diff --git a/refpolicy/Changelog b/refpolicy/Changelog index c79aa8c..b7fdb83 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,6 @@ +- Rename context_template() to gen_context() to clarify + that its not a Reference Policy template, but a support + macro. - Add disable_*_trans bool support for targeted policy. - Add MLS module to handle MLS constraint exceptions, such as reading up and writing down. diff --git a/refpolicy/policy/modules/admin/acct.fc b/refpolicy/policy/modules/admin/acct.fc index 4edd465..ab5b5e7 100644 --- a/refpolicy/policy/modules/admin/acct.fc +++ b/refpolicy/policy/modules/admin/acct.fc @@ -1,8 +1,8 @@ -/etc/cron\.(daily|monthly)/acct -- context_template(system_u:object_r:acct_exec_t,s0) +/etc/cron\.(daily|monthly)/acct -- gen_context(system_u:object_r:acct_exec_t,s0) -/sbin/accton -- context_template(system_u:object_r:acct_exec_t,s0) +/sbin/accton -- gen_context(system_u:object_r:acct_exec_t,s0) -/usr/sbin/accton -- context_template(system_u:object_r:acct_exec_t,s0) +/usr/sbin/accton -- gen_context(system_u:object_r:acct_exec_t,s0) -/var/account(/.*)? context_template(system_u:object_r:acct_data_t,s0) +/var/account(/.*)? gen_context(system_u:object_r:acct_data_t,s0) diff --git a/refpolicy/policy/modules/admin/consoletype.fc b/refpolicy/policy/modules/admin/consoletype.fc index fc51eb4..b7f053b 100644 --- a/refpolicy/policy/modules/admin/consoletype.fc +++ b/refpolicy/policy/modules/admin/consoletype.fc @@ -1,2 +1,2 @@ -/sbin/consoletype -- context_template(system_u:object_r:consoletype_exec_t,s0) +/sbin/consoletype -- gen_context(system_u:object_r:consoletype_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/dmesg.fc b/refpolicy/policy/modules/admin/dmesg.fc index 232c7e7..d6cc2d9 100644 --- a/refpolicy/policy/modules/admin/dmesg.fc +++ b/refpolicy/policy/modules/admin/dmesg.fc @@ -1,2 +1,2 @@ -/bin/dmesg -- context_template(system_u:object_r:dmesg_exec_t,s0) +/bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/dmidecode.fc b/refpolicy/policy/modules/admin/dmidecode.fc index 3a98813..016e6b8 100644 --- a/refpolicy/policy/modules/admin/dmidecode.fc +++ b/refpolicy/policy/modules/admin/dmidecode.fc @@ -1,4 +1,4 @@ -/usr/sbin/dmidecode -- context_template(system_u:object_r:dmidecode_exec_t,s0) -/usr/sbin/ownership -- context_template(system_u:object_r:dmidecode_exec_t,s0) -/usr/sbin/vpddecode -- context_template(system_u:object_r:dmidecode_exec_t,s0) +/usr/sbin/dmidecode -- gen_context(system_u:object_r:dmidecode_exec_t,s0) +/usr/sbin/ownership -- gen_context(system_u:object_r:dmidecode_exec_t,s0) +/usr/sbin/vpddecode -- gen_context(system_u:object_r:dmidecode_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/firstboot.fc b/refpolicy/policy/modules/admin/firstboot.fc index 6d2e5f8..ab57cde 100644 --- a/refpolicy/policy/modules/admin/firstboot.fc +++ b/refpolicy/policy/modules/admin/firstboot.fc @@ -1,5 +1,5 @@ # firstboot -/usr/sbin/firstboot -- context_template(system_u:object_r:firstboot_exec_t,s0) +/usr/sbin/firstboot -- gen_context(system_u:object_r:firstboot_exec_t,s0) -/usr/share/firstboot context_template(system_u:object_r:firstboot_rw_t,s0) -/usr/share/firstboot/firstboot\.py -- context_template(system_u:object_r:firstboot_exec_t,s0) +/usr/share/firstboot gen_context(system_u:object_r:firstboot_rw_t,s0) +/usr/share/firstboot/firstboot\.py -- gen_context(system_u:object_r:firstboot_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/kudzu.fc b/refpolicy/policy/modules/admin/kudzu.fc index 9e3ea80..57e3171 100644 --- a/refpolicy/policy/modules/admin/kudzu.fc +++ b/refpolicy/policy/modules/admin/kudzu.fc @@ -1,4 +1,4 @@ -/sbin/kmodule -- context_template(system_u:object_r:kudzu_exec_t,s0) +/sbin/kmodule -- gen_context(system_u:object_r:kudzu_exec_t,s0) -/usr/sbin/kudzu -- context_template(system_u:object_r:kudzu_exec_t,s0) +/usr/sbin/kudzu -- gen_context(system_u:object_r:kudzu_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/logrotate.fc b/refpolicy/policy/modules/admin/logrotate.fc index f95e91a..483c261 100644 --- a/refpolicy/policy/modules/admin/logrotate.fc +++ b/refpolicy/policy/modules/admin/logrotate.fc @@ -1,16 +1,16 @@ -/etc/cron\.(daily|weekly)/sysklogd -- context_template(system_u:object_r:logrotate_exec_t,s0) +/etc/cron\.(daily|weekly)/sysklogd -- gen_context(system_u:object_r:logrotate_exec_t,s0) -/usr/sbin/logcheck -- context_template(system_u:object_r:logrotate_exec_t,s0) -/usr/sbin/logrotate -- context_template(system_u:object_r:logrotate_exec_t,s0) +/usr/sbin/logcheck -- gen_context(system_u:object_r:logrotate_exec_t,s0) +/usr/sbin/logrotate -- gen_context(system_u:object_r:logrotate_exec_t,s0) -/var/lib/logcheck(/.*)? context_template(system_u:object_r:logrotate_var_lib_t,s0) +/var/lib/logcheck(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0) # using a hard-coded name under /var/tmp is a bug - new version fixes it -/var/tmp/logcheck -d context_template(system_u:object_r:logrotate_tmp_t,s0) +/var/tmp/logcheck -d gen_context(system_u:object_r:logrotate_tmp_t,s0) ifdef(`distro_debian', ` -/usr/bin/savelog -- context_template(system_u:object_r:logrotate_exec_t,s0) -/var/lib/logrotate(/.*)? context_template(system_u:object_r:logrotate_var_lib_t,s0) +/usr/bin/savelog -- gen_context(system_u:object_r:logrotate_exec_t,s0) +/var/lib/logrotate(/.*)? gen_context(system_u:object_r:logrotate_var_lib_t,s0) ', ` -/var/lib/logrotate\.status -- context_template(system_u:object_r:logrotate_var_lib_t,s0) +/var/lib/logrotate\.status -- gen_context(system_u:object_r:logrotate_var_lib_t,s0) ') diff --git a/refpolicy/policy/modules/admin/netutils.fc b/refpolicy/policy/modules/admin/netutils.fc index 7804251..7b54f17 100644 --- a/refpolicy/policy/modules/admin/netutils.fc +++ b/refpolicy/policy/modules/admin/netutils.fc @@ -1,14 +1,14 @@ -/bin/ping.* -- context_template(system_u:object_r:ping_exec_t,s0) -/bin/tracepath.* -- context_template(system_u:object_r:traceroute_exec_t,s0) -/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0) +/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0) +/bin/tracepath.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) +/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) -/sbin/arping -- context_template(system_u:object_r:netutils_exec_t,s0) +/sbin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0) -/usr/bin/lft -- context_template(system_u:object_r:traceroute_exec_t,s0) -/usr/bin/nmap -- context_template(system_u:object_r:traceroute_exec_t,s0) -/usr/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0) +/usr/bin/lft -- gen_context(system_u:object_r:traceroute_exec_t,s0) +/usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0) +/usr/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) -/usr/sbin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0) -/usr/sbin/hping2 -- context_template(system_u:object_r:ping_exec_t,s0) -/usr/sbin/tcpdump -- context_template(system_u:object_r:netutils_exec_t,s0) +/usr/sbin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) +/usr/sbin/hping2 -- gen_context(system_u:object_r:ping_exec_t,s0) +/usr/sbin/tcpdump -- gen_context(system_u:object_r:netutils_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/quota.fc b/refpolicy/policy/modules/admin/quota.fc index 3e367f0..b760aa3 100644 --- a/refpolicy/policy/modules/admin/quota.fc +++ b/refpolicy/policy/modules/admin/quota.fc @@ -1,14 +1,14 @@ -/sbin/quota(check|on) -- context_template(system_u:object_r:quota_exec_t,s0) +/sbin/quota(check|on) -- gen_context(system_u:object_r:quota_exec_t,s0) ifdef(`distro_redhat',` -/usr/sbin/convertquota -- context_template(system_u:object_r:quota_exec_t,s0) +/usr/sbin/convertquota -- gen_context(system_u:object_r:quota_exec_t,s0) ',` -/sbin/convertquota -- context_template(system_u:object_r:quota_exec_t,s0) +/sbin/convertquota -- gen_context(system_u:object_r:quota_exec_t,s0) ') -HOME_ROOT/a?quota\.(user|group) -- context_template(system_u:object_r:quota_db_t,s0) +HOME_ROOT/a?quota\.(user|group) -- gen_context(system_u:object_r:quota_db_t,s0) -/var/a?quota\.(user|group) -- context_template(system_u:object_r:quota_db_t,s0) +/var/a?quota\.(user|group) -- gen_context(system_u:object_r:quota_db_t,s0) -/var/lib/quota(/.*)? context_template(system_u:object_r:quota_flag_t,s0) +/var/lib/quota(/.*)? gen_context(system_u:object_r:quota_flag_t,s0) diff --git a/refpolicy/policy/modules/admin/rpm.fc b/refpolicy/policy/modules/admin/rpm.fc index c7b02a4..37e4561 100644 --- a/refpolicy/policy/modules/admin/rpm.fc +++ b/refpolicy/policy/modules/admin/rpm.fc @@ -1,32 +1,32 @@ -/bin/rpm -- context_template(system_u:object_r:rpm_exec_t,s0) +/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0) -/usr/bin/apt-get -- context_template(system_u:object_r:rpm_exec_t,s0) -/usr/bin/apt-shell -- context_template(system_u:object_r:rpm_exec_t,s0) -/usr/bin/synaptic -- context_template(system_u:object_r:rpm_exec_t,s0) -/usr/bin/yum -- context_template(system_u:object_r:rpm_exec_t,s0) +/usr/bin/apt-get -- gen_context(system_u:object_r:rpm_exec_t,s0) +/usr/bin/apt-shell -- gen_context(system_u:object_r:rpm_exec_t,s0) +/usr/bin/synaptic -- gen_context(system_u:object_r:rpm_exec_t,s0) +/usr/bin/yum -- gen_context(system_u:object_r:rpm_exec_t,s0) -/usr/lib(64)?/rpm/rpmd -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/rpm/rpmq -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/rpm/rpmk -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/rpm/rpmv -- context_template(system_u:object_r:bin_t,s0) +/usr/lib(64)?/rpm/rpmd -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/rpm/rpmq -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/rpm/rpmk -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/rpm/rpmv -- gen_context(system_u:object_r:bin_t,s0) ifdef(`distro_redhat', ` -/usr/sbin/up2date -- context_template(system_u:object_r:rpm_exec_t,s0) -/usr/sbin/rhn_check -- context_template(system_u:object_r:rpm_exec_t,s0) +/usr/sbin/up2date -- gen_context(system_u:object_r:rpm_exec_t,s0) +/usr/sbin/rhn_check -- gen_context(system_u:object_r:rpm_exec_t,s0) ') -/var/lib/alternatives(/.*)? context_template(system_u:object_r:rpm_var_lib_t,s0) +/var/lib/alternatives(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) -/var/lib/rpm(/.*)? context_template(system_u:object_r:rpm_var_lib_t,s0) +/var/lib/rpm(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) -/var/log/rpmpkgs.* -- context_template(system_u:object_r:rpm_log_t,s0) -/var/log/yum\.log -- context_template(system_u:object_r:rpm_log_t,s0) +/var/log/rpmpkgs.* -- gen_context(system_u:object_r:rpm_log_t,s0) +/var/log/yum\.log -- gen_context(system_u:object_r:rpm_log_t,s0) # SuSE ifdef(`distro_suse', ` -/usr/bin/online_update -- context_template(system_u:object_r:rpm_exec_t,s0) -/sbin/yast2 -- context_template(system_u:object_r:rpm_exec_t,s0) -/var/lib/YaST2(/.*)? context_template(system_u:object_r:rpm_var_lib_t,s0) -/var/log/YaST2(/.*)? context_template(system_u:object_r:rpm_log_t,s0) +/usr/bin/online_update -- gen_context(system_u:object_r:rpm_exec_t,s0) +/sbin/yast2 -- gen_context(system_u:object_r:rpm_exec_t,s0) +/var/lib/YaST2(/.*)? gen_context(system_u:object_r:rpm_var_lib_t,s0) +/var/log/YaST2(/.*)? gen_context(system_u:object_r:rpm_log_t,s0) ') diff --git a/refpolicy/policy/modules/admin/su.fc b/refpolicy/policy/modules/admin/su.fc index f7f130a..5d385e6 100644 --- a/refpolicy/policy/modules/admin/su.fc +++ b/refpolicy/policy/modules/admin/su.fc @@ -1,4 +1,4 @@ -/bin/su -- context_template(system_u:object_r:su_exec_t,s0) +/bin/su -- gen_context(system_u:object_r:su_exec_t,s0) -/usr(/local)?/bin/ksu -- context_template(system_u:object_r:su_exec_t,s0) +/usr(/local)?/bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/sudo.fc b/refpolicy/policy/modules/admin/sudo.fc index 14f48c5..7bddc02 100644 --- a/refpolicy/policy/modules/admin/sudo.fc +++ b/refpolicy/policy/modules/admin/sudo.fc @@ -1,2 +1,2 @@ -/usr/bin/sudo(edit)? -- context_template(system_u:object_r:sudo_exec_t,s0) +/usr/bin/sudo(edit)? -- gen_context(system_u:object_r:sudo_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/tmpreaper.fc b/refpolicy/policy/modules/admin/tmpreaper.fc index f0947c0..81077db 100644 --- a/refpolicy/policy/modules/admin/tmpreaper.fc +++ b/refpolicy/policy/modules/admin/tmpreaper.fc @@ -1,2 +1,2 @@ -/usr/sbin/tmpreaper -- context_template(system_u:object_r:tmpreaper_exec_t,s0) -/usr/sbin/tmpwatch -- context_template(system_u:object_r:tmpreaper_exec_t,s0) +/usr/sbin/tmpreaper -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) +/usr/sbin/tmpwatch -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/updfstab.fc b/refpolicy/policy/modules/admin/updfstab.fc index a30d237..e534c88 100644 --- a/refpolicy/policy/modules/admin/updfstab.fc +++ b/refpolicy/policy/modules/admin/updfstab.fc @@ -1,3 +1,3 @@ -/usr/sbin/fstab-sync -- context_template(system_u:object_r:updfstab_exec_t,s0) -/usr/sbin/updfstab -- context_template(system_u:object_r:updfstab_exec_t,s0) +/usr/sbin/fstab-sync -- gen_context(system_u:object_r:updfstab_exec_t,s0) +/usr/sbin/updfstab -- gen_context(system_u:object_r:updfstab_exec_t,s0) diff --git a/refpolicy/policy/modules/admin/usermanage.fc b/refpolicy/policy/modules/admin/usermanage.fc index 6afac6e..6a22f91 100644 --- a/refpolicy/policy/modules/admin/usermanage.fc +++ b/refpolicy/policy/modules/admin/usermanage.fc @@ -1,30 +1,30 @@ -/usr/bin/chage -- context_template(system_u:object_r:passwd_exec_t,s0) -/usr/bin/chfn -- context_template(system_u:object_r:chfn_exec_t,s0) -/usr/bin/chsh -- context_template(system_u:object_r:chfn_exec_t,s0) -/usr/bin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0) -/usr/bin/passwd -- context_template(system_u:object_r:passwd_exec_t,s0) -/usr/bin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/usr/bin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/bin/chage -- gen_context(system_u:object_r:passwd_exec_t,s0) +/usr/bin/chfn -- gen_context(system_u:object_r:chfn_exec_t,s0) +/usr/bin/chsh -- gen_context(system_u:object_r:chfn_exec_t,s0) +/usr/bin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0) +/usr/bin/passwd -- gen_context(system_u:object_r:passwd_exec_t,s0) +/usr/bin/vigr -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) +/usr/bin/vipw -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) -/usr/lib(64)?/cracklib_dict.* -- context_template(system_u:object_r:crack_db_t,s0) +/usr/lib(64)?/cracklib_dict.* -- gen_context(system_u:object_r:crack_db_t,s0) -/usr/sbin/crack_[a-z]* -- context_template(system_u:object_r:crack_exec_t,s0) -/usr/sbin/cracklib-[a-z]* -- context_template(system_u:object_r:crack_exec_t,s0) -/usr/sbin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0) -/usr/sbin/groupadd -- context_template(system_u:object_r:groupadd_exec_t,s0) -/usr/sbin/groupdel -- context_template(system_u:object_r:groupadd_exec_t,s0) -/usr/sbin/groupmod -- context_template(system_u:object_r:groupadd_exec_t,s0) -/usr/sbin/grpconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/usr/sbin/grpunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/usr/sbin/pwconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/usr/sbin/pwunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/usr/sbin/useradd -- context_template(system_u:object_r:useradd_exec_t,s0) -/usr/sbin/userdel -- context_template(system_u:object_r:useradd_exec_t,s0) -/usr/sbin/usermod -- context_template(system_u:object_r:useradd_exec_t,s0) -/usr/sbin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0) -/usr/sbin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/crack_[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0) +/usr/sbin/cracklib-[a-z]* -- gen_context(system_u:object_r:crack_exec_t,s0) +/usr/sbin/gpasswd -- gen_context(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/groupadd -- gen_context(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/groupdel -- gen_context(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/groupmod -- gen_context(system_u:object_r:groupadd_exec_t,s0) +/usr/sbin/grpconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/grpunconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/pwconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/pwunconv -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/useradd -- gen_context(system_u:object_r:useradd_exec_t,s0) +/usr/sbin/userdel -- gen_context(system_u:object_r:useradd_exec_t,s0) +/usr/sbin/usermod -- gen_context(system_u:object_r:useradd_exec_t,s0) +/usr/sbin/vigr -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) +/usr/sbin/vipw -- gen_context(system_u:object_r:admin_passwd_exec_t,s0) -/usr/share/cracklib(/.*)? context_template(system_u:object_r:crack_db_t,s0) +/usr/share/cracklib(/.*)? gen_context(system_u:object_r:crack_db_t,s0) -/var/cache/cracklib(/.*)? context_template(system_u:object_r:crack_db_t,s0) +/var/cache/cracklib(/.*)? gen_context(system_u:object_r:crack_db_t,s0) diff --git a/refpolicy/policy/modules/admin/vpn.fc b/refpolicy/policy/modules/admin/vpn.fc index b529d6c..e323978 100644 --- a/refpolicy/policy/modules/admin/vpn.fc +++ b/refpolicy/policy/modules/admin/vpn.fc @@ -1,9 +1,9 @@ # # /usr # -/usr/sbin/vpnc -- context_template(system_u:object_r:vpnc_exec_t,s0) +/usr/sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0) # # sbin # -/sbin/vpnc -- context_template(system_u:object_r:vpnc_exec_t,s0) +/sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0) diff --git a/refpolicy/policy/modules/apps/gpg.fc b/refpolicy/policy/modules/apps/gpg.fc index 481f789..78f8a10 100644 --- a/refpolicy/policy/modules/apps/gpg.fc +++ b/refpolicy/policy/modules/apps/gpg.fc @@ -1,12 +1,12 @@ -/usr/bin/gpg(2)? -- context_template(system_u:object_r:gpg_exec_t,s0) -/usr/bin/gpg-agent -- context_template(system_u:object_r:gpg_agent_exec_t,s0) -/usr/bin/kgpg -- context_template(system_u:object_r:gpg_exec_t,s0) -/usr/bin/pinentry.* -- context_template(system_u:object_r:pinentry_exec_t,s0) +/usr/bin/gpg(2)? -- gen_context(system_u:object_r:gpg_exec_t,s0) +/usr/bin/gpg-agent -- gen_context(system_u:object_r:gpg_agent_exec_t,s0) +/usr/bin/kgpg -- gen_context(system_u:object_r:gpg_exec_t,s0) +/usr/bin/pinentry.* -- gen_context(system_u:object_r:pinentry_exec_t,s0) -/usr/lib/gnupg/.* -- context_template(system_u:object_r:gpg_exec_t,s0) -/usr/lib/gnupg/gpgkeys.* -- context_template(system_u:object_r:gpg_helper_exec_t,s0) +/usr/lib/gnupg/.* -- gen_context(system_u:object_r:gpg_exec_t,s0) +/usr/lib/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0) ifdef(`targeted_policy',`',` -HOME_DIR/\.gnupg(/.+)? context_template(system_u:object_r:ROLE_gpg_secret_t,s0) +HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0) ') diff --git a/refpolicy/policy/modules/apps/loadkeys.fc b/refpolicy/policy/modules/apps/loadkeys.fc index 040d261..8549f9f 100644 --- a/refpolicy/policy/modules/apps/loadkeys.fc +++ b/refpolicy/policy/modules/apps/loadkeys.fc @@ -1,3 +1,3 @@ -/bin/loadkeys -- context_template(system_u:object_r:loadkeys_exec_t,s0) -/bin/unikeys -- context_template(system_u:object_r:loadkeys_exec_t,s0) +/bin/loadkeys -- gen_context(system_u:object_r:loadkeys_exec_t,s0) +/bin/unikeys -- gen_context(system_u:object_r:loadkeys_exec_t,s0) diff --git a/refpolicy/policy/modules/kernel/bootloader.fc b/refpolicy/policy/modules/kernel/bootloader.fc index a302ded..392176f 100644 --- a/refpolicy/policy/modules/kernel/bootloader.fc +++ b/refpolicy/policy/modules/kernel/bootloader.fc @@ -1,20 +1,20 @@ -/vmlinuz.* -l context_template(system_u:object_r:boot_t,s0) -/initrd\.img.* -l context_template(system_u:object_r:boot_t,s0) +/vmlinuz.* -l gen_context(system_u:object_r:boot_t,s0) +/initrd\.img.* -l gen_context(system_u:object_r:boot_t,s0) -/boot(/.*)? context_template(system_u:object_r:boot_t,s0) -/boot/System\.map(-.*)? -- context_template(system_u:object_r:system_map_t,s0) +/boot(/.*)? gen_context(system_u:object_r:boot_t,s0) +/boot/System\.map(-.*)? -- gen_context(system_u:object_r:system_map_t,s0) -/etc/lilo\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0) -/etc/yaboot\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0) +/etc/lilo\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0) +/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0) -/etc/mkinitrd/scripts/.* -- context_template(system_u:object_r:bootloader_exec_t,s0) +/etc/mkinitrd/scripts/.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) -/lib(64)?/modules(/.*)? context_template(system_u:object_r:modules_object_t,s0) +/lib(64)?/modules(/.*)? gen_context(system_u:object_r:modules_object_t,s0) -/usr/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0) +/usr/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0) -/sbin/grub.* -- context_template(system_u:object_r:bootloader_exec_t,s0) -/sbin/lilo.* -- context_template(system_u:object_r:bootloader_exec_t,s0) -/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0) -/sbin/ybin.* -- context_template(system_u:object_r:bootloader_exec_t,s0) +/sbin/grub.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) +/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) +/sbin/mkinitrd -- gen_context(system_u:object_r:bootloader_exec_t,s0) +/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) diff --git a/refpolicy/policy/modules/kernel/corenetwork.fc b/refpolicy/policy/modules/kernel/corenetwork.fc index f292cee..2769796 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.fc +++ b/refpolicy/policy/modules/kernel/corenetwork.fc @@ -1,6 +1,6 @@ -/dev/ippp.* -c context_template(system_u:object_r:ppp_device_t,s0) -/dev/ppp -c context_template(system_u:object_r:ppp_device_t,s0) -/dev/pppox.* -c context_template(system_u:object_r:ppp_device_t,s0) +/dev/ippp.* -c gen_context(system_u:object_r:ppp_device_t,s0) +/dev/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) +/dev/pppox.* -c gen_context(system_u:object_r:ppp_device_t,s0) -/dev/net/.* -c context_template(system_u:object_r:tun_tap_device_t,s0) +/dev/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4 index 3c67f72..a8d9e9e 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.if.