*/man(/.*)? system_u:object_r:man_t +/opt/.*/man(/.*)? context_template(system_u:object_r:man_t,s0) # # /usr # -/usr/lib/locale(/.*)? system_u:object_r:locale_t +/usr/lib/locale(/.*)? context_template(system_u:object_r:locale_t,s0) -/usr/lib(64)?/perl5/man(/.*)? system_u:object_r:man_t +/usr/lib(64)?/perl5/man(/.*)? context_template(system_u:object_r:man_t,s0) -/usr/local/man(/.*)? system_u:object_r:man_t +/usr/local/man(/.*)? context_template(system_u:object_r:man_t,s0) -/usr/local/share/fonts(/.*)? system_u:object_r:fonts_t +/usr/local/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) -/usr/man(/.*)? system_u:object_r:man_t +/usr/man(/.*)? context_template(system_u:object_r:man_t,s0) -/usr/share/fonts(/.*)? system_u:object_r:fonts_t +/usr/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) -/usr/share/ghostscript/fonts(/.*)? system_u:object_r:fonts_t +/usr/share/ghostscript/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) -/usr/share/locale(/.*)? system_u:object_r:locale_t +/usr/share/locale(/.*)? context_template(system_u:object_r:locale_t,s0) -/usr/share/man(/.*)? system_u:object_r:man_t +/usr/share/man(/.*)? context_template(system_u:object_r:man_t,s0) -/usr/share/zoneinfo(/.*)? system_u:object_r:locale_t +/usr/share/zoneinfo(/.*)? context_template(system_u:object_r:locale_t,s0) -/usr/X11R6/lib/X11/fonts(/.*)? system_u:object_r:fonts_t +/usr/X11R6/lib/X11/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) -/usr/X11R6/man(/.*)? system_u:object_r:man_t +/usr/X11R6/man(/.*)? context_template(system_u:object_r:man_t,s0) # # /var # ifdef(`distro_debian', ` -/var/lib/msttcorefonts(/.*)? system_u:object_r:fonts_t +/var/lib/msttcorefonts(/.*)? context_template(system_u:object_r:fonts_t,s0) ') -/var/lib/texmf(/.*)? system_u:object_r:tetex_data_t +/var/lib/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0) -/var/cache/fonts(/.*)? system_u:object_r:tetex_data_t +/var/cache/fonts(/.*)? context_template(system_u:object_r:tetex_data_t,s0) -/var/cache/man(/.*)? system_u:object_r:catman_t +/var/cache/man(/.*)? context_template(system_u:object_r:catman_t,s0) -/var/catman(/.*)? system_u:object_r:catman_t +/var/catman(/.*)? context_template(system_u:object_r:catman_t,s0) -/var/spool/texmf(/.*)? system_u:object_r:tetex_data_t +/var/spool/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0) diff --git a/refpolicy/policy/modules/system/modutils.fc b/refpolicy/policy/modules/system/modutils.fc index 0525164..7cfd037 100644 --- a/refpolicy/policy/modules/system/modutils.fc +++ b/refpolicy/policy/modules/system/modutils.fc @@ -1,15 +1,15 @@ # Copyright (C) 2005 Tresys Technology, LLC -/etc/modules\.conf.* -- system_u:object_r:modules_conf_t -/etc/modprobe\.conf.* -- system_u:object_r:modules_conf_t +/etc/modules\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0) +/etc/modprobe\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0) -/lib(64)?/modules/[^/]+/modules\..+ -- system_u:object_r:modules_dep_t +/lib(64)?/modules/[^/]+/modules\..+ -- context_template(system_u:object_r:modules_dep_t,s0) -/lib(64)?/modules/modprobe\.conf -- system_u:object_r:modules_conf_t +/lib(64)?/modules/modprobe\.conf -- context_template(system_u:object_r:modules_conf_t,s0) -/sbin/depmod.* -- system_u:object_r:depmod_exec_t -/sbin/generate-modprobe\.conf -- system_u:object_r:update_modules_exec_t -/sbin/insmod.* -- system_u:object_r:insmod_exec_t -/sbin/modprobe.* -- system_u:object_r:insmod_exec_t -/sbin/rmmod.* -- system_u:object_r:insmod_exec_t -/sbin/update-modules -- system_u:object_r:update_modules_exec_t +/sbin/depmod.* -- context_template(system_u:object_r:depmod_exec_t,s0) +/sbin/generate-modprobe\.conf -- context_template(system_u:object_r:update_modules_exec_t,s0) +/sbin/insmod.* -- context_template(system_u:object_r:insmod_exec_t,s0) +/sbin/modprobe.* -- context_template(system_u:object_r:insmod_exec_t,s0) +/sbin/rmmod.* -- context_template(system_u:object_r:insmod_exec_t,s0) +/sbin/update-modules -- context_template(system_u:object_r:update_modules_exec_t,s0) diff --git a/refpolicy/policy/modules/system/mount.fc b/refpolicy/policy/modules/system/mount.fc index f1a7684..76ca8ae 100644 --- a/refpolicy/policy/modules/system/mount.fc +++ b/refpolicy/policy/modules/system/mount.fc @@ -4,5 +4,5 @@ # # mount file contexts # -/bin/mount.* -- system_u:object_r:mount_exec_t -/bin/umount.* -- system_u:object_r:mount_exec_t +/bin/mount.* -- context_template(system_u:object_r:mount_exec_t,s0) +/bin/umount.