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4 @@ -426,7 +426,7 @@ ifelse($4,`',`',`determine_reserved_capability(shiftn(3,$*))')dnl end inner ifel define(`declare_ports',`dnl ifelse(eval($3 < 1024),1,`typeattribute $1 reserved_port_type;',`dnl') -portcon $2 $3 context_template(system_u:object_r:$1,$4) +portcon $2 $3 gen_context(system_u:object_r:$1,$4) ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl ') diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in index 5a45c06..d13b1cd 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.in +++ b/refpolicy/policy/modules/kernel/corenetwork.te.in @@ -29,7 +29,7 @@ dev_node(tun_tap_device_t) # port_t is the default type of INET port numbers. # type port_t, port_type; -sid port context_template(system_u:object_r:port_t,s0) +sid port gen_context(system_u:object_r:port_t,s0) # # reserved_port_t is the type of INET port numbers below 1024. @@ -120,8 +120,8 @@ network_port(zope, tcp,8021,s0) # Defaults for reserved ports. Earlier portcon entries take precedence; # these entries just cover any remaining reserved ports not otherwise declared. -portcon tcp 1-1023 context_template(system_u:object_r:reserved_port_t, s0) -portcon udp 1-1023 context_template(system_u:object_r:reserved_port_t, s0) +portcon tcp 1-1023 gen_context(system_u:object_r:reserved_port_t, s0) +portcon udp 1-1023 gen_context(system_u:object_r:reserved_port_t, s0) ######################################## # @@ -134,7 +134,7 @@ portcon udp 1-1023 context_template(system_u:object_r:reserved_port_t, s0) # nodes in net_contexts or net_contexts.mls. # type node_t, node_type; -sid node context_template(system_u:object_r:node_t,s0) +sid node gen_context(system_u:object_r:node_t,s0) network_node(compat_ipv4, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff::) network_node(inaddr_any, s0, 0.0.0.0, 255.255.255.255) @@ -155,7 +155,7 @@ network_node(unspec, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) # netif_t is the default type of network interfaces. # type netif_t, netif_type; -sid netif context_template(system_u:object_r:netif_t,s0) +sid netif gen_context(system_u:object_r:netif_t,s0) #network_interface(lo, lo,s0) #network_interface(eth0, eth0,s0) diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.m4 b/refpolicy/policy/modules/kernel/corenetwork.te.m4 index 80a5531..0931c05 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4 @@ -1,5 +1,5 @@ define(`declare_netifs',`dnl -netifcon $2 context_template(system_u:object_r:$1,$3) context_template(system_u:object_r:unlabeled_t,$3) +netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3) ifelse(`$4',`',`',`declare_netifs($1,shiftn(3,$*))')dnl ') @@ -17,7 +17,7 @@ declare_netifs($1_netif_t,shift($*)) # define(`network_node',` type $1_node_t alias node_$1_t, node_type; -nodecon $3 $4 context_template(system_u:object_r:$1_node_t,$2) +nodecon $3 $4 gen_context(system_u:object_r:$1_node_t,$2) ') # These next three macros have formatting, and should not me indented @@ -35,7 +35,7 @@ ifelse($4,`',`',`determine_reserved_capability_depend(shiftn(3,$*))')dnl end inn define(`declare_ports',`dnl ifelse(eval($3 < 1024),1,`typeattribute $1 reserved_port_type;',`dnl') -portcon $2 $3 context_template(system_u:object_r:$1,$4) +portcon $2 $3 gen_context(system_u:object_r:$1,$4) ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl ') diff --git a/refpolicy/policy/modules/kernel/devices.fc b/refpolicy/policy/modules/kernel/devices.fc index 0ef00bf..d11b6b0 100644 --- a/refpolicy/policy/modules/kernel/devices.fc +++ b/refpolicy/policy/modules/kernel/devices.fc @@ -1,87 +1,87 @@ -/dev(/.*)? context_template(system_u:object_r:device_t,s0) +/dev(/.*)? gen_context(system_u:object_r:device_t,s0) -/dev/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/adsp -c context_template(system_u:object_r:sound_device_t,s0) -/dev/agpgart -c context_template(system_u:object_r:agp_device_t,s0) -/dev/aload.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/amidi.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/amixer.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/apm_bios -c context_template(system_u:object_r:apm_bios_t,s0) -/dev/atibm -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/audio.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/beep -c context_template(system_u:object_r:sound_device_t,s0) -/dev/console -c context_template(system_u:object_r:console_device_t,s0) -/dev/dsp.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/fb[0-9]* -c context_template(system_u:object_r:framebuf_device_t,s0) -/dev/full -c context_template(system_u:object_r:null_device_t,s0) -/dev/irlpt[0-9]+ -c context_template(system_u:object_r:printer_device_t,s0) -/dev/js.* -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/kmem -c context_template(system_u:object_r:memory_device_t,s0) -/dev/logibm -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/lp.* -c context_template(system_u:object_r:printer_device_t,s0) -/dev/mem -c context_template(system_u:object_r:memory_device_t,s0) -/dev/microcode -c context_template(system_u:object_r:cpu_device_t,s0) -/dev/midi.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/mixer.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/mmetfgrab -c context_template(system_u:object_r:scanner_device_t,s0) -/dev/mpu401.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/null -c context_template(system_u:object_r:null_device_t,s0) -/dev/nvidia.* -c context_template(system_u:object_r:xserver_misc_device_t,s0) -/dev/nvram -c context_template(system_u:object_r:memory_device_t,s0) -/dev/par.* -c context_template(system_u:object_r:printer_device_t,s0) -/dev/patmgr[01] -c context_template(system_u:object_r:sound_device_t,s0) -/dev/pmu -c context_template(system_u:object_r:power_device_t,s0) -/dev/port -c context_template(system_u:object_r:memory_device_t,s0) -/dev/psaux -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/rmidi.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/radeon -c context_template(system_u:object_r:dri_device_t,s0) -/dev/radio.* -c context_template(system_u:object_r:v4l_device_t,s0) -/dev/random -c context_template(system_u:object_r:random_device_t,s0) -/dev/rtc -c context_template(system_u:object_r:clock_device_t,s0) -/dev/sequencer -c context_template(system_u:object_r:sound_device_t,s0) -/dev/sequencer2 -c context_template(system_u:object_r:sound_device_t,s0) -/dev/smpte.* -c context_template(system_u:object_r:sound_device_t,s0) -/dev/srnd[0-7] -c context_template(system_u:object_r:sound_device_t,s0) -/dev/sndstat -c context_template(system_u:object_r:sound_device_t,s0) -/dev/tlk[0-3] -c context_template(system_u:object_r:v4l_device_t,s0) -/dev/urandom -c context_template(system_u:object_r:urandom_device_t,s0) -/dev/usblp.* -c context_template(system_u:object_r:printer_device_t,s0) +/dev/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/adsp -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/agpgart -c gen_context(system_u:object_r:agp_device_t,s0) +/dev/aload.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/amidi.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/amixer.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/apm_bios -c gen_context(system_u:object_r:apm_bios_t,s0) +/dev/atibm -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/beep -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/console -c gen_context(system_u:object_r:console_device_t,s0) +/dev/dsp.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/fb[0-9]* -c gen_context(system_u:object_r:framebuf_device_t,s0) +/dev/full -c gen_context(system_u:object_r:null_device_t,s0) +/dev/irlpt[0-9]+ -c gen_context(system_u:object_r:printer_device_t,s0) +/dev/js.* -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/kmem -c gen_context(system_u:object_r:memory_device_t,s0) +/dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) +/dev/mem -c gen_context(system_u:object_r:memory_device_t,s0) +/dev/microcode -c gen_context(system_u:object_r:cpu_device_t,s0) +/dev/midi.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/mixer.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/mmetfgrab -c gen_context(system_u:object_r:scanner_device_t,s0) +/dev/mpu401.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/null -c gen_context(system_u:object_r:null_device_t,s0) +/dev/nvidia.* -c gen_context(system_u:object_r:xserver_misc_device_t,s0) +/dev/nvram -c gen_context(system_u:object_r:memory_device_t,s0) +/dev/par.* -c gen_context(system_u:object_r:printer_device_t,s0) +/dev/patmgr[01] -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/pmu -c gen_context(system_u:object_r:power_device_t,s0) +/dev/port -c gen_context(system_u:object_r:memory_device_t,s0) +/dev/psaux -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/rmidi.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/radeon -c gen_context(system_u:object_r:dri_device_t,s0) +/dev/radio.* -c gen_context(system_u:object_r:v4l_device_t,s0) +/dev/random -c gen_context(system_u:object_r:random_device_t,s0) +/dev/rtc -c gen_context(system_u:object_r:clock_device_t,s0) +/dev/sequencer -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/sequencer2 -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/smpte.* -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/srnd[0-7] -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/sndstat -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/tlk[0-3] -c gen_context(system_u:object_r:v4l_device_t,s0) +/dev/urandom -c gen_context(system_u:object_r:urandom_device_t,s0) +/dev/usblp.* -c gen_context(system_u:object_r:printer_device_t,s0) ifdef(`distro_suse', ` -/dev/usbscanner -c context_template(system_u:object_r:scanner_device_t,s0) +/dev/usbscanner -c gen_context(system_u:object_r:scanner_device_t,s0) ') -/dev/vbi.* -c context_template(system_u:object_r:v4l_device_t,s0) -/dev/video.* -c context_template(system_u:object_r:v4l_device_t,s0) -/dev/vttuner -c context_template(system_u:object_r:v4l_device_t,s0) -/dev/vtx.* -c context_template(system_u:object_r:v4l_device_t,s0) -/dev/winradio. -c context_template(system_u:object_r:v4l_device_t,s0) -/dev/z90crypt -c context_template(system_u:object_r:crypt_device_t,s0) -/dev/zero -c context_template(system_u:object_r:zero_device_t,s0) +/dev/vbi.* -c gen_context(system_u:object_r:v4l_device_t,s0) +/dev/video.* -c gen_context(system_u:object_r:v4l_device_t,s0) +/dev/vttuner -c gen_context(system_u:object_r:v4l_device_t,s0) +/dev/vtx.* -c gen_context(system_u:object_r:v4l_device_t,s0) +/dev/winradio. -c gen_context(system_u:object_r:v4l_device_t,s0) +/dev/z90crypt -c gen_context(system_u:object_r:crypt_device_t,s0) +/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0) -/dev/cpu/.* -c context_template(system_u:object_r:cpu_device_t,s0) -/dev/cpu/mtrr -c context_template(system_u:object_r:mtrr_device_t,s0) +/dev/cpu/.* -c gen_context(system_u:object_r:cpu_device_t,s0) +/dev/cpu/mtrr -c gen_context(system_u:object_r:mtrr_device_t,s0) -/dev/dri/.+ -c context_template(system_u:object_r:dri_device_t,s0) +/dev/dri/.+ -c gen_context(system_u:object_r:dri_device_t,s0) -/dev/input/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/input/event.* -c context_template(system_u:object_r:event_device_t,s0) -/dev/input/mice -c context_template(system_u:object_r:mouse_device_t,s0) -/dev/input/js.* -c context_template(system_u:object_r:mouse_device_t,s0) +/dev/input/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/input/event.* -c gen_context(system_u:object_r:event_device_t,s0) +/dev/input/mice -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/input/js.* -c gen_context(system_u:object_r:mouse_device_t,s0) -/dev/mapper/control -c context_template(system_u:object_r:lvm_control_t,s0) +/dev/mapper/control -c gen_context(system_u:object_r:lvm_control_t,s0) /dev/pts(/.*)? <> -/dev/s(ou)?nd/.* -c context_template(system_u:object_r:sound_device_t,s0) +/dev/s(ou)?nd/.* -c gen_context(system_u:object_r:sound_device_t,s0) -/dev/usb/dc2xx.* -c context_template(system_u:object_r:scanner_device_t,s0) -/dev/usb/lp.* -c context_template(system_u:object_r:printer_device_t,s0) -/dev/usb/mdc800.* -c context_template(system_u:object_r:scanner_device_t,s0) -/dev/usb/scanner.* -c context_template(system_u:object_r:scanner_device_t,s0) +/dev/usb/dc2xx.* -c gen_context(system_u:object_r:scanner_device_t,s0) +/dev/usb/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) +/dev/usb/mdc800.* -c gen_context(system_u:object_r:scanner_device_t,s0) +/dev/usb/scanner.* -c gen_context(system_u:object_r:scanner_device_t,s0) ifdef(`distro_redhat',` # originally from named.fc -/var/named/chroot/dev/null -c context_template(system_u:object_r:null_device_t,s0) -/var/named/chroot/dev/random -c context_template(system_u:object_r:random_device_t,s0) -/var/named/chroot/dev/zero -c context_template(system_u:object_r:zero_device_t,s0) +/var/named/chroot/dev/null -c gen_context(system_u:object_r:null_device_t,s0) +/var/named/chroot/dev/random -c gen_context(system_u:object_r:random_device_t,s0) +/var/named/chroot/dev/zero -c gen_context(system_u:object_r:zero_device_t,s0) ') diff --git a/refpolicy/policy/modules/kernel/devices.te b/refpolicy/policy/modules/kernel/devices.te index 7bfc328..9af6cc6 100644 --- a/refpolicy/policy/modules/kernel/devices.te +++ b/refpolicy/policy/modules/kernel/devices.te @@ -114,7 +114,7 @@ fs_associate_tmpfs(mouse_device_t) type mtrr_device_t, device_node; fs_associate(mtrr_device_t) fs_associate_tmpfs(mtrr_device_t) -genfscon proc /mtrr context_template(system_u:object_r:mtrr_device_t,s0) +genfscon proc /mtrr gen_context(system_u:object_r:mtrr_device_t,s0) # # null_device_t is the type of /dev/null. @@ -123,7 +123,7 @@ type null_device_t, device_node; fs_associate(null_device_t) fs_associate_tmpfs(null_device_t) mls_trusted_object(null_device_t) -sid devnull context_template(system_u:object_r:null_device_t,s0) +sid devnull gen_context(system_u:object_r:null_device_t,s0) # # Type for /dev/pmu @@ -160,7 +160,7 @@ fs_associate_tmpfs(sound_device_t) type sysfs_t; files_mountpoint(sysfs_t) fs_type(sysfs_t) -genfscon sysfs / context_template(system_u:object_r:sysfs_t,s0) +genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0) # # urandom_device_t is the type of /dev/urandom @@ -175,8 +175,8 @@ fs_associate_tmpfs(urandom_device_t) type usbfs_t alias usbdevfs_t; files_mountpoint(usbfs_t) fs_make_noxattr_fs(usbfs_t) -genfscon usbfs / context_template(system_u:object_r:usbfs_t,s0) -genfscon usbdevfs / context_template(system_u:object_r:usbfs_t,s0) +genfscon usbfs / gen_context(system_u:object_r:usbfs_t,s0) +genfscon usbdevfs / gen_context(system_u:object_r:usbfs_t,s0) type v4l_device_t, device_node; fs_associate(v4l_device_t) diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te index 15082ed..511d864 100644 --- a/refpolicy/policy/modules/kernel/filesystem.te +++ b/refpolicy/policy/modules/kernel/filesystem.te @@ -15,64 +15,64 @@ attribute noxattrfs; # filesystems with extended attributes # type fs_t, filesystem_type; -sid fs context_template(system_u:object_r:fs_t,s0) +sid fs gen_context(system_u:object_r:fs_t,s0) # Use xattrs for the following filesystem types. # Requires that a security xattr handler exist for the filesystem. -fs_use_xattr ext2 context_template(system_u:object_r:fs_t,s0); -fs_use_xattr ext3 context_template(system_u:object_r:fs_t,s0); -fs_use_xattr jfs context_template(system_u:object_r:fs_t,s0); -fs_use_xattr reiserfs context_template(system_u:object_r:fs_t,s0); -fs_use_xattr xfs context_template(system_u:object_r:fs_t,s0); +fs_use_xattr ext2 gen_context(system_u:object_r:fs_t,s0); +fs_use_xattr ext3 gen_context(system_u:object_r:fs_t,s0); +fs_use_xattr jfs gen_context(system_u:object_r:fs_t,s0); +fs_use_xattr reiserfs gen_context(system_u:object_r:fs_t,s0); +fs_use_xattr xfs gen_context(system_u:object_r:fs_t,s0); # Use the allocating task SID to label inodes in the following filesystem # types, and label the filesystem itself with the specified context. # This is appropriate for pseudo filesystems that represent objects # like pipes and sockets, so that these objects are labeled with the same # type as the creating task. -fs_use_task pipefs context_template(system_u:object_r:fs_t,s0); -fs_use_task sockfs context_template(system_u:object_r:fs_t,s0); +fs_use_task pipefs gen_context(system_u:object_r:fs_t,s0); +fs_use_task sockfs gen_context(system_u:object_r:fs_t,s0); ############################## # # Non-persistent/pseudo filesystems # type bdev_t, filesystem_type; -genfscon bdev / context_template(system_u:object_r:bdev_t,s0) +genfscon bdev / gen_context(system_u:object_r:bdev_t,s0) type binfmt_misc_fs_t, filesystem_type; files_mountpoint(binfmt_misc_fs_t) -genfscon binfmt_misc / context_template(system_u:object_r:binfmt_misc_fs_t,s0) +genfscon binfmt_misc / gen_context(system_u:object_r:binfmt_misc_fs_t,s0) type eventpollfs_t, filesystem_type; -genfscon eventpollfs / context_template(system_u:object_r:eventpollfs_t,s0) +genfscon eventpollfs / gen_context(system_u:object_r:eventpollfs_t,s0) type futexfs_t, filesystem_type; -genfscon futexfs / context_template(system_u:object_r:futexfs_t,s0) +genfscon futexfs / gen_context(system_u:object_r:futexfs_t,s0) type hugetlbfs_t, filesystem_type; files_mountpoint(hugetlbfs_t) allow hugetlbfs_t self:filesystem associate; -genfscon hugetlbfs / context_template(system_u:object_r:hugetlbfs_t,s0) +genfscon hugetlbfs / gen_context(system_u:object_r:hugetlbfs_t,s0) type inotifyfs_t, filesystem_type; allow inotifyfs_t self:filesystem associate; -genfscon inotifyfs / context_template(system_u:object_r:inotifyfs_t,s0) +genfscon inotifyfs / gen_context(system_u:object_r:inotifyfs_t,s0) type nfsd_fs_t, filesystem_type; -genfscon nfsd / context_template(system_u:object_r:nfsd_fs_t,s0) +genfscon nfsd / gen_context(system_u:object_r:nfsd_fs_t,s0) type ramfs_t, filesystem_type; allow ramfs_t self:filesystem associate; -genfscon ramfs / context_template(system_u:object_r:ramfs_t,s0) +genfscon ramfs / gen_context(system_u:object_r:ramfs_t,s0) type romfs_t, filesystem_type; allow romfs_t self:filesystem associate; -genfscon romfs / context_template(system_u:object_r:romfs_t,s0) -genfscon cramfs / context_template(system_u:object_r:romfs_t,s0) +genfscon romfs / gen_context(system_u:object_r:romfs_t,s0) +genfscon cramfs / gen_context(system_u:object_r:romfs_t,s0) type rpc_pipefs_t, filesystem_type; -genfscon rpc_pipefs / context_template(system_u:object_r:rpc_pipefs_t,s0) +genfscon rpc_pipefs / gen_context(system_u:object_r:rpc_pipefs_t,s0) # # tmpfs_t is the type for tmpfs filesystems @@ -86,9 +86,9 @@ files_mountpoint(tmpfs_t) # and label the filesystem itself with the specified context. # This is appropriate for pseudo filesystems like devpts and tmpfs # where we want to label objects with a derived type. -fs_use_trans mqueue context_template(system_u:object_r:tmpfs_t,s0); -fs_use_trans shm context_template(system_u:object_r:tmpfs_t,s0); -fs_use_trans tmpfs context_template(system_u:object_r:tmpfs_t,s0); +fs_use_trans mqueue gen_context(system_u:object_r:tmpfs_t,s0); +fs_use_trans shm gen_context(system_u:object_r:tmpfs_t,s0); +fs_use_trans tmpfs gen_context(system_u:object_r:tmpfs_t,s0); allow tmpfs_t self:filesystem associate; allow tmpfs_t noxattrfs:filesystem associate; @@ -99,8 +99,8 @@ allow tmpfs_t noxattrfs:filesystem associate; # type autofs_t, filesystem_type, noxattrfs; allow autofs_t self:filesystem associate; -genfscon autofs / context_template(system_u:object_r:autofs_t,s0) -genfscon automount / context_template(system_u:object_r:autofs_t,s0) +genfscon autofs / gen_context(system_u:object_r:autofs_t,s0) +genfscon automount / gen_context(system_u:object_r:autofs_t,s0) # # cifs_t is the type for filesystems and their @@ -108,8 +108,8 @@ genfscon automount / context_template(system_u:object_r:autofs_t,s0) # type cifs_t alias sambafs_t, filesystem_type, noxattrfs; allow cifs_t self:filesystem associate; -genfscon cifs / context_template(system_u:object_r:cifs_t,s0) -genfscon smbfs / context_template(system_u:object_r:cifs_t,s0) +genfscon cifs / gen_context(system_u:object_r:cifs_t,s0) +genfscon smbfs / gen_context(system_u:object_r:cifs_t,s0) # # dosfs_t is the type for fat and vfat @@ -117,10 +117,10 @@ genfscon smbfs / context_template(system_u:object_r:cifs_t,s0) # type dosfs_t, filesystem_type, noxattrfs; allow dosfs_t self:filesystem associate; -genfscon fat / context_template(system_u:object_r:dosfs_t,s0) -genfscon msdos / context_template(system_u:object_r:dosfs_t,s0) -genfscon ntfs / context_template(system_u:object_r:dosfs_t,s0) -genfscon vfat / context_template(system_u:object_r:dosfs_t,s0) +genfscon fat / gen_context(system_u:object_r:dosfs_t,s0) +genfscon msdos / gen_context(system_u:object_r:dosfs_t,s0) +genfscon ntfs / gen_context(system_u:object_r:dosfs_t,s0) +genfscon vfat / gen_context(system_u:object_r:dosfs_t,s0) # # iso9660_t is the type for CD filesystems @@ -128,8 +128,8 @@ genfscon vfat / context_template(system_u:object_r:dosfs_t,s0) # type iso9660_t, filesystem_type, noxattrfs; allow iso9660_t self:filesystem associate; -genfscon iso9660 / context_template(system_u:object_r:iso9660_t,s0) -genfscon udf / context_template(system_u:object_r:iso9660_t,s0) +genfscon iso9660 / gen_context(system_u:object_r:iso9660_t,s0) +genfscon udf / gen_context(system_u:object_r:iso9660_t,s0) # # removable_t is the default type of all removable media @@ -144,6 +144,6 @@ allow removable_t noxattrfs:filesystem associate; type nfs_t, filesystem_type, noxattrfs; files_mountpoint(nfs_t) allow nfs_t self:filesystem associate; -genfscon nfs / context_template(system_u:object_r:nfs_t,s0) -genfscon nfs4 / context_template(system_u:object_r:nfs_t,s0) -genfscon afs / context_template(system_u:object_r:nfs_t,s0) +genfscon nfs / gen_context(system_u:object_r:nfs_t,s0) +genfscon nfs4 / gen_context(system_u:object_r:nfs_t,s0) +genfscon afs / gen_context(system_u:object_r:nfs_t,s0) diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te index 8dfb298..169fd14 100644 --- a/refpolicy/policy/modules/kernel/kernel.te +++ b/refpolicy/policy/modules/kernel/kernel.te @@ -29,7 +29,7 @@ type kernel_t, can_load_kernmodule; domain_base_type(kernel_t) mls_rangetrans_source(kernel_t) role system_r types kernel_t; -sid kernel context_template(system_u:system_r:kernel_t,s0 - s9:c0.c127, c0.c127) +sid kernel gen_context(system_u:system_r:kernel_t,s0 - s9:c0.c127, c0.c127) # # DebugFS @@ -38,7 +38,7 @@ sid kernel context_template(system_u:system_r:kernel_t,s0 - s9:c0.c127, c0.c127) type debugfs_t; fs_type(debugfs_t) allow debugfs_t self:filesystem associate; -genfscon debugfs / context_template(system_u:object_r:debugfs_t,s0) +genfscon debugfs / gen_context(system_u:object_r:debugfs_t,s0) # # Procfs types @@ -47,24 +47,24 @@ genfscon debugfs / context_template(system_u:object_r:debugfs_t,s0) type proc_t, proc_type; files_mountpoint(proc_t) fs_type(proc_t) -genfscon proc / context_template(system_u:object_r:proc_t,s0) -genfscon proc /sysvipc context_template(system_u:object_r:proc_t,s0) +genfscon proc / gen_context(system_u:object_r:proc_t,s0) +genfscon proc /sysvipc gen_context(system_u:object_r:proc_t,s0) # kernel message interface type proc_kmsg_t, proc_type; -genfscon proc /kmsg context_template(system_u:object_r:proc_kmsg_t,s0) +genfscon proc /kmsg gen_context(system_u:object_r:proc_kmsg_t,s0) neverallow ~can_receive_kernel_messages proc_kmsg_t:file ~getattr; # /proc kcore: inaccessible type proc_kcore_t, proc_type; neverallow { domain -kern_unconfined } proc_kcore_t:file ~getattr; -genfscon proc /kcore context_template(system_u:object_r:proc_kcore_t,s0) +genfscon proc /kcore gen_context(system_u:object_r:proc_kcore_t,s0) type proc_mdstat_t, proc_type; -genfscon proc /mdstat context_template(system_u:object_r:proc_mdstat_t,s0) +genfscon proc /mdstat gen_context(system_u:object_r:proc_mdstat_t,s0) type proc_net_t, proc_type; -genfscon proc /net context_template(system_u:object_r:proc_net_t,s0) +genfscon proc /net gen_context(system_u:object_r:proc_net_t,s0) # # Sysctl types @@ -73,49 +73,49 @@ genfscon proc /net context_template(system_u:object_r:proc_net_t,s0) # /proc/sys directory, base directory of sysctls type sysctl_t, sysctl_type; files_mountpoint(sysctl_t) -sid sysctl context_template(system_u:object_r:sysctl_t,s0) -genfscon proc /sys context_template(system_u:object_r:sysctl_t,s0) +sid sysctl gen_context(system_u:object_r:sysctl_t,s0) +genfscon proc /sys gen_context(system_u:object_r:sysctl_t,s0) # /proc/irq directory and files type sysctl_irq_t, sysctl_type; -genfscon proc /irq context_template(system_u:object_r:sysctl_irq_t,s0) +genfscon proc /irq gen_context(system_u:object_r:sysctl_irq_t,s0) # /proc/net/rpc directory and files type sysctl_rpc_t, sysctl_type; -genfscon proc /net/rpc context_template(system_u:object_r:sysctl_rpc_t,s0) +genfscon proc /net/rpc gen_context(system_u:object_r:sysctl_rpc_t,s0) # /proc/sys/fs directory and files type sysctl_fs_t, sysctl_type; files_mountpoint(sysctl_fs_t) -genfscon proc /sys/fs context_template(system_u:object_r:sysctl_fs_t,s0) +genfscon proc /sys/fs gen_context(system_u:object_r:sysctl_fs_t,s0) # /proc/sys/kernel directory and files type sysctl_kernel_t, sysctl_type; -genfscon proc /sys/kernel context_template(system_u:object_r:sysctl_kernel_t,s0) +genfscon proc /sys/kernel gen_context(system_u:object_r:sysctl_kernel_t,s0) # /proc/sys/kernel/modprobe file type sysctl_modprobe_t, sysctl_type; -genfscon proc /sys/kernel/modprobe context_template(system_u:object_r:sysctl_modprobe_t,s0) +genfscon proc /sys/kernel/modprobe gen_context(system_u:object_r:sysctl_modprobe_t,s0) # /proc/sys/kernel/hotplug file type sysctl_hotplug_t, sysctl_type; -genfscon proc /sys/kernel/hotplug context_template(system_u:object_r:sysctl_hotplug_t,s0) +genfscon proc /sys/kernel/hotplug gen_context(system_u:object_r:sysctl_hotplug_t,s0) # /proc/sys/net directory and files type sysctl_net_t, sysctl_type; -genfscon proc /sys/net context_template(system_u:object_r:sysctl_net_t,s0) +genfscon proc /sys/net gen_context(system_u:object_r:sysctl_net_t,s0) # /proc/sys/net/unix directory and files type sysctl_net_unix_t, sysctl_type; -genfscon proc /sys/net/unix context_template(system_u:object_r:sysctl_net_unix_t,s0) +genfscon proc /sys/net/unix gen_context(system_u:object_r:sysctl_net_unix_t,s0) # /proc/sys/vm directory and files type sysctl_vm_t, sysctl_type; -genfscon proc /sys/vm context_template(system_u:object_r:sysctl_vm_t,s0) +genfscon proc /sys/vm gen_context(system_u:object_r:sysctl_vm_t,s0) # /proc/sys/dev directory and files type sysctl_dev_t, sysctl_type; -genfscon proc /sys/dev context_template(system_u:object_r:sysctl_dev_t,s0) +genfscon proc /sys/dev gen_context(system_u:object_r:sysctl_dev_t,s0) # # unlabeled_t is the type of unlabeled objects. @@ -123,26 +123,26 @@ genfscon proc /sys/dev context_template(system_u:object_r:sysctl_dev_t,s0) # have labels that are no longer valid are treated as having this type. # type unlabeled_t; -sid unlabeled context_template(system_u:object_r:unlabeled_t,s0) +sid unlabeled gen_context(system_u:object_r:unlabeled_t,s0) # These initial sids are no longer used, and can be removed: -sid any_socket context_template(system_u:object_r:unlabeled_t,s0) -sid file_labels context_template(system_u:object_r:unlabeled_t,s0) -sid icmp_socket context_template(system_u:object_r:unlabeled_t,s0) -sid igmp_packet context_template(system_u:object_r:unlabeled_t,s0) -sid init context_template(system_u:object_r:unlabeled_t,s0) -sid kmod context_template(system_u:object_r:unlabeled_t,s0) -sid netmsg context_template(system_u:object_r:unlabeled_t,s0) -sid policy context_template(system_u:object_r:unlabeled_t,s0) -sid scmp_packet context_template(system_u:object_r:unlabeled_t,s0) -sid sysctl_modprobe context_template(system_u:object_r:unlabeled_t,s0) -sid sysctl_fs context_template(system_u:object_r:unlabeled_t,s0) -sid sysctl_kernel context_template(system_u:object_r:unlabeled_t,s0) -sid sysctl_net context_template(system_u:object_r:unlabeled_t,s0) -sid sysctl_net_unix context_template(system_u:object_r:unlabeled_t,s0) -sid sysctl_vm context_template(system_u:object_r:unlabeled_t,s0) -sid sysctl_dev context_template(system_u:object_r:unlabeled_t,s0) -sid tcp_socket context_template(system_u:object_r:unlabeled_t,s0) +sid any_socket gen_context(system_u:object_r:unlabeled_t,s0) +sid file_labels gen_context(system_u:object_r:unlabeled_t,s0) +sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s0) +sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s0) +sid init gen_context(system_u:object_r:unlabeled_t,s0) +sid kmod gen_context(system_u:object_r:unlabeled_t,s0) +sid netmsg gen_context(system_u:object_r:unlabeled_t,s0) +sid policy gen_context(system_u:object_r:unlabeled_t,s0) +sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s0) +sid sysctl_modprobe gen_context(system_u:object_r:unlabeled_t,s0) +sid sysctl_fs gen_context(system_u:object_r:unlabeled_t,s0) +sid sysctl_kernel gen_context(system_u:object_r:unlabeled_t,s0) +sid sysctl_net gen_context(system_u:object_r:unlabeled_t,s0) +sid sysctl_net_unix gen_context(system_u:object_r:unlabeled_t,s0) +sid sysctl_vm gen_context(system_u:object_r:unlabeled_t,s0) +sid sysctl_dev gen_context(system_u:object_r:unlabeled_t,s0) +sid tcp_socket gen_context(system_u:object_r:unlabeled_t,s0) ######################################## # diff --git a/refpolicy/policy/modules/kernel/selinux.te b/refpolicy/policy/modules/kernel/selinux.te index cfc9cbf..0fc0a5a 100644 --- a/refpolicy/policy/modules/kernel/selinux.te +++ b/refpolicy/policy/modules/kernel/selinux.te @@ -18,8 +18,8 @@ attribute can_setsecparam; type security_t; fs_type(security_t) mls_trusted_object(security_t) -sid security context_template(system_u:object_r:security_t,s0) -genfscon selinuxfs / context_template(system_u:object_r:security_t,s0) +sid security gen_context(system_u:object_r:security_t,s0) +genfscon selinuxfs / gen_context(system_u:object_r:security_t,s0) neverallow ~can_load_policy security_t:security load_policy; neverallow ~can_setenforce security_t:security setenforce; diff --git a/refpolicy/policy/modules/kernel/storage.fc b/refpolicy/policy/modules/kernel/storage.fc index 9243102..cb5177d 100644 --- a/refpolicy/policy/modules/kernel/storage.fc +++ b/refpolicy/policy/modules/kernel/storage.fc @@ -1,60 +1,60 @@ -/dev/n?(raw)?[qr]ft[0-3] -c context_template(system_u:object_r:tape_device_t,s0) -/dev/n?[hs]t[0-9].* -c context_template(system_u:object_r:tape_device_t,s0) -/dev/n?z?qft[0-3] -c context_template(system_u:object_r:tape_device_t,s0) -/dev/n?osst[0-3].* -c context_template(system_u:object_r:tape_device_t,s0) -/dev/n?pt[0-9]+ -c context_template(system_u:object_r:tape_device_t,s0) -/dev/n?tpqic[12].* -c context_template(system_u:object_r:tape_device_t,s0) -/dev/[shmx]d[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/aztcd -b context_template(system_u:object_r:removable_device_t,s0) -/dev/bpcd -b context_template(system_u:object_r:removable_device_t,s0) -/dev/cdu.* -b context_template(system_u:object_r:removable_device_t,s0) -/dev/cm20.* -b context_template(system_u:object_r:removable_device_t,s0) -/dev/dasd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/dm-[0-9]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/fd[^/]+ -b context_template(system_u:object_r:removable_device_t,s0) -/dev/flash[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/gscd -b context_template(system_u:object_r:removable_device_t,s0) -/dev/hitcd -b context_template(system_u:object_r:removable_device_t,s0) -/dev/ht[0-1] -b context_template(system_u:object_r:tape_device_t,s0) -/dev/initrd -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/jsfd -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/jsflash -c context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/loop.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/lvm -c context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/mcdx? -b context_template(system_u:object_r:removable_device_t,s0) -/dev/nb[^/]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/optcd -b context_template(system_u:object_r:removable_device_t,s0) -/dev/p[fg][0-3] -b context_template(system_u:object_r:removable_device_t,s0) -/dev/pcd[0-3] -b context_template(system_u:object_r:removable_device_t,s0) -/dev/pd[a-d][^/]* -b context_template(system_u:object_r:removable_device_t,s0) -/dev/pg[0-3] -c context_template(system_u:object_r:removable_device_t,s0) -/dev/ram.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/rawctl -c context_template(system_u:object_r:fixed_disk_device_t,s0) -/dev/rd.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/n?(raw)?[qr]ft[0-3] -c gen_context(system_u:object_r:tape_device_t,s0) +/dev/n?[hs]t[0-9].* -c gen_context(system_u:object_r:tape_device_t,s0) +/dev/n?z?qft[0-3] -c gen_context(system_u:object_r:tape_device_t,s0) +/dev/n?osst[0-3].* -c gen_context(system_u:object_r:tape_device_t,s0) +/dev/n?pt[0-9]+ -c gen_context(system_u:object_r:tape_device_t,s0) +/dev/n?tpqic[12].* -c gen_context(system_u:object_r:tape_device_t,s0) +/dev/[shmx]d[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/aztcd -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/bpcd -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/cdu.* -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/cm20.* -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/dasd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/dm-[0-9]+ -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/fd[^/]+ -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/flash[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/gscd -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/hitcd -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/ht[0-1] -b gen_context(system_u:object_r:tape_device_t,s0) +/dev/initrd -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/jsfd -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/jsflash -c gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/lvm -c gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/mcdx? -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/nb[^/]+ -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/optcd -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/p[fg][0-3] -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/pcd[0-3] -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/pd[a-d][^/]* -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/pg[0-3] -c gen_context(system_u:object_r:removable_device_t,s0) +/dev/ram.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/rawctl -c gen_context(system_u:object_r:fixed_disk_device_t,s0) +/dev/rd.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) ifdef(`distro_redhat', ` -/dev/root -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/root -b gen_context(system_u:object_r:fixed_disk_device_t,s0) ') -/dev/s(cd|r)[^/]* -b context_template(system_u:object_r:removable_device_t,s0) -/dev/sbpcd.* -b context_template(system_u:object_r:removable_device_t,s0) -/dev/sg[0-9]+ -c context_template(system_u:object_r:scsi_generic_device_t,s0) -/dev/sjcd -b context_template(system_u:object_r:removable_device_t,s0) -/dev/sonycd -b context_template(system_u:object_r:removable_device_t,s0) -/dev/tape.* -c context_template(system_u:object_r:tape_device_t,s0) -/dev/ubd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/s(cd|r)[^/]* -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/sbpcd.* -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/sg[0-9]+ -c gen_context(system_u:object_r:scsi_generic_device_t,s0) +/dev/sjcd -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/sonycd -b gen_context(system_u:object_r:removable_device_t,s0) +/dev/tape.* -c gen_context(system_u:object_r:tape_device_t,s0) +/dev/ubd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/ataraid/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/ataraid/.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/cciss/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/cciss/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/i2o/hd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/i2o/hd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/ida/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/ida/[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/mapper/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/mapper/.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/raw/raw[0-9]+ -c context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/raw/raw[0-9]+ -c gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/scramdisk/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0) +/dev/scramdisk/.* -b gen_context(system_u:object_r:fixed_disk_device_t,s0) -/dev/usb/rio500 -c context_template(system_u:object_r:removable_device_t,s0) +/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0) diff --git a/refpolicy/policy/modules/kernel/terminal.fc b/refpolicy/policy/modules/kernel/terminal.fc index 7457125..49dafec 100644 --- a/refpolicy/policy/modules/kernel/terminal.fc +++ b/refpolicy/policy/modules/kernel/terminal.fc @@ -1,23 +1,23 @@ -/dev/.*tty[^/]* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c context_template(system_u:object_r:bsdpty_device_t,s0) -/dev/adb.* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/capi.* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/cu.* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/dcbri[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0) -/dev/hvc.* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/hvsi.* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/ircomm[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0) -/dev/ip2[^/]* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/isdn.* -c context_template(system_u:object_r:tty_device_t,s0) -/dev/ptmx -c context_template(system_u:object_r:ptmx_t,s0) -/dev/tty -c context_template(system_u:object_r:devtty_t,s0) -/dev/ttySG.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/.*tty[^/]* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c gen_context(system_u:object_r:bsdpty_device_t,s0) +/dev/adb.* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/capi.* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/cu.* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/dcbri[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/hvc.* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/hvsi.* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/ircomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/ip2[^/]* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0) +/dev/tty -c gen_context(system_u:object_r:devtty_t,s0) +/dev/ttySG.* -c gen_context(system_u:object_r:tty_device_t,s0) -/dev/pty/.* -c context_template(system_u:object_r:bsdpty_device_t,s0) +/dev/pty/.* -c gen_context(system_u:object_r:bsdpty_device_t,s0) -/dev/vcc?/.* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/vcc?/.* -c gen_context(system_u:object_r:tty_device_t,s0) -/dev/vcs[^/]* -c context_template(system_u:object_r:tty_device_t,s0) +/dev/vcs[^/]* -c gen_context(system_u:object_r:tty_device_t,s0) -/dev/usb/tty.* -c context_template(system_u:object_r:usbtty_device_t,s0) +/dev/usb/tty.* -c gen_context(system_u:object_r:usbtty_device_t,s0) diff --git a/refpolicy/policy/modules/kernel/terminal.te b/refpolicy/policy/modules/kernel/terminal.te index dd2318f..894d88d 100644 --- a/refpolicy/policy/modules/kernel/terminal.te +++ b/refpolicy/policy/modules/kernel/terminal.te @@ -27,7 +27,7 @@ dev_node(console_device_t) type devpts_t; files_mountpoint(devpts_t) fs_type(devpts_t) -fs_use_trans devpts context_template(system_u:object_r:devpts_t,s0); +fs_use_trans devpts gen_context(system_u:object_r:devpts_t,s0); # # devtty_t is the type of /dev/tty. diff --git a/refpolicy/policy/modules/services/apache.fc b/refpolicy/policy/modules/services/apache.fc index c7c4151..2042a31 100644 --- a/refpolicy/policy/modules/services/apache.fc +++ b/refpolicy/policy/modules/services/apache.fc @@ -1,66 +1,66 @@ -HOME_DIR/((www)|(web)|(public_html))(/.+)? context_template(system_u:object_r:httpd_ROLE_content_t,s0) +HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0) -/etc/apache(2)?(/.*)? context_template(system_u:object_r:httpd_config_t,s0) -/etc/apache-ssl(2)?(/.*)? context_template(system_u:object_r:httpd_config_t,s0) -/etc/htdig(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0) -/etc/httpd -d context_template(system_u:object_r:httpd_config_t,s0) -/etc/httpd/conf.* context_template(system_u:object_r:httpd_config_t,s0) -/etc/httpd/logs context_template(system_u:object_r:httpd_log_t,s0) -/etc/httpd/modules context_template(system_u:object_r:httpd_modules_t,s0) -/etc/vhosts -- context_template(system_u:object_r:httpd_config_t,s0) +/etc/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) +/etc/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) +/etc/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/etc/httpd -d gen_context(system_u:object_r:httpd_config_t,s0) +/etc/httpd/conf.* gen_context(system_u:object_r:httpd_config_t,s0) +/etc/httpd/logs gen_context(system_u:object_r:httpd_log_t,s0) +/etc/httpd/modules gen_context(system_u:object_r:httpd_modules_t,s0) +/etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0) -/srv/([^/]*/)?www(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0) +/srv/([^/]*/)?www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) -/usr/bin/htsslpass -- context_template(system_u:object_r:httpd_helper_exec_t,s0) +/usr/bin/htsslpass -- gen_context(system_u:object_r:httpd_helper_exec_t,s0) -/usr/lib/apache-ssl/.+ -- context_template(system_u:object_r:httpd_exec_t,s0) -/usr/lib/cgi-bin(/.*)? context_template(system_u:object_r:httpd_sys_script_exec_t,s0) -/usr/lib(64)?/apache(/.*)? context_template(system_u:object_r:httpd_modules_t,s0) -/usr/lib(64)?/apache2/modules(/.*)? context_template(system_u:object_r:httpd_modules_t,s0) -/usr/lib(64)?/apache(2)?/suexec(2)? -- context_template(system_u:object_r:httpd_suexec_exec_t,s0) -/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- context_template(system_u:object_r:httpd_suexec_exec_t,s0) -/usr/lib(64)?/httpd(/.*)? context_template(system_u:object_r:httpd_modules_t,s0) +/usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/lib/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) +/usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) +/usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) +/usr/lib(64)?/cgi-bin/(nph-)?cgiwrap(d)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) +/usr/lib(64)?/httpd(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) -/usr/sbin/apache(2)? -- context_template(system_u:object_r:httpd_exec_t,s0) -/usr/sbin/apache-ssl(2)? -- context_template(system_u:object_r:httpd_exec_t,s0) -/usr/sbin/httpd(\.worker)? -- context_template(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/apache(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/apache-ssl(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0) ifdef(`distro_suse', ` -/usr/sbin/httpd2-.* -- context_template(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0) ') -/usr/sbin/suexec -- context_template(system_u:object_r:httpd_suexec_exec_t,s0) +/usr/sbin/suexec -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) -/usr/share/htdig(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0) +/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) -/var/cache/httpd(/.*)? context_template(system_u:object_r:httpd_cache_t,s0) -/var/cache/mod_ssl(/.*)? context_template(system_u:object_r:httpd_cache_t,s0) -/var/cache/php-eaccelerator(/.*)? context_template(system_u:object_r:httpd_cache_t,s0) -/var/cache/php-mmcache(/.*)? context_template(system_u:object_r:httpd_cache_t,s0) -/var/cache/ssl.*\.sem -- context_template(system_u:object_r:httpd_cache_t,s0) +/var/cache/httpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/mod_ssl(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/php-eaccelerator(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/php-mmcache(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0) +/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0) -/var/lib/htdig(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0) -/var/lib/httpd(/.*)? context_template(system_u:object_r:httpd_var_lib_t,s0) -/var/lib/php/session(/.