* -- context_template(system_u:object_r:mount_exec_t,s0) diff --git a/refpolicy/policy/modules/system/selinux.fc b/refpolicy/policy/modules/system/selinux.fc index 2f20d78..2581a8e 100644 --- a/refpolicy/policy/modules/system/selinux.fc +++ b/refpolicy/policy/modules/system/selinux.fc @@ -3,39 +3,39 @@ # # /etc # -/etc/selinux(/.*)? system_u:object_r:selinux_config_t +/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0) -/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t +/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0) -/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t +/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0) -/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t +/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0) -/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t +/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0) # # /root # -/root/\.default_contexts -- system_u:object_r:default_context_t +/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0) # # /sbin # -/sbin/load_policy -- system_u:object_r:load_policy_exec_t -/sbin/restorecon -- system_u:object_r:restorecon_exec_t +/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0) +/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0) # # /usr # -/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t -/usr/bin/newrole -- system_u:object_r:newrole_exec_t +/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0) +/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0) -/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t +/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0) -/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t -/usr/sbin/run_init -- system_u:object_r:run_init_exec_t -/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t +/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0) +/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0) +/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0) ifdef(`distro_debian', ` -/usr/share/selinux(/.*)? system_u:object_r:policy_src_t +/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0) ') diff --git a/refpolicy/policy/modules/system/selinuxutil.fc b/refpolicy/policy/modules/system/selinuxutil.fc index 2f20d78..2581a8e 100644 --- a/refpolicy/policy/modules/system/selinuxutil.fc +++ b/refpolicy/policy/modules/system/selinuxutil.fc @@ -3,39 +3,39 @@ # # /etc # -/etc/selinux(/.*)? system_u:object_r:selinux_config_t +/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0) -/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t +/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0) -/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t +/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0) -/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t +/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0) -/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t +/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0) # # /root # -/root/\.default_contexts -- system_u:object_r:default_context_t +/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0) # # /sbin # -/sbin/load_policy -- system_u:object_r:load_policy_exec_t -/sbin/restorecon -- system_u:object_r:restorecon_exec_t +/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0) +/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0) # # /usr # -/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t -/usr/bin/newrole -- system_u:object_r:newrole_exec_t +/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0) +/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0) -/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t +/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0) -/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t -/usr/sbin/run_init -- system_u:object_r:run_init_exec_t -/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t +/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0) +/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0) +/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0) ifdef(`distro_debian', ` -/usr/share/selinux(/.*)? system_u:object_r:policy_src_t +/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0) ') diff --git a/refpolicy/policy/modules/system/sysnetwork.fc b/refpolicy/policy/modules/system/sysnetwork.fc index 3327046..65b5c53 100644 --- a/refpolicy/policy/modules/system/sysnetwork.fc +++ b/refpolicy/policy/modules/system/sysnetwork.fc @@ -3,45 +3,45 @@ # # /bin # -/bin/ip -- system_u:object_r:ifconfig_exec_t +/bin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0) # # /etc # -/etc/dhclient.