*)? context_template(system_u:object_r:httpd_var_run_t,s0) -/var/lib/squirrelmail/prefs(/.*)? context_template(system_u:object_r:httpd_squirrelmail_t,s0) +/var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0) +/var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0) -/var/log/apache(2)?(/.*)? context_template(system_u:object_r:httpd_log_t,s0) -/var/log/apache-ssl(2)?(/.*)? context_template(system_u:object_r:httpd_log_t,s0) -/var/log/cgiwrap\.log.* -- context_template(system_u:object_r:httpd_log_t,s0) -/var/log/httpd(/.*)? context_template(system_u:object_r:httpd_log_t,s0) +/var/log/apache(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/apache-ssl(2)?(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/cgiwrap\.log.* -- gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/httpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) ifdef(`distro_debian', ` -/var/log/horde2(/.*)? context_template(system_u:object_r:httpd_log_t,s0) +/var/log/horde2(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) ') -/var/run/apache.* context_template(system_u:object_r:httpd_var_run_t,s0) -/var/run/gcache_port -s context_template(system_u:object_r:httpd_var_run_t,s0) +/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0) -/var/spool/gosa(/.*)? context_template(system_u:object_r:httpd_sys_script_rw_t,s0) -/var/spool/squirrelmail(/.*)? context_template(system_u:object_r:squirrelmail_spool_t,s0) +/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_script_rw_t,s0) +/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0) ifdef(`targeted_policy', `', ` -/var/spool/cron/apache -- context_template(system_u:object_r:user_cron_spool_t,s0) +/var/spool/cron/apache -- gen_context(system_u:object_r:user_cron_spool_t,s0) ') -/var/www(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0) -/var/www/cgi-bin(/.*)? context_template(system_u:object_r:httpd_sys_script_exec_t,s0) -/var/www/icons(/.*)? context_template(system_u:object_r:httpd_sys_content_t,s0) -/var/www/perl(/.*)? context_template(system_u:object_r:httpd_sys_script_exec_t,s0) +/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/www/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) +/var/www/icons(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) +/var/www/perl(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) diff --git a/refpolicy/policy/modules/services/bind.fc b/refpolicy/policy/modules/services/bind.fc index 8287f7f..4014974 100644 --- a/refpolicy/policy/modules/services/bind.fc +++ b/refpolicy/policy/modules/services/bind.fc @@ -1,45 +1,45 @@ -/etc/rndc.* -- context_template(system_u:object_r:named_conf_t,s0) -/etc/rndc\.key -- context_template(system_u:object_r:dnssec_t,s0) +/etc/rndc.* -- gen_context(system_u:object_r:named_conf_t,s0) +/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0) -/usr/sbin/lwresd -- context_template(system_u:object_r:named_exec_t,s0) -/usr/sbin/named -- context_template(system_u:object_r:named_exec_t,s0) -/usr/sbin/named-checkconf -- context_template(system_u:object_r:named_checkconf_exec_t,s0) -/usr/sbin/r?ndc -- context_template(system_u:object_r:ndc_exec_t,s0) +/usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0) +/usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0) +/usr/sbin/named-checkconf -- gen_context(system_u:object_r:named_checkconf_exec_t,s0) +/usr/sbin/r?ndc -- gen_context(system_u:object_r:ndc_exec_t,s0) -/var/log/named.* -- context_template(system_u:object_r:named_log_t,s0) +/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0) -/var/run/ndc -s context_template(system_u:object_r:named_var_run_t,s0) -/var/run/bind(/.*)? context_template(system_u:object_r:named_var_run_t,s0) -/var/run/named(/.*)? context_template(system_u:object_r:named_var_run_t,s0) +/var/run/ndc -s gen_context(system_u:object_r:named_var_run_t,s0) +/var/run/bind(/.*)? gen_context(system_u:object_r:named_var_run_t,s0) +/var/run/named(/.*)? gen_context(system_u:object_r:named_var_run_t,s0) ifdef(`distro_debian',` -/etc/bind(/.*)? context_template(system_u:object_r:named_zone_t,s0) -/etc/bind/named\.conf -- context_template(system_u:object_r:named_conf_t,s0) -/etc/bind/rndc\.key -- context_template(system_u:object_r:dnssec_t,s0) -/var/cache/bind(/.*)? context_template(system_u:object_r:named_cache_t,s0) +/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0) +/etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0) +/etc/bind/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0) +/var/cache/bind(/.*)? gen_context(system_u:object_r:named_cache_t,s0) ') ifdef(`distro_gentoo',` -/etc/bind(/.*)? context_template(system_u:object_r:named_zone_t,s0) -/etc/bind/named\.conf -- context_template(system_u:object_r:named_conf_t,s0) -/etc/bind/rndc\.key -- context_template(system_u:object_r:dnssec_t,s0) -/var/bind(/.*)? context_template(system_u:object_r:named_cache_t,s0) -/var/bind/pri(/.*)? context_template(system_u:object_r:named_zone_t,s0) +/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0) +/etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0) +/etc/bind/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0) +/var/bind(/.*)? gen_context(system_u:object_r:named_cache_t,s0) +/var/bind/pri(/.*)? gen_context(system_u:object_r:named_zone_t,s0) ') ifdef(`distro_redhat',` -/etc/named\.conf -- context_template(system_u:object_r:named_conf_t,s0) -/var/named(/.*)? context_template(system_u:object_r:named_zone_t,s0) -/var/named/slaves(/.*)? context_template(system_u:object_r:named_cache_t,s0) -/var/named/data(/.*)? context_template(system_u:object_r:named_cache_t,s0) -/var/named/named\.ca -- context_template(system_u:object_r:named_conf_t,s0) -/var/named/chroot(/.*)? context_template(system_u:object_r:named_conf_t,s0) -/var/named/chroot/etc(/.*)? context_template(system_u:object_r:named_conf_t,s0) -/var/named/chroot/etc/rndc.key -- context_template(system_u:object_r:dnssec_t,s0) -/var/named/chroot/var/run/named.* context_template(system_u:object_r:named_var_run_t,s0) -/var/named/chroot/var/tmp(/.*)? context_template(system_u:object_r:named_cache_t,s0) -/var/named/chroot/var/named(/.*)? context_template(system_u:object_r:named_zone_t,s0) -/var/named/chroot/var/named/slaves(/.*)? context_template(system_u:object_r:named_cache_t,s0) -/var/named/chroot/var/named/data(/.*)? context_template(system_u:object_r:named_cache_t,s0) -/var/named/chroot/var/named/named\.ca -- context_template(system_u:object_r:named_conf_t,s0) +/etc/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0) +/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0) +/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0) +/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0) +/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0) +/var/named/chroot(/.*)? gen_context(system_u:object_r:named_conf_t,s0) +/var/named/chroot/etc(/.*)? gen_context(system_u:object_r:named_conf_t,s0) +/var/named/chroot/etc/rndc.key -- gen_context(system_u:object_r:dnssec_t,s0) +/var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0) +/var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0) +/var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0) +/var/named/chroot/var/named/slaves(/.*)? gen_context(system_u:object_r:named_cache_t,s0) +/var/named/chroot/var/named/data(/.*)? gen_context(system_u:object_r:named_cache_t,s0) +/var/named/chroot/var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0) ') diff --git a/refpolicy/policy/modules/services/comsat.fc b/refpolicy/policy/modules/services/comsat.fc index fe0cfea..e7633fa 100644 --- a/refpolicy/policy/modules/services/comsat.fc +++ b/refpolicy/policy/modules/services/comsat.fc @@ -1,2 +1,2 @@ -/usr/sbin/in\.comsat -- context_template(system_u:object_r:comsat_exec_t,s0) +/usr/sbin/in\.comsat -- gen_context(system_u:object_r:comsat_exec_t,s0) diff --git a/refpolicy/policy/modules/services/cpucontrol.fc b/refpolicy/policy/modules/services/cpucontrol.fc index 7b726ba..c3f9d3a 100644 --- a/refpolicy/policy/modules/services/cpucontrol.fc +++ b/refpolicy/policy/modules/services/cpucontrol.fc @@ -1,7 +1,7 @@ -/etc/firmware/.* -- context_template(system_u:object_r:cpucontrol_conf_t,s0) +/etc/firmware/.* -- gen_context(system_u:object_r:cpucontrol_conf_t,s0) -/sbin/microcode_ctl -- context_template(system_u:object_r:cpucontrol_exec_t,s0) +/sbin/microcode_ctl -- gen_context(system_u:object_r:cpucontrol_exec_t,s0) -/usr/sbin/cpuspeed -- context_template(system_u:object_r:cpuspeed_exec_t,s0) -/usr/sbin/powernowd -- context_template(system_u:object_r:cpuspeed_exec_t,s0) +/usr/sbin/cpuspeed -- gen_context(system_u:object_r:cpuspeed_exec_t,s0) +/usr/sbin/powernowd -- gen_context(system_u:object_r:cpuspeed_exec_t,s0) diff --git a/refpolicy/policy/modules/services/cron.fc b/refpolicy/policy/modules/services/cron.fc index 46af1bd..00f919a 100644 --- a/refpolicy/policy/modules/services/cron.fc +++ b/refpolicy/policy/modules/services/cron.fc @@ -1,40 +1,40 @@ -/etc/cron\.d(/.*)? context_template(system_u:object_r:system_cron_spool_t,s0) -/etc/crontab -- context_template(system_u:object_r:system_cron_spool_t,s0) +/etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) +/etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0) -/usr/bin/at -- context_template(system_u:object_r:crontab_exec_t,s0) -/usr/bin/(f)?crontab -- context_template(system_u:object_r:crontab_exec_t,s0) +/usr/bin/at -- gen_context(system_u:object_r:crontab_exec_t,s0) +/usr/bin/(f)?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0) -/usr/sbin/anacron -- context_template(system_u:object_r:anacron_exec_t,s0) -/usr/sbin/atd -- context_template(system_u:object_r:crond_exec_t,s0) -/usr/sbin/cron(d)? -- context_template(system_u:object_r:crond_exec_t,s0) -/usr/sbin/fcron -- context_template(system_u:object_r:crond_exec_t,s0) +/usr/sbin/anacron -- gen_context(system_u:object_r:anacron_exec_t,s0) +/usr/sbin/atd -- gen_context(system_u:object_r:crond_exec_t,s0) +/usr/sbin/cron(d)? -- gen_context(system_u:object_r:crond_exec_t,s0) +/usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0) -/var/run/atd\.pid -- context_template(system_u:object_r:crond_var_run_t,s0) -/var/run/crond?\.pid -- context_template(system_u:object_r:crond_var_run_t,s0) -/var/run/crond\.reboot -- context_template(system_u:object_r:crond_var_run_t,s0) -/var/run/fcron\.fifo -s context_template(system_u:object_r:crond_var_run_t,s0) -/var/run/fcron\.pid -- context_template(system_u:object_r:crond_var_run_t,s0) +/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/crond\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/spool/at -d context_template(system_u:object_r:cron_spool_t,s0) -/var/spool/at/spool -d context_template(system_u:object_r:cron_spool_t,s0) +/var/spool/at -d gen_context(system_u:object_r:cron_spool_t,s0) +/var/spool/at/spool -d gen_context(system_u:object_r:cron_spool_t,s0) /var/spool/at/[^/]* -- <> -/var/spool/cron -d context_template(system_u:object_r:cron_spool_t,s0) -#/var/spool/cron/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) +/var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0) +#/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0) /var/spool/cron/[^/]* -- <> ifdef(`distro_suse', ` -/var/spool/cron/lastrun -d context_template(system_u:object_r:crond_tmp_t,s0) +/var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) /var/spool/cron/lastrun/[^/]* -- <> -/var/spool/cron/tabs -d context_template(system_u:object_r:cron_spool_t,s0) +/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0) ') -/var/spool/cron/crontabs -d context_template(system_u:object_r:cron_spool_t,s0) +/var/spool/cron/crontabs -d gen_context(system_u:object_r:cron_spool_t,s0) /var/spool/cron/crontabs/.* -- <> -#/var/spool/cron/crontabs/root -- context_template(system_u:object_r:sysadm_cron_spool_t,s0) +#/var/spool/cron/crontabs/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0) -/var/spool/fcron -d context_template(system_u:object_r:cron_spool_t,s0) +/var/spool/fcron -d gen_context(system_u:object_r:cron_spool_t,s0) /var/spool/fcron/.* <> -/var/spool/fcron/systab\.orig -- context_template(system_u:object_r:system_cron_spool_t,s0) -/var/spool/fcron/systab -- context_template(system_u:object_r:system_cron_spool_t,s0) -/var/spool/fcron/new\.systab -- context_template(system_u:object_r:system_cron_spool_t,s0) +/var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0) +/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) +/var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) diff --git a/refpolicy/policy/modules/services/cvs.fc b/refpolicy/policy/modules/services/cvs.fc index 2f031af..d653924 100644 --- a/refpolicy/policy/modules/services/cvs.fc +++ b/refpolicy/policy/modules/services/cvs.fc @@ -1,2 +1,2 @@ -/usr/bin/cvs -- context_template(system_u:object_r:cvs_exec_t,s0) +/usr/bin/cvs -- gen_context(system_u:object_r:cvs_exec_t,s0) diff --git a/refpolicy/policy/modules/services/dbus.fc b/refpolicy/policy/modules/services/dbus.fc index 1479093..017feaa 100644 --- a/refpolicy/policy/modules/services/dbus.fc +++ b/refpolicy/policy/modules/services/dbus.fc @@ -1,5 +1,5 @@ -/etc/dbus-1(/.*)? context_template(system_u:object_r:etc_dbusd_t,s0) +/etc/dbus-1(/.*)? gen_context(system_u:object_r:etc_dbusd_t,s0) -/usr/bin/dbus-daemon(-1)? -- context_template(system_u:object_r:system_dbusd_exec_t,s0) +/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0) -/var/run/dbus(/.*)? context_template(system_u:object_r:system_dbusd_var_run_t,s0) +/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/dhcp.fc b/refpolicy/policy/modules/services/dhcp.fc index 84b0bc9..c7a11b2 100644 --- a/refpolicy/policy/modules/services/dhcp.fc +++ b/refpolicy/policy/modules/services/dhcp.fc @@ -1,6 +1,6 @@ -/usr/sbin/dhcpd.* -- context_template(system_u:object_r:dhcpd_exec_t,s0) +/usr/sbin/dhcpd.* -- gen_context(system_u:object_r:dhcpd_exec_t,s0) -/var/lib/dhcp(3)?/dhcpd\.leases.* -- context_template(system_u:object_r:dhcpd_state_t,s0) +/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0) -/var/run/dhcpd\.pid -- context_template(system_u:object_r:dhcpd_var_run_t,s0) +/var/run/dhcpd\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/dictd.fc b/refpolicy/policy/modules/services/dictd.fc index 817c44e..1907af7 100644 --- a/refpolicy/policy/modules/services/dictd.fc +++ b/refpolicy/policy/modules/services/dictd.fc @@ -1,6 +1,6 @@ -/etc/dictd\.conf -- context_template(system_u:object_r:dictd_etc_t,s0) +/etc/dictd\.conf -- gen_context(system_u:object_r:dictd_etc_t,s0) -/usr/sbin/dictd -- context_template(system_u:object_r:dictd_exec_t,s0) +/usr/sbin/dictd -- gen_context(system_u:object_r:dictd_exec_t,s0) -/var/lib/dictd(/.*)? context_template(system_u:object_r:dictd_var_lib_t,s0) +/var/lib/dictd(/.*)? gen_context(system_u:object_r:dictd_var_lib_t,s0) diff --git a/refpolicy/policy/modules/services/ftp.fc b/refpolicy/policy/modules/services/ftp.fc index 03057f3..f5b01d9 100644 --- a/refpolicy/policy/modules/services/ftp.fc +++ b/refpolicy/policy/modules/services/ftp.fc @@ -1,26 +1,26 @@ # # /etc # -/etc/proftpd\.conf -- context_template(system_u:object_r:ftpd_etc_t,s0) -/etc/cron\.monthly/proftpd -- context_template(system_u:object_r:ftpd_exec_t,s0) +/etc/proftpd\.conf -- gen_context(system_u:object_r:ftpd_etc_t,s0) +/etc/cron\.monthly/proftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) # # /usr # -/usr/kerberos/sbin/ftpd -- context_template(system_u:object_r:ftpd_exec_t,s0) +/usr/kerberos/sbin/ftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) -/usr/sbin/ftpwho -- context_template(system_u:object_r:ftpd_exec_t,s0) -/usr/sbin/in\.ftpd -- context_template(system_u:object_r:ftpd_exec_t,s0) -/usr/sbin/muddleftpd -- context_template(system_u:object_r:ftpd_exec_t,s0) -/usr/sbin/proftpd -- context_template(system_u:object_r:ftpd_exec_t,s0) -/usr/sbin/vsftpd -- context_template(system_u:object_r:ftpd_exec_t,s0) +/usr/sbin/ftpwho -- gen_context(system_u:object_r:ftpd_exec_t,s0) +/usr/sbin/in\.ftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) +/usr/sbin/muddleftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) +/usr/sbin/proftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) +/usr/sbin/vsftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0) # # /var # -/var/run/proftpd/proftpd-inetd -- context_template(system_u:object_r:ftpd_var_run_t,s0) -/var/run/proftpd/proftpd\.scoreboard -- context_template(system_u:object_r:ftpd_var_run_t,s0) +/var/run/proftpd/proftpd-inetd -- gen_context(system_u:object_r:ftpd_var_run_t,s0) +/var/run/proftpd/proftpd\.scoreboard -- gen_context(system_u:object_r:ftpd_var_run_t,s0) -/var/log/muddleftpd\.log.* -- context_template(system_u:object_r:xferlog_t,s0) -/var/log/xferlog.* -- context_template(system_u:object_r:xferlog_t,s0) -/var/log/xferreport.* -- context_template(system_u:object_r:xferlog_t,s0) +/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0) +/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0) +/var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0) diff --git a/refpolicy/policy/modules/services/gpm.fc b/refpolicy/policy/modules/services/gpm.fc index 1383fa5..6fc9661 100644 --- a/refpolicy/policy/modules/services/gpm.fc +++ b/refpolicy/policy/modules/services/gpm.fc @@ -1,7 +1,7 @@ -/dev/gpmctl -s context_template(system_u:object_r:gpmctl_t,s0) -/dev/gpmdata -p context_template(system_u:object_r:gpmctl_t,s0) +/dev/gpmctl -s gen_context(system_u:object_r:gpmctl_t,s0) +/dev/gpmdata -p gen_context(system_u:object_r:gpmctl_t,s0) -/etc/gpm(/.*)? context_template(system_u:object_r:gpm_conf_t,s0) +/etc/gpm(/.*)? gen_context(system_u:object_r:gpm_conf_t,s0) -/usr/sbin/gpm -- context_template(system_u:object_r:gpm_exec_t,s0) +/usr/sbin/gpm -- gen_context(system_u:object_r:gpm_exec_t,s0) diff --git a/refpolicy/policy/modules/services/hal.fc b/refpolicy/policy/modules/services/hal.fc index 5540076..93f50cb 100644 --- a/refpolicy/policy/modules/services/hal.fc +++ b/refpolicy/policy/modules/services/hal.fc @@ -1,9 +1,9 @@ -/etc/hal/device\.d/printer_remove\.hal -- context_template(system_u:object_r:hald_exec_t,s0) -/etc/hal/capability\.d/printer_update\.hal -- context_template(system_u:object_r:hald_exec_t,s0) +/etc/hal/device\.d/printer_remove\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) +/etc/hal/capability\.d/printer_update\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) -/usr/libexec/hal-hotplug-map -- context_template(system_u:object_r:hald_exec_t,s0) +/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0) -/usr/sbin/hald -- context_template(system_u:object_r:hald_exec_t,s0) +/usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0) -/usr/share/hal/device-manager/hal-device-manager -- context_template(system_u:object_r:bin_t,s0) +/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0) diff --git a/refpolicy/policy/modules/services/howl.fc b/refpolicy/policy/modules/services/howl.fc index 0750e74..faf9146 100644 --- a/refpolicy/policy/modules/services/howl.fc +++ b/refpolicy/policy/modules/services/howl.fc @@ -1,5 +1,5 @@ -/usr/bin/mDNSResponder -- context_template(system_u:object_r:howl_exec_t,s0) -/usr/bin/nifd -- context_template(system_u:object_r:howl_exec_t,s0) +/usr/bin/mDNSResponder -- gen_context(system_u:object_r:howl_exec_t,s0) +/usr/bin/nifd -- gen_context(system_u:object_r:howl_exec_t,s0) -/var/run/nifd\.pid -- context_template(system_u:object_r:howl_var_run_t,s0) +/var/run/nifd\.pid -- gen_context(system_u:object_r:howl_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/inetd.fc b/refpolicy/policy/modules/services/inetd.fc index eb76afb..b460519 100644 --- a/refpolicy/policy/modules/services/inetd.fc +++ b/refpolicy/policy/modules/services/inetd.fc @@ -1,10 +1,10 @@ -/usr/sbin/identd -- context_template(system_u:object_r:inetd_child_exec_t,s0) -/usr/sbin/in\..*d -- context_template(system_u:object_r:inetd_child_exec_t,s0) -/usr/sbin/inetd -- context_template(system_u:object_r:inetd_exec_t,s0) -/usr/sbin/rlinetd -- context_template(system_u:object_r:inetd_exec_t,s0) -/usr/sbin/xinetd -- context_template(system_u:object_r:inetd_exec_t,s0) +/usr/sbin/identd -- gen_context(system_u:object_r:inetd_child_exec_t,s0) +/usr/sbin/in\..*d -- gen_context(system_u:object_r:inetd_child_exec_t,s0) +/usr/sbin/inetd -- gen_context(system_u:object_r:inetd_exec_t,s0) +/usr/sbin/rlinetd -- gen_context(system_u:object_r:inetd_exec_t,s0) +/usr/sbin/xinetd -- gen_context(system_u:object_r:inetd_exec_t,s0) -/var/log/(x)?inetd\.log -- context_template(system_u:object_r:inetd_log_t,s0) +/var/log/(x)?inetd\.log -- gen_context(system_u:object_r:inetd_log_t,s0) -/var/run/inetd\.pid -- context_template(system_u:object_r:inetd_var_run_t,s0) +/var/run/inetd\.pid -- gen_context(system_u:object_r:inetd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/inn.fc b/refpolicy/policy/modules/services/inn.fc index ffd00f9..38fc76a 100644 --- a/refpolicy/policy/modules/services/inn.fc +++ b/refpolicy/policy/modules/services/inn.fc @@ -2,60 +2,60 @@ # # /etc # -/etc/news(/.*)? context_template(system_u:object_r:innd_etc_t,s0) -/etc/news/boot -- context_template(system_u:object_r:innd_exec_t,s0) +/etc/news(/.*)? gen_context(system_u:object_r:innd_etc_t,s0) +/etc/news/boot -- gen_context(system_u:object_r:innd_exec_t,s0) # # /usr # -/usr/bin/inews -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/bin/rnews -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/bin/rpost -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/bin/suck -- context_template(system_u:object_r:innd_exec_t,s0) - -/usr/sbin/in\.nnrpd -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/sbin/innd.* -- context_template(system_u:object_r:innd_exec_t,s0) - -/var/lib/news(/.*)? context_template(system_u:object_r:innd_var_lib_t,s0) - -/usr/lib(64)?/news/bin/innd -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/actsync -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/archive -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/batcher -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/buffchan -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/convdate -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/ctlinnd -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/cvtbatch -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/expire -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/expireover -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/fastrm -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/filechan -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/getlist -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/grephistory -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/inews -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/innconfval -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/inndf -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/inndstart -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/innfeed -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/innxbatch -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/innxmit -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/makedbz -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/makehistory -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/newsrequeue -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/nnrpd -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/nntpget -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/ovdb_recover -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/overchan -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/prunehistory -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/rnews -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/shlock -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/shrinkfile -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/sm -- context_template(system_u:object_r:innd_exec_t,s0) -/usr/lib(64)?/news/bin/startinnfeed -- context_template(system_u:object_r:innd_exec_t,s0) - -/var/log/news(/.*)? context_template(system_u:object_r:innd_log_t,s0) - -/var/run/innd(/.*)? context_template(system_u:object_r:innd_var_run_t,s0) -/var/run/news(/.*)? context_template(system_u:object_r:innd_var_run_t,s0) - -/var/spool/news(/.*)? context_template(system_u:object_r:news_spool_t,s0) +/usr/bin/inews -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/bin/rnews -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/bin/rpost -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/bin/suck -- gen_context(system_u:object_r:innd_exec_t,s0) + +/usr/sbin/in\.nnrpd -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/sbin/innd.* -- gen_context(system_u:object_r:innd_exec_t,s0) + +/var/lib/news(/.*)? gen_context(system_u:object_r:innd_var_lib_t,s0) + +/usr/lib(64)?/news/bin/innd -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/actsync -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/archive -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/batcher -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/buffchan -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/convdate -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/ctlinnd -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/cvtbatch -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/expire -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/expireover -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/fastrm -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/filechan -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/getlist -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/grephistory -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/inews -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/innconfval -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/inndf -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/inndstart -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/innfeed -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/innxbatch -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/innxmit -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/makedbz -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/makehistory -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/newsrequeue -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/nnrpd -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/nntpget -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/ovdb_recover -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/overchan -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/prunehistory -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/rnews -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/shlock -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/shrinkfile -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/sm -- gen_context(system_u:object_r:innd_exec_t,s0) +/usr/lib(64)?/news/bin/startinnfeed -- gen_context(system_u:object_r:innd_exec_t,s0) + +/var/log/news(/.*)? gen_context(system_u:object_r:innd_log_t,s0) + +/var/run/innd(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0) +/var/run/news(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0) + +/var/spool/news(/.*)? gen_context(system_u:object_r:news_spool_t,s0) diff --git a/refpolicy/policy/modules/services/kerberos.fc b/refpolicy/policy/modules/services/kerberos.fc index bd07afa..a77410b 100644 --- a/refpolicy/policy/modules/services/kerberos.fc +++ b/refpolicy/policy/modules/services/kerberos.fc @@ -1,18 +1,18 @@ -/etc/krb5\.conf -- context_template(system_u:object_r:krb5_conf_t,s0) -/etc/krb5\.keytab context_template(system_u:object_r:krb5_keytab_t,s0) +/etc/krb5\.conf -- gen_context(system_u:object_r:krb5_conf_t,s0) +/etc/krb5\.keytab gen_context(system_u:object_r:krb5_keytab_t,s0) -/etc/krb5kdc(/.*)? context_template(system_u:object_r:krb5kdc_conf_t,s0) -/etc/krb5kdc/kadm5.keytab -- context_template(system_u:object_r:krb5_keytab_t,s0) -/etc/krb5kdc/principal.* context_template(system_u:object_r:krb5kdc_principal_t,s0) +/etc/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0) +/etc/krb5kdc/kadm5.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0) +/etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0) -/usr(/local)?(/kerberos)?/sbin/krb5kdc -- context_template(system_u:object_r:krb5kdc_exec_t,s0) -/usr(/local)?(/kerberos)?/sbin/kadmind -- context_template(system_u:object_r:kadmind_exec_t,s0) +/usr(/local)?(/kerberos)?/sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0) +/usr(/local)?(/kerberos)?/sbin/kadmind -- gen_context(system_u:object_r:kadmind_exec_t,s0) -/usr/local/var/krb5kdc(/.*)? context_template(system_u:object_r:krb5kdc_conf_t,s0) -/usr/local/var/krb5kdc/principal.* context_template(system_u:object_r:krb5kdc_principal_t,s0) +/usr/local/var/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0) +/usr/local/var/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0) -/var/kerberos/krb5kdc(/.*)? context_template(system_u:object_r:krb5kdc_conf_t,s0) -/var/kerberos/krb5kdc/principal.* context_template(system_u:object_r:krb5kdc_principal_t,s0) +/var/kerberos/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0) +/var/kerberos/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0) -/var/log/krb5kdc\.log context_template(system_u:object_r:krb5kdc_log_t,s0) -/var/log/kadmin(d)?\.log context_template(system_u:object_r:kadmind_log_t,s0) +/var/log/krb5kdc\.log gen_context(system_u:object_r:krb5kdc_log_t,s0) +/var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0) diff --git a/refpolicy/policy/modules/services/ktalk.fc b/refpolicy/policy/modules/services/ktalk.fc index bbd72e4..48c7cad 100644 --- a/refpolicy/policy/modules/services/ktalk.fc +++ b/refpolicy/policy/modules/services/ktalk.fc @@ -1,2 +1,2 @@ -/usr/bin/ktalkd -- context_template(system_u:object_r:ktalkd_exec_t,s0) +/usr/bin/ktalkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0) diff --git a/refpolicy/policy/modules/services/ldap.fc b/refpolicy/policy/modules/services/ldap.fc index 98022a5..6deab74 100644 --- a/refpolicy/policy/modules/services/ldap.fc +++ b/refpolicy/policy/modules/services/ldap.fc @@ -1,10 +1,10 @@ -/etc/ldap/slapd\.conf -- context_template(system_u:object_r:slapd_etc_t,s0) +/etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0) -/usr/sbin/slapd -- context_template(system_u:object_r:slapd_exec_t,s0) +/usr/sbin/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0) -/var/lib/ldap(/.*)? context_template(system_u:object_r:slapd_db_t,s0) -/var/lib/ldap/replog(/.*)? context_template(system_u:object_r:slapd_replog_t,s0) +/var/lib/ldap(/.*)? gen_context(system_u:object_r:slapd_db_t,s0) +/var/lib/ldap/replog(/.*)? gen_context(system_u:object_r:slapd_replog_t,s0) -/var/run/slapd\.args -- context_template(system_u:object_r:slapd_var_run_t,s0) -/var/run/slapd\.pid -- context_template(system_u:object_r:slapd_var_run_t,s0) +/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0) +/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/mta.fc b/refpolicy/policy/modules/services/mta.fc index e97c056..59c4189 100644 --- a/refpolicy/policy/modules/services/mta.fc +++ b/refpolicy/policy/modules/services/mta.fc @@ -1,20 +1,20 @@ -/etc/aliases -- context_template(system_u:object_r:etc_aliases_t,s0) -/etc/aliases\.db -- context_template(system_u:object_r:etc_aliases_t,s0) +/etc/aliases -- gen_context(system_u:object_r:etc_aliases_t,s0) +/etc/aliases\.db -- gen_context(system_u:object_r:etc_aliases_t,s0) ifdef(`sendmail.te',`',` -/usr/lib(64)?/sendmail -- context_template(system_u:object_r:sendmail_exec_t,s0) +/usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0) -/usr/sbin/sendmail(.sendmail)? -- context_template(system_u:object_r:sendmail_exec_t,s0) +/usr/sbin/sendmail(.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) ') -/var/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0) +/var/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) -/var/spool/(client)?mqueue(/.*)? context_template(system_u:object_r:mqueue_spool_t,s0) +/var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0) -/var/spool/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0) +/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) ifdef(`postfix.te', `', ` -/usr/sbin/sendmail.postfix -- context_template(system_u:object_r:sendmail_exec_t,s0) -/var/spool/postfix(/.*)? context_template(system_u:object_r:mail_spool_t,s0) +/usr/sbin/sendmail.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0) +/var/spool/postfix(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) ') diff --git a/refpolicy/policy/modules/services/mysql.fc b/refpolicy/policy/modules/services/mysql.fc index ba5b94e..5c05c08 100644 --- a/refpolicy/policy/modules/services/mysql.fc +++ b/refpolicy/policy/modules/services/mysql.fc @@ -3,22 +3,22 @@ # # /etc # -/etc/my\.cnf -- context_template(system_u:object_r:mysqld_etc_t,s0) -/etc/mysql(/.*)? context_template(system_u:object_r:mysqld_etc_t,s0) +/etc/my\.cnf -- gen_context(system_u:object_r:mysqld_etc_t,s0) +/etc/mysql(/.*)? gen_context(system_u:object_r:mysqld_etc_t,s0) # # /usr # -/usr/libexec/mysqld -- context_template(system_u:object_r:mysqld_exec_t,s0) +/usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0) -/usr/sbin/mysqld(-max)? -- context_template(system_u:object_r:mysqld_exec_t,s0) +/usr/sbin/mysqld(-max)? -- gen_context(system_u:object_r:mysqld_exec_t,s0) # # /var # -/var/lib/mysql(/.*)? context_template(system_u:object_r:mysqld_db_t,s0) -/var/lib/mysql/mysql\.sock -s context_template(system_u:object_r:mysqld_var_run_t,s0) +/var/lib/mysql(/.*)? gen_context(system_u:object_r:mysqld_db_t,s0) +/var/lib/mysql/mysql\.sock -s gen_context(system_u:object_r:mysqld_var_run_t,s0) -/var/log/mysql.* -- context_template(system_u:object_r:mysqld_log_t,s0) +/var/log/mysql.* -- gen_context(system_u:object_r:mysqld_log_t,s0) -/var/run/mysqld(/.*)? context_template(system_u:object_r:mysqld_var_run_t,s0) +/var/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/nis.fc b/refpolicy/policy/modules/services/nis.fc index efa8b7c..02bda3c 100644 --- a/refpolicy/policy/modules/services/nis.fc +++ b/refpolicy/policy/modules/services/nis.fc @@ -1,6 +1,6 @@ -/etc/ypserv\.conf -- context_template(system_u:object_r:ypserv_conf_t,s0) +/etc/ypserv\.conf -- gen_context(system_u:object_r:ypserv_conf_t,s0) -/sbin/ypbind -- context_template(system_u:object_r:ypbind_exec_t,s0) +/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0) -/usr/sbin/ypserv -- context_template(system_u:object_r:ypserv_exec_t,s0) +/usr/sbin/ypserv -- gen_context(system_u:object_r:ypserv_exec_t,s0) diff --git a/refpolicy/policy/modules/services/nscd.fc b/refpolicy/policy/modules/services/nscd.fc index 8409e17..1f8489b 100644 --- a/refpolicy/policy/modules/services/nscd.fc +++ b/refpolicy/policy/modules/services/nscd.fc @@ -1,11 +1,11 @@ -/usr/sbin/nscd -- context_template(system_u:object_r:nscd_exec_t,s0) +/usr/sbin/nscd -- gen_context(system_u:object_r:nscd_exec_t,s0) -/var/db/nscd(/.*)? context_template(system_u:object_r:nscd_var_run_t,s0) +/var/db/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0) -/var/log/nscd\.log.* -- context_template(system_u:object_r:nscd_log_t,s0) +/var/log/nscd\.log.* -- gen_context(system_u:object_r:nscd_log_t,s0) -/var/run/nscd\.pid -- context_template(system_u:object_r:nscd_var_run_t,s0) -/var/run/\.nscd_socket -s context_template(system_u:object_r:nscd_var_run_t,s0) +/var/run/nscd\.pid -- gen_context(system_u:object_r:nscd_var_run_t,s0) +/var/run/\.nscd_socket -s gen_context(system_u:object_r:nscd_var_run_t,s0) -/var/run/nscd(/.*)? context_template(system_u:object_r:nscd_var_run_t,s0) +/var/run/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/ntp.fc b/refpolicy/policy/modules/services/ntp.fc index a856d9c..6719480 100644 --- a/refpolicy/policy/modules/services/ntp.fc +++ b/refpolicy/policy/modules/services/ntp.fc @@ -1,19 +1,19 @@ -/etc/ntp(d)?\.conf.* -- context_template(system_u:object_r:net_conf_t,s0) +/etc/ntp(d)?\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0) -/etc/cron\.(daily|weekly)/ntp-simple -- context_template(system_u:object_r:ntpd_exec_t,s0) -/etc/cron\.(daily|weekly)/ntp-server -- context_template(system_u:object_r:ntpd_exec_t,s0) +/etc/cron\.(daily|weekly)/ntp-simple -- gen_context(system_u:object_r:ntpd_exec_t,s0) +/etc/cron\.(daily|weekly)/ntp-server -- gen_context(system_u:object_r:ntpd_exec_t,s0) -/etc/ntp/step-tickers.* -- context_template(system_u:object_r:net_conf_t,s0) -/etc/ntp/data(/.*)? context_template(system_u:object_r:ntp_drift_t,s0) +/etc/ntp/step-tickers.* -- gen_context(system_u:object_r:net_conf_t,s0) +/etc/ntp/data(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0) -/usr/sbin/ntpd -- context_template(system_u:object_r:ntpd_exec_t,s0) -/usr/sbin/ntpdate -- context_template(system_u:object_r:ntpdate_exec_t,s0) +/usr/sbin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0) +/usr/sbin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0) -/var/lib/ntp(/.*)? context_template(system_u:object_r:ntp_drift_t,s0) +/var/lib/ntp(/.*)? gen_context(system_u:object_r:ntp_drift_t,s0) -/var/log/ntp.* -- context_template(system_u:object_r:ntpd_log_t,s0) -/var/log/ntpstats(/.*)? context_template(system_u:object_r:ntpd_log_t,s0) -/var/log/xntpd.* -- context_template(system_u:object_r:ntpd_log_t,s0) +/var/log/ntp.* -- gen_context(system_u:object_r:ntpd_log_t,s0) +/var/log/ntpstats(/.*)? gen_context(system_u:object_r:ntpd_log_t,s0) +/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0) -/var/run/ntpd\.pid -- context_template(system_u:object_r:ntpd_var_run_t,s0) +/var/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/portmap.fc b/refpolicy/policy/modules/services/portmap.fc index 53933d1..2c42dfd 100644 --- a/refpolicy/policy/modules/services/portmap.fc +++ b/refpolicy/policy/modules/services/portmap.fc @@ -1,12 +1,12 @@ -/sbin/portmap -- context_template(system_u:object_r:portmap_exec_t,s0) +/sbin/portmap -- gen_context(system_u:object_r:portmap_exec_t,s0) ifdef(`distro_debian',` -/sbin/pmap_dump -- context_template(system_u:object_r:portmap_helper_exec_t,s0) -/sbin/pmap_set -- context_template(system_u:object_r:portmap_helper_exec_t,s0) +/sbin/pmap_dump -- gen_context(system_u:object_r:portmap_helper_exec_t,s0) +/sbin/pmap_set -- gen_context(system_u:object_r:portmap_helper_exec_t,s0) ', ` -/usr/sbin/pmap_dump -- context_template(system_u:object_r:portmap_helper_exec_t,s0) -/usr/sbin/pmap_set -- context_template(system_u:object_r:portmap_helper_exec_t,s0) +/usr/sbin/pmap_dump -- gen_context(system_u:object_r:portmap_helper_exec_t,s0) +/usr/sbin/pmap_set -- gen_context(system_u:object_r:portmap_helper_exec_t,s0) ') -/var/run/portmap.upgrade-state -- context_template(system_u:object_r:portmap_var_run_t,s0) +/var/run/portmap.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/postgresql.fc b/refpolicy/policy/modules/services/postgresql.fc index d037cbb..66acc36 100644 --- a/refpolicy/policy/modules/services/postgresql.fc +++ b/refpolicy/policy/modules/services/postgresql.fc @@ -1,36 +1,36 @@ # # /etc # -/etc/postgresql(/.*)? context_template(system_u:object_r:postgresql_etc_t,s0) +/etc/postgresql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0) # # /usr # -/usr/bin/initdb -- context_template(system_u:object_r:postgresql_exec_t,s0) -/usr/bin/postgres -- context_template(system_u:object_r:postgresql_exec_t,s0) +/usr/bin/initdb -- gen_context(system_u:object_r:postgresql_exec_t,s0) +/usr/bin/postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0) -/usr/lib/pgsql/test/regres(/.*)? context_template(system_u:object_r:postgresql_db_t,s0) -/usr/lib/pgsql/test/regress/pg_regress -- context_template(system_u:object_r:postgresql_exec_t,s0) +/usr/lib/pgsql/test/regres(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) +/usr/lib/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0) -/usr/lib(64)?/postgresql/bin/.* -- context_template(system_u:object_r:postgresql_exec_t,s0) +/usr/lib(64)?/postgresql/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0) ifdef(`distro_redhat', ` -/usr/share/jonas/pgsql(/.*)? context_template(system_u:object_r:postgresql_db_t,s0) +/usr/share/jonas/pgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) ') # # /var # -/var/lib/postgres(ql)?(/.*)? context_template(system_u:object_r:postgresql_db_t,s0) +/var/lib/postgres(ql)?(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) -/var/lib/pgsql/data(/.*)? context_template(system_u:object_r:postgresql_db_t,s0) -/var/lib/pgsql/pgstartup.log context_template(system_u:object_r:postgresql_log_t,s0) +/var/lib/pgsql/data(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) +/var/lib/pgsql/pgstartup.log gen_context(system_u:object_r:postgresql_log_t,s0) -/var/log/postgres\.log.* -- context_template(system_u:object_r:postgresql_log_t,s0) -/var/log/postgresql(/.*)? context_template(system_u:object_r:postgresql_log_t,s0) +/var/log/postgres\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0) +/var/log/postgresql(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0) ifdef(`distro_redhat', ` -/var/log/rhdb/rhdb(/.*)? context_template(system_u:object_r:postgresql_log_t,s0) +/var/log/rhdb/rhdb(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0) ') -/var/run/postgresql(/.*)? context_template(system_u:object_r:postgresql_var_run_t,s0) +/var/run/postgresql(/.*)? gen_context(system_u:object_r:postgresql_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/privoxy.fc b/refpolicy/policy/modules/services/privoxy.fc index d445767..f8f42d3 100644 --- a/refpolicy/policy/modules/services/privoxy.fc +++ b/refpolicy/policy/modules/services/privoxy.fc @@ -1,4 +1,4 @@ -/usr/sbin/privoxy -- context_template(system_u:object_r:privoxy_exec_t,s0) +/usr/sbin/privoxy -- gen_context(system_u:object_r:privoxy_exec_t,s0) -/var/log/privoxy(/.*)? context_template(system_u:object_r:privoxy_log_t,s0) +/var/log/privoxy(/.*)? gen_context(system_u:object_r:privoxy_log_t,s0) diff --git a/refpolicy/policy/modules/services/radvd.fc b/refpolicy/policy/modules/services/radvd.fc index 8f9e5b3..c699ccd 100644 --- a/refpolicy/policy/modules/services/radvd.fc +++ b/refpolicy/policy/modules/services/radvd.fc @@ -1,7 +1,7 @@ -/etc/radvd\.conf -- context_template(system_u:object_r:radvd_etc_t,s0) +/etc/radvd\.conf -- gen_context(system_u:object_r:radvd_etc_t,s0) -/usr/sbin/radvd -- context_template(system_u:object_r:radvd_exec_t,s0) +/usr/sbin/radvd -- gen_context(system_u:object_r:radvd_exec_t,s0) -/var/run/radvd\.pid -- context_template(system_u:object_r:radvd_var_run_t,s0) -/var/run/radvd(/.*)? context_template(system_u:object_r:radvd_var_run_t,s0) +/var/run/radvd\.pid -- gen_context(system_u:object_r:radvd_var_run_t,s0) +/var/run/radvd(/.*)? gen_context(system_u:object_r:radvd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/rlogin.fc b/refpolicy/policy/modules/services/rlogin.fc index 367cafe..b447800 100644 --- a/refpolicy/policy/modules/services/rlogin.fc +++ b/refpolicy/policy/modules/services/rlogin.fc @@ -1,6 +1,6 @@ -/usr/kerberos/sbin/klogind -- context_template(system_u:object_r:rlogind_exec_t,s0) +/usr/kerberos/sbin/klogind -- gen_context(system_u:object_r:rlogind_exec_t,s0) -/usr/lib(64)?/telnetlogin -- context_template(system_u:object_r:rlogind_exec_t,s0) +/usr/lib(64)?/telnetlogin -- gen_context(system_u:object_r:rlogind_exec_t,s0) -/usr/sbin/in\.rlogind -- context_template(system_u:object_r:rlogind_exec_t,s0) +/usr/sbin/in\.rlogind -- gen_context(system_u:object_r:rlogind_exec_t,s0) diff --git a/refpolicy/policy/modules/services/rshd.fc b/refpolicy/policy/modules/services/rshd.fc index 225a230..c03858e 100644 --- a/refpolicy/policy/modules/services/rshd.fc +++ b/refpolicy/policy/modules/services/rshd.fc @@ -1,4 +1,4 @@ -/usr/kerberos/sbin/kshd -- context_template(system_u:object_r:rshd_exec_t,s0) +/usr/kerberos/sbin/kshd -- gen_context(system_u:object_r:rshd_exec_t,s0) -/usr/sbin/in\.rshd -- context_template(system_u:object_r:rshd_exec_t,s0) +/usr/sbin/in\.rshd -- gen_context(system_u:object_r:rshd_exec_t,s0) diff --git a/refpolicy/policy/modules/services/rsync.fc b/refpolicy/policy/modules/services/rsync.fc index 6d5f3f8..231149a 100644 --- a/refpolicy/policy/modules/services/rsync.fc +++ b/refpolicy/policy/modules/services/rsync.fc @@ -1,2 +1,2 @@ -/usr/bin/rsync -- context_template(system_u:object_r:rsync_exec_t,s0) +/usr/bin/rsync -- gen_context(system_u:object_r:rsync_exec_t,s0) diff --git a/refpolicy/policy/modules/services/samba.fc b/refpolicy/policy/modules/services/samba.fc index ec9c896..f076ffa 100644 --- a/refpolicy/policy/modules/services/samba.fc +++ b/refpolicy/policy/modules/services/samba.fc @@ -2,43 +2,43 @@ # # /etc # -/etc/samba/MACHINE\.SID -- context_template(system_u:object_r:samba_secrets_t,s0) -/etc/samba/secrets\.tdb -- context_template(system_u:object_r:samba_secrets_t,s0) -/etc/samba/smbpasswd -- context_template(system_u:object_r:samba_secrets_t,s0) -/etc/samba(/.