*conf -- system_u:object_r:dhcp_etc_t -/etc/dhclient-script -- system_u:object_r:dhcp_etc_t -/etc/dhcpc.* system_u:object_r:dhcp_etc_t -/etc/resolv\.conf.* -- system_u:object_r:net_conf_t -/etc/yp\.conf.* -- system_u:object_r:net_conf_t +/etc/dhclient.*conf -- context_template(system_u:object_r:dhcp_etc_t,s0) +/etc/dhclient-script -- context_template(system_u:object_r:dhcp_etc_t,s0) +/etc/dhcpc.* context_template(system_u:object_r:dhcp_etc_t,s0) +/etc/resolv\.conf.* -- context_template(system_u:object_r:net_conf_t,s0) +/etc/yp\.conf.* -- context_template(system_u:object_r:net_conf_t,s0) -/etc/dhcp3?/dhclient.* system_u:object_r:dhcp_etc_t +/etc/dhcp3?/dhclient.* context_template(system_u:object_r:dhcp_etc_t,s0) # # /sbin # -/sbin/dhclient.* -- system_u:object_r:dhcpc_exec_t -/sbin/dhcpcd -- system_u:object_r:dhcpc_exec_t -/sbin/ethtool -- system_u:object_r:ifconfig_exec_t -/sbin/ifconfig -- system_u:object_r:ifconfig_exec_t -/sbin/ip -- system_u:object_r:ifconfig_exec_t -/sbin/ipx_configure -- system_u:object_r:ifconfig_exec_t -/sbin/ipx_interface -- system_u:object_r:ifconfig_exec_t -/sbin/ipx_internal_net -- system_u:object_r:ifconfig_exec_t -/sbin/iwconfig -- system_u:object_r:ifconfig_exec_t -/sbin/mii-tool -- system_u:object_r:ifconfig_exec_t -/sbin/pump -- system_u:object_r:dhcpc_exec_t -/sbin/tc -- system_u:object_r:ifconfig_exec_t +/sbin/dhclient.* -- context_template(system_u:object_r:dhcpc_exec_t,s0) +/sbin/dhcpcd -- context_template(system_u:object_r:dhcpc_exec_t,s0) +/sbin/ethtool -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ifconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ipx_configure -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ipx_interface -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ipx_internal_net -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/iwconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/mii-tool -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/pump -- context_template(system_u:object_r:dhcpc_exec_t,s0) +/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0) # # /usr # -/usr/sbin/tc -- system_u:object_r:ifconfig_exec_t +/usr/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0) # # /var # -/var/lib/dhcp3? -d system_u:object_r:dhcp_state_t -/var/lib/dhcp3?/dhclient.* system_u:object_r:dhcpc_state_t +/var/lib/dhcp3? -d context_template(system_u:object_r:dhcp_state_t,s0) +/var/lib/dhcp3?/dhclient.* context_template(system_u:object_r:dhcpc_state_t,s0) -/var/run/dhclient.*\.pid -- system_u:object_r:dhcpc_var_run_t -/var/run/dhclient.*\.leases -- system_u:object_r:dhcpc_var_run_t +/var/run/dhclient.*\.pid -- context_template(system_u:object_r:dhcpc_var_run_t,s0) +/var/run/dhclient.*\.leases -- context_template(system_u:object_r:dhcpc_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/udev.fc b/refpolicy/policy/modules/system/udev.fc index 732d738..f959a14 100644 --- a/refpolicy/policy/modules/system/udev.fc +++ b/refpolicy/policy/modules/system/udev.fc @@ -1,18 +1,18 @@ # udev -/dev/\.udev\.tdb -- system_u:object_r:udev_tbl_t -/dev/udev\.tbl -- system_u:object_r:udev_tbl_t +/dev/\.udev\.tdb -- context_template(system_u:object_r:udev_tbl_t,s0) +/dev/udev\.tbl -- context_template(system_u:object_r:udev_tbl_t,s0) -/etc/dev\.d/.+ -- system_u:object_r:udev_helper_exec_t +/etc/dev\.d/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0) -/etc/hotplug\.d/default/udev.* -- system_u:object_r:udev_helper_exec_t +/etc/hotplug\.d/default/udev.* -- context_template(system_u:object_r:udev_helper_exec_t,s0) -/etc/udev/scripts/.+ -- system_u:object_r:udev_helper_exec_t +/etc/udev/scripts/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0) -/sbin/start_udev -- system_u:object_r:udev_exec_t -/sbin/udev -- system_u:object_r:udev_exec_t -/sbin/udevd -- system_u:object_r:udev_exec_t -/sbin/udevsend -- system_u:object_r:udev_exec_t -/sbin/wait_for_sysfs -- system_u:object_r:udev_exec_t +/sbin/start_udev -- context_template(system_u:object_r:udev_exec_t,s0) +/sbin/udev -- context_template(system_u:object_r:udev_exec_t,s0) +/sbin/udevd -- context_template(system_u:object_r:udev_exec_t,s0) +/sbin/udevsend -- context_template(system_u:object_r:udev_exec_t,s0) +/sbin/wait_for_sysfs -- context_template(system_u:object_r:udev_exec_t,s0) -/usr/bin/udevinfo -- system_u:object_r:udev_exec_t +/usr/bin/udevinfo -- context_template(system_u:object_r:udev_exec_t,s0)