*)? context_template(system_u:object_r:samba_etc_t,s0) +/etc/samba/MACHINE\.SID -- gen_context(system_u:object_r:samba_secrets_t,s0) +/etc/samba/secrets\.tdb -- gen_context(system_u:object_r:samba_secrets_t,s0) +/etc/samba/smbpasswd -- gen_context(system_u:object_r:samba_secrets_t,s0) +/etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0) # # /usr # -/usr/bin/net -- context_template(system_u:object_r:samba_net_exec_t,s0) -/usr/bin/ntlm_auth -- context_template(system_u:object_r:winbind_helper_exec_t,s0) -/usr/bin/smbmount -- context_template(system_u:object_r:smbmount_exec_t,s0) -/usr/bin/smbmnt -- context_template(system_u:object_r:smbmount_exec_t,s0) +/usr/bin/net -- gen_context(system_u:object_r:samba_net_exec_t,s0) +/usr/bin/ntlm_auth -- gen_context(system_u:object_r:winbind_helper_exec_t,s0) +/usr/bin/smbmount -- gen_context(system_u:object_r:smbmount_exec_t,s0) +/usr/bin/smbmnt -- gen_context(system_u:object_r:smbmount_exec_t,s0) -/usr/sbin/nmbd -- context_template(system_u:object_r:nmbd_exec_t,s0) -/usr/sbin/smbd -- context_template(system_u:object_r:smbd_exec_t,s0) -/usr/sbin/winbindd -- context_template(system_u:object_r:winbind_exec_t,s0) +/usr/sbin/nmbd -- gen_context(system_u:object_r:nmbd_exec_t,s0) +/usr/sbin/smbd -- gen_context(system_u:object_r:smbd_exec_t,s0) +/usr/sbin/winbindd -- gen_context(system_u:object_r:winbind_exec_t,s0) # # /var # -/var/cache/samba(/.*)? context_template(system_u:object_r:samba_var_t,s0) -/var/cache/samba/winbindd_privileged(/.*)? context_template(system_u:object_r:winbind_var_run_t,s0) +/var/cache/samba(/.*)? gen_context(system_u:object_r:samba_var_t,s0) +/var/cache/samba/winbindd_privileged(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0) -/var/lib/samba(/.*)? context_template(system_u:object_r:samba_var_t,s0) +/var/lib/samba(/.*)? gen_context(system_u:object_r:samba_var_t,s0) -/var/log/samba(/.*)? context_template(system_u:object_r:samba_log_t,s0) +/var/log/samba(/.*)? gen_context(system_u:object_r:samba_log_t,s0) -/var/run/samba/brlock\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0) -/var/run/samba/connections\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0) -/var/run/samba/locking\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0) -/var/run/samba/messages\.tdb -- context_template(system_u:object_r:nmbd_var_run_t,s0) -/var/run/samba/namelist\.debug -- context_template(system_u:object_r:nmbd_var_run_t,s0) -/var/run/samba/nmbd\.pid -- context_template(system_u:object_r:nmbd_var_run_t,s0) -/var/run/samba/sessionid\.tdb -- context_template(system_u:object_r:smbd_var_run_t,s0) -/var/run/samba/smbd\.pid -- context_template(system_u:object_r:smbd_var_run_t,s0) -/var/run/samba/unexpected\.tdb -- context_template(system_u:object_r:nmbd_var_run_t,s0) +/var/run/samba/brlock\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0) +/var/run/samba/connections\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0) +/var/run/samba/locking\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0) +/var/run/samba/messages\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0) +/var/run/samba/namelist\.debug -- gen_context(system_u:object_r:nmbd_var_run_t,s0) +/var/run/samba/nmbd\.pid -- gen_context(system_u:object_r:nmbd_var_run_t,s0) +/var/run/samba/sessionid\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0) +/var/run/samba/smbd\.pid -- gen_context(system_u:object_r:smbd_var_run_t,s0) +/var/run/samba/unexpected\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0) -/var/run/winbindd(/.*)? context_template(system_u:object_r:winbind_var_run_t,s0) +/var/run/winbindd(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0) -/var/spool/samba(/.*)? context_template(system_u:object_r:samba_var_t,s0) +/var/spool/samba(/.*)? gen_context(system_u:object_r:samba_var_t,s0) diff --git a/refpolicy/policy/modules/services/sendmail.fc b/refpolicy/policy/modules/services/sendmail.fc index 87298d2..be5c537 100644 --- a/refpolicy/policy/modules/services/sendmail.fc +++ b/refpolicy/policy/modules/services/sendmail.fc @@ -1,8 +1,8 @@ # sendmail file contexts -/etc/mail(/.*)? context_template(system_u:object_r:etc_mail_t,s0) +/etc/mail(/.*)? gen_context(system_u:object_r:etc_mail_t,s0) -/var/log/sendmail\.st -- context_template(system_u:object_r:sendmail_log_t,s0) -/var/log/mail(/.*)? context_template(system_u:object_r:sendmail_log_t,s0) +/var/log/sendmail\.st -- gen_context(system_u:object_r:sendmail_log_t,s0) +/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0) -/var/run/sendmail\.pid -- context_template(system_u:object_r:sendmail_var_run_t,s0) -/var/run/sm-client\.pid -- context_template(system_u:object_r:sendmail_var_run_t,s0) +/var/run/sendmail\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0) +/var/run/sm-client\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/snmp.fc b/refpolicy/policy/modules/services/snmp.fc index 54c23b5..5ebade8 100644 --- a/refpolicy/policy/modules/services/snmp.fc +++ b/refpolicy/policy/modules/services/snmp.fc @@ -3,24 +3,24 @@ # /etc # -/etc/snmp/snmp(trap)?d\.conf -- context_template(system_u:object_r:snmpd_etc_t,s0) +/etc/snmp/snmp(trap)?d\.conf -- gen_context(system_u:object_r:snmpd_etc_t,s0) # # /usr # -/usr/sbin/snmp(trap)?d -- context_template(system_u:object_r:snmpd_exec_t,s0) +/usr/sbin/snmp(trap)?d -- gen_context(system_u:object_r:snmpd_exec_t,s0) -/usr/share/snmp/mibs/\.index -- context_template(system_u:object_r:snmpd_var_lib_t,s0) +/usr/share/snmp/mibs/\.index -- gen_context(system_u:object_r:snmpd_var_lib_t,s0) # # /var # -/var/lib/net-snmp(/.*)? context_template(system_u:object_r:snmpd_var_lib_t,s0) -/var/lib/snmp(/.*)? context_template(system_u:object_r:snmpd_var_lib_t,s0) +/var/lib/net-snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0) +/var/lib/snmp(/.*)? gen_context(system_u:object_r:snmpd_var_lib_t,s0) -/var/log/snmpd\.log -- context_template(system_u:object_r:snmpd_log_t,s0) +/var/log/snmpd\.log -- gen_context(system_u:object_r:snmpd_log_t,s0) -/var/net-snmp(/.*) context_template(system_u:object_r:snmpd_var_lib_t,s0) +/var/net-snmp(/.*) gen_context(system_u:object_r:snmpd_var_lib_t,s0) -/var/run/snmpd -d context_template(system_u:object_r:snmpd_var_run_t,s0) -/var/run/snmpd\.pid -- context_template(system_u:object_r:snmpd_var_run_t,s0) +/var/run/snmpd -d gen_context(system_u:object_r:snmpd_var_run_t,s0) +/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/squid.fc b/refpolicy/policy/modules/services/squid.fc index 944b7e6..067b669 100644 --- a/refpolicy/policy/modules/services/squid.fc +++ b/refpolicy/policy/modules/services/squid.fc @@ -1,14 +1,14 @@ -/etc/squid(/.*)? context_template(system_u:object_r:squid_conf_t,s0) +/etc/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0) -/usr/sbin/squid -- context_template(system_u:object_r:squid_exec_t,s0) +/usr/sbin/squid -- gen_context(system_u:object_r:squid_exec_t,s0) -/usr/share/squid(/.*)? context_template(system_u:object_r:squid_conf_t,s0) +/usr/share/squid(/.*)? gen_context(system_u:object_r:squid_conf_t,s0) -/var/cache/squid(/.*)? context_template(system_u:object_r:squid_cache_t,s0) +/var/cache/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0) -/var/log/squid(/.*)? context_template(system_u:object_r:squid_log_t,s0) +/var/log/squid(/.*)? gen_context(system_u:object_r:squid_log_t,s0) -/var/run/squid\.pid -- context_template(system_u:object_r:squid_var_run_t,s0) +/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0) -/var/spool/squid(/.*)? context_template(system_u:object_r:squid_cache_t,s0) +/var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0) diff --git a/refpolicy/policy/modules/services/ssh.fc b/refpolicy/policy/modules/services/ssh.fc index c970a01..e79f119 100644 --- a/refpolicy/policy/modules/services/ssh.fc +++ b/refpolicy/policy/modules/services/ssh.fc @@ -1,18 +1,18 @@ -/etc/ssh/primes -- context_template(system_u:object_r:sshd_key_t,s0) -/etc/ssh/ssh_host_key -- context_template(system_u:object_r:sshd_key_t,s0) -/etc/ssh/ssh_host_dsa_key -- context_template(system_u:object_r:sshd_key_t,s0) -/etc/ssh/ssh_host_rsa_key -- context_template(system_u:object_r:sshd_key_t,s0) +/etc/ssh/primes -- gen_context(system_u:object_r:sshd_key_t,s0) +/etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0) +/etc/ssh/ssh_host_dsa_key -- gen_context(system_u:object_r:sshd_key_t,s0) +/etc/ssh/ssh_host_rsa_key -- gen_context(system_u:object_r:sshd_key_t,s0) -/usr/bin/ssh -- context_template(system_u:object_r:ssh_exec_t,s0) -/usr/bin/ssh-agent -- context_template(system_u:object_r:ssh_agent_exec_t,s0) -/usr/bin/ssh-keygen -- context_template(system_u:object_r:ssh_keygen_exec_t,s0) +/usr/bin/ssh -- gen_context(system_u:object_r:ssh_exec_t,s0) +/usr/bin/ssh-agent -- gen_context(system_u:object_r:ssh_agent_exec_t,s0) +/usr/bin/ssh-keygen -- gen_context(system_u:object_r:ssh_keygen_exec_t,s0) -/usr/libexec/openssh/ssh-keysign -- context_template(system_u:object_r:ssh_keysign_exec_t,s0) +/usr/libexec/openssh/ssh-keysign -- gen_context(system_u:object_r:ssh_keysign_exec_t,s0) -/usr/sbin/sshd -- context_template(system_u:object_r:sshd_exec_t,s0) +/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0) -/var/run/sshd\.init\.pid -- context_template(system_u:object_r:sshd_var_run_t,s0) +/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0) ifdef(`targeted_policy', `', ` -HOME_DIR/\.ssh(/.*)? context_template(system_u:object_r:ROLE_home_ssh_t,s0) +HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ROLE_home_ssh_t,s0) ') diff --git a/refpolicy/policy/modules/services/stunnel.fc b/refpolicy/policy/modules/services/stunnel.fc index e60e77e..2806b91 100644 --- a/refpolicy/policy/modules/services/stunnel.fc +++ b/refpolicy/policy/modules/services/stunnel.fc @@ -1,6 +1,6 @@ -/etc/stunnel(/.*)? context_template(system_u:object_r:stunnel_etc_t,s0) +/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0) -/usr/sbin/stunnel -- context_template(system_u:object_r:stunnel_exec_t,s0) +/usr/sbin/stunnel -- gen_context(system_u:object_r:stunnel_exec_t,s0) -/var/run/stunnel(/.*)? context_template(system_u:object_r:stunnel_var_run_t,s0) +/var/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0) diff --git a/refpolicy/policy/modules/services/tcpd.fc b/refpolicy/policy/modules/services/tcpd.fc index bbc4094..2e8d7a1 100644 --- a/refpolicy/policy/modules/services/tcpd.fc +++ b/refpolicy/policy/modules/services/tcpd.fc @@ -1,2 +1,2 @@ -/usr/sbin/tcpd -- context_template(system_u:object_r:tcpd_exec_t,s0) +/usr/sbin/tcpd -- gen_context(system_u:object_r:tcpd_exec_t,s0) diff --git a/refpolicy/policy/modules/services/telnet.fc b/refpolicy/policy/modules/services/telnet.fc index 30b9e4a..7405170 100644 --- a/refpolicy/policy/modules/services/telnet.fc +++ b/refpolicy/policy/modules/services/telnet.fc @@ -1,4 +1,4 @@ -/usr/sbin/in\.telnetd -- context_template(system_u:object_r:telnetd_exec_t,s0) +/usr/sbin/in\.telnetd -- gen_context(system_u:object_r:telnetd_exec_t,s0) -/usr/kerberos/sbin/telnetd -- context_template(system_u:object_r:telnetd_exec_t,s0) +/usr/kerberos/sbin/telnetd -- gen_context(system_u:object_r:telnetd_exec_t,s0) diff --git a/refpolicy/policy/modules/services/tftp.fc b/refpolicy/policy/modules/services/tftp.fc index 7600dc6..bff8a91 100644 --- a/refpolicy/policy/modules/services/tftp.fc +++ b/refpolicy/policy/modules/services/tftp.fc @@ -1,5 +1,5 @@ -/usr/sbin/atftpd -- context_template(system_u:object_r:tftpd_exec_t,s0) -/usr/sbin/in\.tftpd -- context_template(system_u:object_r:tftpd_exec_t,s0) +/usr/sbin/atftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0) +/usr/sbin/in\.tftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0) -/tftpboot(/.*)? context_template(system_u:object_r:tftpdir_t,s0) +/tftpboot(/.*)? gen_context(system_u:object_r:tftpdir_t,s0) diff --git a/refpolicy/policy/modules/services/uucp.fc b/refpolicy/policy/modules/services/uucp.fc index 483daa9..f1c2fea 100644 --- a/refpolicy/policy/modules/services/uucp.fc +++ b/refpolicy/policy/modules/services/uucp.fc @@ -1,7 +1,7 @@ -/usr/sbin/uucico -- context_template(system_u:object_r:uucpd_exec_t,s0) +/usr/sbin/uucico -- gen_context(system_u:object_r:uucpd_exec_t,s0) -/var/spool/uucp(/.*)? context_template(system_u:object_r:uucpd_spool_t,s0) -/var/spool/uucppublic(/.*)? context_template(system_u:object_r:uucpd_spool_t,s0) +/var/spool/uucp(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0) +/var/spool/uucppublic(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0) -/var/log/uucp(/.*)? context_template(system_u:object_r:uucpd_log_t,s0) +/var/log/uucp(/.*)? gen_context(system_u:object_r:uucpd_log_t,s0) diff --git a/refpolicy/policy/modules/services/zebra.fc b/refpolicy/policy/modules/services/zebra.fc index 6cd60fe..33c70f1 100644 --- a/refpolicy/policy/modules/services/zebra.fc +++ b/refpolicy/policy/modules/services/zebra.fc @@ -1,16 +1,16 @@ -/usr/sbin/bgpd -- context_template(system_u:object_r:zebra_exec_t,s0) -/usr/sbin/zebra -- context_template(system_u:object_r:zebra_exec_t,s0) +/usr/sbin/bgpd -- gen_context(system_u:object_r:zebra_exec_t,s0) +/usr/sbin/zebra -- gen_context(system_u:object_r:zebra_exec_t,s0) -/etc/quagga(/.*)? context_template(system_u:object_r:zebra_conf_t,s0) -/etc/zebra(/.*)? context_template(system_u:object_r:zebra_conf_t,s0) +/etc/quagga(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0) +/etc/zebra(/.*)? gen_context(system_u:object_r:zebra_conf_t,s0) -/usr/sbin/ospf.* -- context_template(system_u:object_r:zebra_exec_t,s0) -/usr/sbin/rip.* -- context_template(system_u:object_r:zebra_exec_t,s0) +/usr/sbin/ospf.* -- gen_context(system_u:object_r:zebra_exec_t,s0) +/usr/sbin/rip.* -- gen_context(system_u:object_r:zebra_exec_t,s0) -/var/log/quagga(/.*)? context_template(system_u:object_r:zebra_log_t,s0) -/var/log/zebra(/.*)? context_template(system_u:object_r:zebra_log_t,s0) +/var/log/quagga(/.*)? gen_context(system_u:object_r:zebra_log_t,s0) +/var/log/zebra(/.*)? gen_context(system_u:object_r:zebra_log_t,s0) -/var/run/\.zebra -s context_template(system_u:object_r:zebra_var_run_t,s0) -/var/run/\.zserv -s context_template(system_u:object_r:zebra_var_run_t,s0) -/var/run/quagga(/.*)? context_template(system_u:object_r:zebra_var_run_t,s0) +/var/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0) +/var/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0) +/var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/authlogin.fc b/refpolicy/policy/modules/system/authlogin.fc index 8d805e3..9f37e2f 100644 --- a/refpolicy/policy/modules/system/authlogin.fc +++ b/refpolicy/policy/modules/system/authlogin.fc @@ -1,35 +1,35 @@ -/bin/login -- context_template(system_u:object_r:login_exec_t,s0) +/bin/login -- gen_context(system_u:object_r:login_exec_t,s0) -/etc/\.pwd\.lock -- context_template(system_u:object_r:shadow_t,s0) -/etc/group\.lock -- context_template(system_u:object_r:shadow_t,s0) -/etc/gshadow.* -- context_template(system_u:object_r:shadow_t,s0) -/etc/passwd\.lock -- context_template(system_u:object_r:shadow_t,s0) -/etc/shadow.* -- context_template(system_u:object_r:shadow_t,s0) +/etc/\.pwd\.lock -- gen_context(system_u:object_r:shadow_t,s0) +/etc/group\.lock -- gen_context(system_u:object_r:shadow_t,s0) +/etc/gshadow.* -- gen_context(system_u:object_r:shadow_t,s0) +/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0) +/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0) -/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- context_template(system_u:object_r:pam_exec_t,s0) +/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:pam_exec_t,s0) -/sbin/pam_console_apply -- context_template(system_u:object_r:pam_console_exec_t,s0) -/sbin/pam_timestamp_check -- context_template(system_u:object_r:pam_exec_t,s0) -/sbin/unix_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0) -/sbin/unix_verify -- context_template(system_u:object_r:chkpwd_exec_t,s0) +/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0) +/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0) +/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) +/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0) ifdef(`distro_suse', ` -/sbin/unix2_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0) +/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) ') -/usr/kerberos/sbin/login\.krb5 -- context_template(system_u:object_r:login_exec_t,s0) +/usr/kerberos/sbin/login\.krb5 -- gen_context(system_u:object_r:login_exec_t,s0) -/usr/sbin/utempter -- context_template(system_u:object_r:utempter_exec_t,s0) +/usr/sbin/utempter -- gen_context(system_u:object_r:utempter_exec_t,s0) -/var/db/shadow.* -- context_template(system_u:object_r:shadow_t,s0) +/var/db/shadow.* -- gen_context(system_u:object_r:shadow_t,s0) -/var/log/btmp.* -- context_template(system_u:object_r:faillog_t,s0) -/var/log/dmesg -- context_template(system_u:object_r:var_log_t,s0) -/var/log/faillog -- context_template(system_u:object_r:faillog_t,s0) -/var/log/lastlog -- context_template(system_u:object_r:lastlog_t,s0) -/var/log/syslog -- context_template(system_u:object_r:var_log_t,s0) -/var/log/wtmp.* -- context_template(system_u:object_r:wtmp_t,s0) +/var/log/btmp.* -- gen_context(system_u:object_r:faillog_t,s0) +/var/log/dmesg -- gen_context(system_u:object_r:var_log_t,s0) +/var/log/faillog -- gen_context(system_u:object_r:faillog_t,s0) +/var/log/lastlog -- gen_context(system_u:object_r:lastlog_t,s0) +/var/log/syslog -- gen_context(system_u:object_r:var_log_t,s0) +/var/log/wtmp.* -- gen_context(system_u:object_r:wtmp_t,s0) -/var/run/console(/.*)? context_template(system_u:object_r:pam_var_console_t,s0) +/var/run/console(/.*)? gen_context(system_u:object_r:pam_var_console_t,s0) -/var/run/sudo(/.*)? context_template(system_u:object_r:pam_var_run_t,s0) +/var/run/sudo(/.*)? gen_context(system_u:object_r:pam_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/clock.fc b/refpolicy/policy/modules/system/clock.fc index 1963934..c5e05ca 100644 --- a/refpolicy/policy/modules/system/clock.fc +++ b/refpolicy/policy/modules/system/clock.fc @@ -1,5 +1,5 @@ -/etc/adjtime -- context_template(system_u:object_r:adjtime_t,s0) +/etc/adjtime -- gen_context(system_u:object_r:adjtime_t,s0) -/sbin/hwclock -- context_template(system_u:object_r:hwclock_exec_t,s0) +/sbin/hwclock -- gen_context(system_u:object_r:hwclock_exec_t,s0) diff --git a/refpolicy/policy/modules/system/corecommands.fc b/refpolicy/policy/modules/system/corecommands.fc index 329715d..ef74be1 100644 --- a/refpolicy/policy/modules/system/corecommands.fc +++ b/refpolicy/policy/modules/system/corecommands.fc @@ -2,111 +2,111 @@ # # /bin # -/bin(/.*)? context_template(system_u:object_r:bin_t,s0) -/bin/d?ash -- context_template(system_u:object_r:shell_exec_t,s0) -/bin/bash -- context_template(system_u:object_r:shell_exec_t,s0) -/bin/bash2 -- context_template(system_u:object_r:shell_exec_t,s0) -/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0) -/bin/sash -- context_template(system_u:object_r:shell_exec_t,s0) -/bin/tcsh -- context_template(system_u:object_r:shell_exec_t,s0) -/bin/zsh.* -- context_template(system_u:object_r:shell_exec_t,s0) +/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) +/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0) +/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0) +/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0) +/bin/ls -- gen_context(system_u:object_r:ls_exec_t,s0) +/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0) +/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0) +/bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0) # # /dev # -/dev/MAKEDEV -- context_template(system_u:object_r:sbin_t,s0) +/dev/MAKEDEV -- gen_context(system_u:object_r:sbin_t,s0) # # /etc # -/etc/hotplug/.*agent -- context_template(system_u:object_r:sbin_t,s0) -/etc/hotplug/.*rc -- context_template(system_u:object_r:sbin_t,s0) +/etc/hotplug/.*agent -- gen_context(system_u:object_r:sbin_t,s0) +/etc/hotplug/.*rc -- gen_context(system_u:object_r:sbin_t,s0) -/etc/hotplug/hotplug\.functions -- context_template(system_u:object_r:sbin_t,s0) +/etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:sbin_t,s0) -/etc/hotplug\.d/default/default.* context_template(system_u:object_r:sbin_t,s0) +/etc/hotplug\.d/default/default.* gen_context(system_u:object_r:sbin_t,s0) -/etc/netplug\.d(/.*)? context_template(system_u:object_r:sbin_t,s0) +/etc/netplug\.d(/.*)? gen_context(system_u:object_r:sbin_t,s0) ifdef(`distro_debian',` -/etc/mysql/debian-start -- context_template(system_u:object_r:bin_t,s0) +/etc/mysql/debian-start -- gen_context(system_u:object_r:bin_t,s0) ') ifdef(`targeted_policy',` -/etc/X11/prefdm -- context_template(system_u:object_r:bin_t,s0) +/etc/X11/prefdm -- gen_context(system_u:object_r:bin_t,s0) ') # # /sbin # -/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0) -/sbin/mkfs\.cramfs -- context_template(system_u:object_r:sbin_t,s0) -/sbin/insmod_ksymoops_clean -- context_template(system_u:object_r:sbin_t,s0) +/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0) +/sbin/mkfs\.cramfs -- gen_context(system_u:object_r:sbin_t,s0) +/sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:sbin_t,s0) # # /opt # -/opt/(.*)?/bin(/.*)? context_template(system_u:object_r:bin_t,s0) +/opt/(.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) -/opt/(.*)?/libexec(/.*)? context_template(system_u:object_r:bin_t,s0) +/opt/(.*)?/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0) -/opt/(.*)?/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0) +/opt/(.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0) # # /usr # ifdef(`distro_gentoo', ` -/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? context_template(system_u:object_r:bin_t,s0) +/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0) ') -/usr(/.*)?/Bin(/.*)? context_template(system_u:object_r:bin_t,s0) +/usr(/.*)?/Bin(/.*)? gen_context(system_u:object_r:bin_t,s0) -/usr(/.*)?/bin(/.*)? context_template(system_u:object_r:bin_t,s0) +/usr(/.*)?/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) -/usr(/.*)?/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0) +/usr(/.*)?/sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0) ifdef(`distro_suse', ` -/usr/lib/cron/run-crons -- context_template(system_u:object_r:bin_t,s0) +/usr/lib/cron/run-crons -- gen_context(system_u:object_r:bin_t,s0) ') -/usr/lib/pgsql/test/regress/.*\.sh -- context_template(system_u:object_r:bin_t,s0) +/usr/lib/pgsql/test/regress/.*\.sh -- gen_context(system_u:object_r:bin_t,s0) -/usr/lib(64)?/sftp-server -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/emacsen-common/.* context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/ipsec/.* -- context_template(system_u:object_r:sbin_t,s0) -/usr/lib(64)?/misc/sftp-server -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/news/bin(/.*)? context_template(system_u:object_r:bin_t,s0) +/usr/lib(64)?/sftp-server -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/emacsen-common/.* gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:sbin_t,s0) +/usr/lib(64)?/misc/sftp-server -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/news/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) ifdef(`distro_suse', ` -/usr/lib(64)?/ssh/.* -- context_template(system_u:object_r:bin_t,s0) +/usr/lib(64)?/ssh/.* -- gen_context(system_u:object_r:bin_t,s0) ') -/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/[^/]*thunderbird[^/]*/open-browser\.sh -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/[^/]*/run-mozilla\.sh -- context_template(system_u:object_r:bin_t,s0) -/usr/lib(64)?/[^/]*/mozilla-xremote-client -- context_template(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*thunderbird[^/]*/open-browser\.sh -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*/run-mozilla\.sh -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib(64)?/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0) -/usr/libexec(/.*)? context_template(system_u:object_r:bin_t,s0) -/usr/libexec/openssh/sftp-server -- context_template(system_u:object_r:bin_t,s0) +/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) -/usr/local/lib(64)?/ipsec/.* -- context_template(system_u:object_r:sbin_t,s0) +/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:sbin_t,s0) -/usr/sbin/sesh -- context_template(system_u:object_r:shell_exec_t,s0) +/usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) -/usr/share/gnucash/finance-quote-check -- context_template(system_u:object_r:bin_t,s0) -/usr/share/gnucash/finance-quote-helper -- context_template(system_u:object_r:bin_t,s0) -/usr/share/mc/extfs/.* -- context_template(system_u:object_r:bin_t,s0) -/usr/share/turboprint/lib(/.*)? -- context_template(system_u:object_r:bin_t,s0) +/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/mc/extfs/.* -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/turboprint/lib(/.*)? -- gen_context(system_u:object_r:bin_t,s0) ifdef(`distro_suse',` -/usr/share/apache2/[^/]* -- context_template(system_u:object_r:bin_t,s0) +/usr/share/apache2/[^/]* -- gen_context(system_u:object_r:bin_t,s0) ') # # /var # -/var/mailman/bin(/.*)? context_template(system_u:object_r:bin_t,s0) +/var/mailman/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) -/var/ftp/bin(/.*)? context_template(system_u:object_r:bin_t,s0) -/var/ftp/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0) +/var/ftp/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) +/var/ftp/bin/ls -- gen_context(system_u:object_r:ls_exec_t,s0) diff --git a/refpolicy/policy/modules/system/files.fc b/refpolicy/policy/modules/system/files.fc index 6d1fd77..de07dd9 100644 --- a/refpolicy/policy/modules/system/files.fc +++ b/refpolicy/policy/modules/system/files.fc @@ -2,83 +2,83 @@ # # / # -/.* context_template(system_u:object_r:default_t,s0) -/ -d context_template(system_u:object_r:root_t,s0) +/.* gen_context(system_u:object_r:default_t,s0) +/ -d gen_context(system_u:object_r:root_t,s0) /\.journal <> ifdef(`distro_redhat',` -/\.autofsck -- context_template(system_u:object_r:etc_runtime_t,s0) -/\.autorelabel -- context_template(system_u:object_r:etc_runtime_t,s0) -/fastboot -- context_template(system_u:object_r:etc_runtime_t,s0) -/forcefsck -- context_template(system_u:object_r:etc_runtime_t,s0) -/fsckoptions -- context_template(system_u:object_r:etc_runtime_t,s0) -/halt -- context_template(system_u:object_r:etc_runtime_t,s0) -/poweroff -- context_template(system_u:object_r:etc_runtime_t,s0) +/\.autofsck -- gen_context(system_u:object_r:etc_runtime_t,s0) +/\.autorelabel -- gen_context(system_u:object_r:etc_runtime_t,s0) +/fastboot -- gen_context(system_u:object_r:etc_runtime_t,s0) +/forcefsck -- gen_context(system_u:object_r:etc_runtime_t,s0) +/fsckoptions -- gen_context(system_u:object_r:etc_runtime_t,s0) +/halt -- gen_context(system_u:object_r:etc_runtime_t,s0) +/poweroff -- gen_context(system_u:object_r:etc_runtime_t,s0) ') # # /boot # /boot/\.journal <> -/boot/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +/boot/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) /boot/lost\+found/.* <> # # /etc # -/etc(/.*)? context_template(system_u:object_r:etc_t,s0) -/etc/\.fstab\.hal\..+ -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/asound\.state -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/blkid\.tab.* -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/fstab\.REVOKE -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/HOSTNAME -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/ioctl\.save -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/issue -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/issue\.net -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/localtime -l context_template(system_u:object_r:etc_t,s0) -/etc/mtab -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/motd -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/nohotplug -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/nologin.* -- context_template(system_u:object_r:etc_runtime_t,s0) - -/etc/init\.d/functions -- context_template(system_u:object_r:etc_t,s0) +/etc(/.*)? gen_context(system_u:object_r:etc_t,s0) +/etc/\.fstab\.hal\..+ -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/asound\.state -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/blkid\.tab.* -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/fstab\.REVOKE -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/HOSTNAME -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/ioctl\.save -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/issue -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/issue\.net -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/localtime -l gen_context(system_u:object_r:etc_t,s0) +/etc/mtab -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/motd -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0) + +/etc/init\.d/functions -- gen_context(system_u:object_r:etc_t,s0) ifdef(`distro_suse',` -/etc/init\.d/\.depend.* -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0) ') -/etc/ipsec\.d/examples(/.*)? context_template(system_u:object_r:etc_t,s0) +/etc/ipsec\.d/examples(/.*)? gen_context(system_u:object_r:etc_t,s0) -/etc/network/ifstate -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/network/ifstate -- gen_context(system_u:object_r:etc_runtime_t,s0) -/etc/ptal/ptal-printd-like -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/ptal/ptal-printd-like -- gen_context(system_u:object_r:etc_runtime_t,s0) -/etc/rc\.d/init\.d/functions -- context_template(system_u:object_r:etc_t,s0) +/etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:etc_t,s0) -/etc/sysconfig/hwconf -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/sysconfig/iptables\.save -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/sysconfig/firstboot -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/sysconfig/hwconf -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/sysconfig/iptables\.save -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/sysconfig/firstboot -- gen_context(system_u:object_r:etc_runtime_t,s0) ifdef(`distro_gentoo', ` -/etc/profile\.env -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/csh\.env -- context_template(system_u:object_r:etc_runtime_t,s0) -/etc/env\.d/.* -- context_template(system_u:object_r:etc_runtime_t,s0) +/etc/profile\.env -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/csh\.env -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/env\.d/.* -- gen_context(system_u:object_r:etc_runtime_t,s0) ') # HOME_ROOT expands to all valid home directory prefixes found in /etc/passwd -HOME_ROOT -d context_template(system_u:object_r:home_root_t,s0) +HOME_ROOT -d gen_context(system_u:object_r:home_root_t,s0) HOME_ROOT/\.journal <> -HOME_ROOT/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +HOME_ROOT/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) HOME_ROOT/lost\+found/.* <> # # /initrd # # initrd mount point, only used during boot -/initrd -d context_template(system_u:object_r:root_t,s0) +/initrd -d gen_context(system_u:object_r:root_t,s0) # # /lost+found # -/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) /lost\+found/.* <> # @@ -86,21 +86,21 @@ HOME_ROOT/lost\+found/.* <> # # Mount points; do not relabel subdirectories, since # we don't want to change any removable media by default. -/media(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0) +/media(/[^/]*)? -d gen_context(system_u:object_r:mnt_t,s0) /media/[^/]*/.* <> # # /mnt # -/mnt(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0) +/mnt(/[^/]*)? -d gen_context(system_u:object_r:mnt_t,s0) /mnt/[^/]*/.* <> # # /opt # -/opt(/.*)? context_template(system_u:object_r:usr_t,s0) +/opt(/.*)? gen_context(system_u:object_r:usr_t,s0) -/opt/(.*)?/var/lib(64)?(/.*)? context_template(system_u:object_r:var_lib_t,s0) +/opt/(.*)?/var/lib(64)?(/.*)? gen_context(system_u:object_r:var_lib_t,s0) # # /proc @@ -115,7 +115,7 @@ HOME_ROOT/lost\+found/.* <> # # /srv # -/srv(/.*)? context_template(system_u:object_r:var_t,s0) +/srv(/.*)? gen_context(system_u:object_r:var_t,s0) # # /sys @@ -125,68 +125,68 @@ HOME_ROOT/lost\+found/.* <> # # /tmp # -/tmp -d context_template(system_u:object_r:tmp_t,s0) +/tmp -d gen_context(system_u:object_r:tmp_t,s0) /tmp/.* <> /tmp/\.journal <> -/tmp/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +/tmp/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) /tmp/lost\+found/.* <> # # /usr # -/usr(/.*)? context_template(system_u:object_r:usr_t,s0) +/usr(/.*)? gen_context(system_u:object_r:usr_t,s0) /usr/\.journal <> -/usr/etc(/.*)? context_template(system_u:object_r:etc_t,s0) +/usr/etc(/.*)? gen_context(system_u:object_r:etc_t,s0) -/usr/inclu.e(/.*)? context_template(system_u:object_r:usr_t,s0) +/usr/inclu.e(/.*)? gen_context(system_u:object_r:usr_t,s0) /usr/local/\.journal <> -/usr/local/etc(/.*)? context_template(system_u:object_r:etc_t,s0) +/usr/local/etc(/.*)? gen_context(system_u:object_r:etc_t,s0) -/usr/local/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +/usr/local/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) /usr/local/lost\+found/.* <> -/usr/local/src(/.*)? context_template(system_u:object_r:src_t,s0) +/usr/local/src(/.*)? gen_context(system_u:object_r:src_t,s0) -/usr/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +/usr/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) /usr/lost\+found/.* <> -/usr/share(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:usr_t,s0) +/usr/share(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:usr_t,s0) -/usr/src(/.*)? context_template(system_u:object_r:src_t,s0) +/usr/src(/.*)? gen_context(system_u:object_r:src_t,s0) -/usr/tmp -d context_template(system_u:object_r:tmp_t,s0) +/usr/tmp -d gen_context(system_u:object_r:tmp_t,s0) /usr/tmp/.* <> # # /var # -/var(/.*)? context_template(system_u:object_r:var_t,s0) +/var(/.*)? gen_context(system_u:object_r:var_t,s0) /var/\.journal <> -/var/db/.*\.db -- context_template(system_u:object_r:etc_t,s0) +/var/db/.*\.db -- gen_context(system_u:object_r:etc_t,s0) -/var/ftp/etc(/.*)? context_template(system_u:object_r:etc_t,s0) +/var/ftp/etc(/.*)? gen_context(system_u:object_r:etc_t,s0) -/var/lib(/.*)? context_template(system_u:object_r:var_lib_t,s0) +/var/lib(/.*)? gen_context(system_u:object_r:var_lib_t,s0) /var/lib/nfs/rpc_pipefs(/.*)? <> -/var/lock(/.*)? context_template(system_u:object_r:var_lock_t,s0) +/var/lock(/.*)? gen_context(system_u:object_r:var_lock_t,s0) -/var/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +/var/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) /var/lost\+found/.* <> -/var/run(/.*)? context_template(system_u:object_r:var_run_t,s0) +/var/run(/.*)? gen_context(system_u:object_r:var_run_t,s0) /var/run/.*\.*pid <> -/var/spool(/.*)? context_template(system_u:object_r:var_spool_t,s0) +/var/spool(/.*)? gen_context(system_u:object_r:var_spool_t,s0) -/var/tmp -d context_template(system_u:object_r:tmp_t,s0) +/var/tmp -d gen_context(system_u:object_r:tmp_t,s0) /var/tmp/.* <> -/var/tmp/lost\+found -d context_template(system_u:object_r:lost_found_t,s0) +/var/tmp/lost\+found -d gen_context(system_u:object_r:lost_found_t,s0) /var/tmp/lost\+found/.* <> -/var/tmp/vi\.recover -d context_template(system_u:object_r:tmp_t,s0) +/var/tmp/vi\.recover -d gen_context(system_u:object_r:tmp_t,s0) diff --git a/refpolicy/policy/modules/system/files.te b/refpolicy/policy/modules/system/files.te index 3545494..a003f2d 100644 --- a/refpolicy/policy/modules/system/files.te +++ b/refpolicy/policy/modules/system/files.te @@ -61,7 +61,7 @@ type file_t, file_type, mountpoint; fs_associate(file_t) fs_associate_noxattr(file_t) kernel_rootfs_mountpoint(file_t) -sid file context_template(system_u:object_r:file_t,s0) +sid file gen_context(system_u:object_r:file_t,s0) # # home_root_t is the type for the directory where user home directories @@ -104,7 +104,7 @@ type root_t, file_type, mountpoint; #, polyparent fs_associate(root_t) fs_associate_noxattr(root_t) kernel_rootfs_mountpoint(root_t) -genfscon rootfs / context_template(system_u:object_r:root_t,s0) +genfscon rootfs / gen_context(system_u:object_r:root_t,s0) # # src_t is the type of files in the system src directories. diff --git a/refpolicy/policy/modules/system/fstools.fc b/refpolicy/policy/modules/system/fstools.fc index 265cdeb..f55036c 100644 --- a/refpolicy/policy/modules/system/fstools.fc +++ b/refpolicy/policy/modules/system/fstools.fc @@ -1,39 +1,39 @@ -/sbin/blockdev -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/cfdisk -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/dosfsck -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/dump -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/dumpe2fs -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/e2fsck -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/e2label -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/fdisk -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/findfs -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/fsck.* -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/hdparm -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/install-mbr -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/jfs_.* -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/losetup.* -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/lsraid -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/mkdosfs -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/mke2fs -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/mkfs.* -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/mkraid -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/mkreiserfs -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/mkswap -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/parted -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/partprobe -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/partx -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/raidautorun -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/raidstart -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/reiserfs(ck|tune) -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/resize.*fs -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/scsi_info -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/sfdisk -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/swapon.* -- context_template(system_u:object_r:fsadm_exec_t,s0) -/sbin/tune2fs -- context_template(system_u:object_r:fsadm_exec_t,s0) +/sbin/blockdev -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/cfdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/dosfsck -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/dump -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/dumpe2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/e2fsck -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/e2label -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/fdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/findfs -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/fsck.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/hdparm -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/install-mbr -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/jfs_.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/losetup.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/lsraid -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/mkdosfs -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/mke2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/mkreiserfs -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/mkswap -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/parted -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/raidautorun -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/raidstart -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/reiserfs(ck|tune) -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/resize.*fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/scsi_info -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/sfdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/swapon.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/sbin/tune2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) -/usr/bin/partition_uuid -- context_template(system_u:object_r:fsadm_exec_t,s0) -/usr/bin/raw -- context_template(system_u:object_r:fsadm_exec_t,s0) -/usr/bin/scsi_unique_id -- context_template(system_u:object_r:fsadm_exec_t,s0) -/usr/bin/syslinux -- context_template(system_u:object_r:fsadm_exec_t,s0) +/usr/bin/partition_uuid -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/usr/bin/raw -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/usr/bin/scsi_unique_id -- gen_context(system_u:object_r:fsadm_exec_t,s0) +/usr/bin/syslinux -- gen_context(system_u:object_r:fsadm_exec_t,s0) -/usr/sbin/smartctl -- context_template(system_u:object_r:fsadm_exec_t,s0) +/usr/sbin/smartctl -- gen_context(system_u:object_r:fsadm_exec_t,s0) diff --git a/refpolicy/policy/modules/system/getty.fc b/refpolicy/policy/modules/system/getty.fc index 6dcaaca..6db25c1 100644 --- a/refpolicy/policy/modules/system/getty.fc +++ b/refpolicy/policy/modules/system/getty.fc @@ -1,8 +1,8 @@ -/etc/mgetty(/.*)? context_template(system_u:object_r:getty_etc_t,s0) +/etc/mgetty(/.*)? gen_context(system_u:object_r:getty_etc_t,s0) -/sbin/.*getty -- context_template(system_u:object_r:getty_exec_t,s0) +/sbin/.*getty -- gen_context(system_u:object_r:getty_exec_t,s0) -/var/log/mgetty\.log.* -- context_template(system_u:object_r:getty_log_t,s0) +/var/log/mgetty\.log.* -- gen_context(system_u:object_r:getty_log_t,s0) -/var/run/mgetty\.pid.* -- context_template(system_u:object_r:getty_var_run_t,s0) +/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/hostname.fc b/refpolicy/policy/modules/system/hostname.fc index 29c6f8e..9dfecf7 100644 --- a/refpolicy/policy/modules/system/hostname.fc +++ b/refpolicy/policy/modules/system/hostname.fc @@ -1,2 +1,2 @@ -/bin/hostname -- context_template(system_u:object_r:hostname_exec_t,s0) +/bin/hostname -- gen_context(system_u:object_r:hostname_exec_t,s0) diff --git a/refpolicy/policy/modules/system/hotplug.fc b/refpolicy/policy/modules/system/hotplug.fc index f9c36e9..1af8916 100644 --- a/refpolicy/policy/modules/system/hotplug.fc +++ b/refpolicy/policy/modules/system/hotplug.fc @@ -1,11 +1,11 @@ -/etc/hotplug(/.*)? context_template(system_u:object_r:hotplug_etc_t,s0) -/etc/hotplug/firmware.agent -- context_template(system_u:object_r:hotplug_exec_t,s0) +/etc/hotplug(/.*)? gen_context(system_u:object_r:hotplug_etc_t,s0) +/etc/hotplug/firmware.agent -- gen_context(system_u:object_r:hotplug_exec_t,s0) -/etc/hotplug\.d/.* -- context_template(system_u:object_r:hotplug_exec_t,s0) +/etc/hotplug\.d/.* -- gen_context(system_u:object_r:hotplug_exec_t,s0) -/sbin/hotplug -- context_template(system_u:object_r:hotplug_exec_t,s0) -/sbin/netplugd -- context_template(system_u:object_r:hotplug_exec_t,s0) +/sbin/hotplug -- gen_context(system_u:object_r:hotplug_exec_t,s0) +/sbin/netplugd -- gen_context(system_u:object_r:hotplug_exec_t,s0) -/var/run/usb(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0) -/var/run/hotplug(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0) +/var/run/usb(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0) +/var/run/hotplug(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/init.fc b/refpolicy/policy/modules/system/init.fc index 4bade65..a55e621 100644 --- a/refpolicy/policy/modules/system/init.fc +++ b/refpolicy/policy/modules/system/init.fc @@ -2,56 +2,56 @@ # # /etc # -/etc/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0) +/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) -/etc/rc\.d/rc -- context_template(system_u:object_r:initrc_exec_t,s0) -/etc/rc\.d/rc\.sysinit -- context_template(system_u:object_r:initrc_exec_t,s0) -/etc/rc\.d/rc\.local -- context_template(system_u:object_r:initrc_exec_t,s0) +/etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) +/etc/rc\.d/rc\.sysinit -- gen_context(system_u:object_r:initrc_exec_t,s0) +/etc/rc\.d/rc\.local -- gen_context(system_u:object_r:initrc_exec_t,s0) -/etc/rc\.d/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0) +/etc/rc\.d/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) ifdef(`targeted_policy', `', ` -/etc/X11/prefdm -- context_template(system_u:object_r:initrc_exec_t,s0) +/etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0) ') # # /dev # -/dev/initctl -p context_template(system_u:object_r:initctl_t,s0) +/dev/initctl -p gen_context(system_u:object_r:initctl_t,s0) # # /sbin # -/sbin/init -- context_template(system_u:object_r:init_exec_t,s0) +/sbin/init -- gen_context(system_u:object_r:init_exec_t,s0) ifdef(`distro_gentoo', ` -/sbin/rc -- context_template(system_u:object_r:initrc_exec_t,s0) -/sbin/runscript -- context_template(system_u:object_r:initrc_exec_t,s0) -/sbin/runscript\.sh -- context_template(system_u:object_r:initrc_exec_t,s0) +/sbin/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) +/sbin/runscript -- gen_context(system_u:object_r:initrc_exec_t,s0) +/sbin/runscript\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0) ') # # /usr # -/usr/sbin/apachectl -- context_template(system_u:object_r:initrc_exec_t,s0) -/usr/sbin/open_init_pty -- context_template(system_u:object_r:initrc_exec_t,s0) +/usr/sbin/apachectl -- gen_context(system_u:object_r:initrc_exec_t,s0) +/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0) # # /var # ifdef(`distro_gentoo', ` -/var/lib/init\.d(/.*)? context_template(system_u:object_r:initrc_state_t,s0) +/var/lib/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) ') -/var/run/utmp -- context_template(system_u:object_r:initrc_var_run_t,s0) -/var/run/runlevel\.dir context_template(system_u:object_r:initrc_var_run_t,s0) -/var/run/random-seed -- context_template(system_u:object_r:initrc_var_run_t,s0) -/var/run/setmixer_flag -- context_template(system_u:object_r:initrc_var_run_t,s0) +/var/run/utmp -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/runlevel\.dir gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/random-seed -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/setmixer_flag -- gen_context(system_u:object_r:initrc_var_run_t,s0) ifdef(`distro_suse', ` -/var/run/bootsplashctl -p context_template(system_u:object_r:initrc_var_run_t,s0) -/var/run/keymap -- context_template(system_u:object_r:initrc_var_run_t,s0) -/var/run/numlock-on -- context_template(system_u:object_r:initrc_var_run_t,s0) -/var/run/setleds-on -- context_template(system_u:object_r:initrc_var_run_t,s0) -/var/run/sysconfig(/.*)? context_template(system_u:object_r:initrc_var_run_t,s0) +/var/run/bootsplashctl -p gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/keymap -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/numlock-on -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/setleds-on -- gen_context(system_u:object_r:initrc_var_run_t,s0) +/var/run/sysconfig(/.*)? gen_context(system_u:object_r:initrc_var_run_t,s0) ') diff --git a/refpolicy/policy/modules/system/ipsec.fc b/refpolicy/policy/modules/system/ipsec.fc index 22a5f73..ffe8566 100644 --- a/refpolicy/policy/modules/system/ipsec.fc +++ b/refpolicy/policy/modules/system/ipsec.fc @@ -1,32 +1,32 @@ -/etc/ipsec\.secrets -- context_template(system_u:object_r:ipsec_key_file_t,s0) -/etc/ipsec\.conf -- context_template(system_u:object_r:ipsec_conf_file_t,s0) -/etc/racoon/psk\.txt -- context_template(system_u:object_r:ipsec_key_file_t,s0) +/etc/ipsec\.secrets -- gen_context(system_u:object_r:ipsec_key_file_t,s0) +/etc/ipsec\.conf -- gen_context(system_u:object_r:ipsec_conf_file_t,s0) +/etc/racoon/psk\.txt -- gen_context(system_u:object_r:ipsec_key_file_t,s0) -/etc/racoon(/.*)? context_template(system_u:object_r:ipsec_conf_file_t,s0) -/etc/racoon/certs(/.*)? context_template(system_u:object_r:ipsec_key_file_t,s0) +/etc/racoon(/.*)? gen_context(system_u:object_r:ipsec_conf_file_t,s0) +/etc/racoon/certs(/.*)? gen_context(system_u:object_r:ipsec_key_file_t,s0) -/etc/ipsec\.d(/.*)? context_template(system_u:object_r:ipsec_key_file_t,s0) +/etc/ipsec\.d(/.*)? gen_context(system_u:object_r:ipsec_key_file_t,s0) -/sbin/setkey -- context_template(system_u:object_r:ipsec_exec_t,s0) +/sbin/setkey -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/usr/lib(64)?/ipsec/_plutoload -- context_template(system_u:object_r:ipsec_mgmt_exec_t,s0) -/usr/lib(64)?/ipsec/_plutorun -- context_template(system_u:object_r:ipsec_mgmt_exec_t,s0) -/usr/lib(64)?/ipsec/eroute -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/lib(64)?/ipsec/klipsdebug -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/lib(64)?/ipsec/pluto -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/lib(64)?/ipsec/spi -- context_template(system_u:object_r:ipsec_exec_t,s0) +/usr/lib(64)?/ipsec/_plutoload -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0) +/usr/lib(64)?/ipsec/_plutorun -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0) +/usr/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/usr/libexec/ipsec/eroute -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/libexec/ipsec/klipsdebug -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/libexec/ipsec/pluto -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/libexec/ipsec/spi -- context_template(system_u:object_r:ipsec_exec_t,s0) +/usr/libexec/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/libexec/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/libexec/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/libexec/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/usr/local/lib(64)?/ipsec/eroute -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/local/lib(64)?/ipsec/klipsdebug -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/local/lib(64)?/ipsec/pluto -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/local/lib(64)?/ipsec/spi -- context_template(system_u:object_r:ipsec_exec_t,s0) +/usr/local/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/usr/sbin/racoon -- context_template(system_u:object_r:ipsec_exec_t,s0) -/usr/sbin/setkey -- context_template(system_u:object_r:ipsec_exec_t,s0) +/usr/sbin/racoon -- gen_context(system_u:object_r:ipsec_exec_t,s0) +/usr/sbin/setkey -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/var/run/pluto(/.*)? context_template(system_u:object_r:ipsec_var_run_t,s0) +/var/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/iptables.fc b/refpolicy/policy/modules/system/iptables.fc index a837806..f715d71 100644 --- a/refpolicy/policy/modules/system/iptables.fc +++ b/refpolicy/policy/modules/system/iptables.fc @@ -1,8 +1,8 @@ -/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0) -/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0) -/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0) +/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) -/usr/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0) -/usr/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0) -/usr/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0) +/usr/sbin/ip6tables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +/usr/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0) +/usr/sbin/iptables.* -- gen_context(system_u:object_r:iptables_exec_t,s0) diff --git a/refpolicy/policy/modules/system/libraries.fc b/refpolicy/policy/modules/system/libraries.fc index 6629b1a..fa75578 100644 --- a/refpolicy/policy/modules/system/libraries.fc +++ b/refpolicy/policy/modules/system/libraries.fc @@ -2,64 +2,64 @@ # # /etc # -/etc/ld\.so\.cache -- context_template(system_u:object_r:ld_so_cache_t,s0) -/etc/ld\.so\.preload -- context_template(system_u:object_r:ld_so_cache_t,s0) +/etc/ld\.so\.cache -- gen_context(system_u:object_r:ld_so_cache_t,s0) +/etc/ld\.so\.preload -- gen_context(system_u:object_r:ld_so_cache_t,s0) # # /lib(64)? # -/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) -/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) -/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0) +/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) +/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) # # /opt # -/opt/(.*)?/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) -/opt/(.*)?/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) +/opt/(.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) +/opt/(.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) # # /sbin # -/sbin/ldconfig -- context_template(system_u:object_r:ldconfig_exec_t,s0) +/sbin/ldconfig -- gen_context(system_u:object_r:ldconfig_exec_t,s0) # # /usr # -/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0) -/usr(/.*)?/java/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0) -/usr(/.*)?/java/.*\.jar -- context_template(system_u:object_r:shlib_t,s0) -/usr(/.*)?/java/.*\.jsa -- context_template(system_u:object_r:shlib_t,s0) +/usr(/.*)?/java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0) +/usr(/.*)?/java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0) +/usr(/.*)?/java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0) -/usr(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) -/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) +/usr(/.*)?/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) +/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) -/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* context_template(system_u:object_r:ld_so_t,s0) +/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) -/usr(/.*)?/nvidia/.*\.so(\..*)? -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:texrel_shlib_t,s0) -/usr/lib/pgsql/test/regress/.*\.so -- context_template(system_u:object_r:shlib_t,s0) +/usr/lib/pgsql/test/regress/.*\.so -- gen_context(system_u:object_r:shlib_t,s0) -/usr/lib/win32/.* -- context_template(system_u:object_r:shlib_t,s0) +/usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0) -/usr/lib(64)?/libGL(core)?/.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr/lib(64)?/libGL(core)?/.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0) -/usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0) -/usr/(local/)?lib/wine/.*\.so -- context_template(system_u:object_r:texrel_shlib_t,s0) -/usr/(local/)?lib/libfame-.*\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0) -/usr/local/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) +/usr/(local/)?lib/wine/.*\.so -- gen_context(system_u:object_r:texrel_shlib_t,s0) +/usr/(local/)?lib/libfame-.*\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0) +/usr/local/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) -/usr/X11R6/lib/libGL\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0) -/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0) +/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:texrel_shlib_t,s0) -/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0) +/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:texrel_shlib_t,s0) # # /var # -/var/ftp/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0) -/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0) -/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0) +/var/ftp/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) +/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) +/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) -/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- context_template(system_u:object_r:shlib_t,s0) +/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- gen_context(system_u:object_r:shlib_t,s0) diff --git a/refpolicy/policy/modules/system/locallogin.fc b/refpolicy/policy/modules/system/locallogin.fc index 337e87f..7570583 100644 --- a/refpolicy/policy/modules/system/locallogin.fc +++ b/refpolicy/policy/modules/system/locallogin.fc @@ -1,2 +1,2 @@ -/sbin/sulogin -- context_template(system_u:object_r:sulogin_exec_t,s0) +/sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0) diff --git a/refpolicy/policy/modules/system/logging.fc b/refpolicy/policy/modules/system/logging.fc index fd88bb3..ff2b623 100644 --- a/refpolicy/policy/modules/system/logging.fc +++ b/refpolicy/policy/modules/system/logging.fc @@ -1,30 +1,30 @@ -/dev/log -s context_template(system_u:object_r:devlog_t,s0) +/dev/log -s gen_context(system_u:object_r:devlog_t,s0) -/etc/auditd.conf -- context_template(system_u:object_r:auditd_etc_t,s0) -/etc/audit.rules -- context_template(system_u:object_r:auditd_etc_t,s0) +/etc/auditd.conf -- gen_context(system_u:object_r:auditd_etc_t,s0) +/etc/audit.rules -- gen_context(system_u:object_r:auditd_etc_t,s0) -/sbin/auditctl -- context_template(system_u:object_r:auditctl_exec_t,s0) -/sbin/auditd -- context_template(system_u:object_r:auditd_exec_t,s0) -/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0) -/sbin/minilogd -- context_template(system_u:object_r:syslogd_exec_t,s0) -/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0) -/sbin/syslog-ng -- context_template(system_u:object_r:syslogd_exec_t,s0) +/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0) +/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0) +/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) +/sbin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0) -/usr/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0) -/usr/sbin/metalog -- context_template(system_u:object_r:syslogd_exec_t,s0) -/usr/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0) +/usr/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) +/usr/sbin/metalog -- gen_context(system_u:object_r:syslogd_exec_t,s0) +/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) ifdef(`distro_suse', ` -/var/lib/stunnel/dev/log -s context_template(system_u:object_r:devlog_t,s0) +/var/lib/stunnel/dev/log -s gen_context(system_u:object_r:devlog_t,s0) ') -/var/log(/.*)? context_template(system_u:object_r:var_log_t,s0) -/var/log/audit.log -- context_template(system_u:object_r:auditd_log_t,s0) +/var/log(/.*)? gen_context(system_u:object_r:var_log_t,s0) +/var/log/audit.log -- gen_context(system_u:object_r:auditd_log_t,s0) -/var/log/audit(/.*)? context_template(system_u:object_r:auditd_log_t,s0) +/var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,s0) -/var/run/klogd\.pid -- context_template(system_u:object_r:klogd_var_run_t,s0) -/var/run/log -s context_template(system_u:object_r:devlog_t,s0) -/var/run/metalog\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0) -/var/run/syslogd\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0) +/var/run/klogd\.pid -- gen_context(system_u:object_r:klogd_var_run_t,s0) +/var/run/log -s gen_context(system_u:object_r:devlog_t,s0) +/var/run/metalog\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0) +/var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/lvm.fc b/refpolicy/policy/modules/system/lvm.fc index 5b41740..c71690e 100644 --- a/refpolicy/policy/modules/system/lvm.fc +++ b/refpolicy/policy/modules/system/lvm.fc @@ -6,84 +6,84 @@ # # /etc # -/etc/lvm(/.*)? context_template(system_u:object_r:lvm_etc_t,s0) -/etc/lvm/\.cache -- context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvm/archive(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvm/backup(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvm/lock(/.*)? context_template(system_u:object_r:lvm_lock_t,s0) +/etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0) +/etc/lvm/\.cache -- gen_context(system_u:object_r:lvm_metadata_t,s0) +/etc/lvm/archive(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) +/etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) +/etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0) -/etc/lvmtab(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) -/etc/lvmtab\.d(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) +/etc/lvmtab(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) +/etc/lvmtab\.d(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) # # /lib # -/lib/lvm-10/.* -- context_template(system_u:object_r:lvm_exec_t,s0) -/lib/lvm-200/.* -- context_template(system_u:object_r:lvm_exec_t,s0) +/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) +/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) # # /sbin # -/sbin/cryptsetup -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/dmsetup -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/dmsetup\.static -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/e2fsadm -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvchange -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvcreate -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvextend -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvm\.static -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvmchange -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvmdiskscan -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvmiopversion -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvmsadc -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvmsar -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvreduce -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvremove -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvrename -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvresize -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvs -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/lvscan -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/multipathd -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvchange -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvcreate -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvdata -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvmove -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvremove -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvs -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/pvscan -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgcfgbackup -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgcfgrestore -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgchange -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgchange\.static -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgck -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgcreate -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgdisplay -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgexport -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgextend -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgimport -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgmerge -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgmknodes -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgreduce -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgremove -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgrename -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgs -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgscan -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgscan\.static -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgsplit -- context_template(system_u:object_r:lvm_exec_t,s0) -/sbin/vgwrapper -- context_template(system_u:object_r:lvm_exec_t,s0) +/sbin/cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/dmsetup -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/dmsetup\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/e2fsadm -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvchange -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvcreate -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvextend -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvm -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvm\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmchange -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmdiskscan -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmiopversion -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmsadc -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvmsar -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvreduce -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvremove -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvrename -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvresize -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/multipathd -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvchange -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvcreate -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvdata -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvmove -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvremove -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvs -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/pvscan -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgcfgbackup -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgcfgrestore -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgchange -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgchange\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgck -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgcreate -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgexport -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgextend -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgimport -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgmerge -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgmknodes -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgreduce -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgremove -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgrename -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgs -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgscan -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgscan\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgsplit -- gen_context(system_u:object_r:lvm_exec_t,s0) +/sbin/vgwrapper -- gen_context(system_u:object_r:lvm_exec_t,s0) # # /usr # -/usr/sbin/clvmd -- context_template(system_u:object_r:clvmd_exec_t,s0) -/usr/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0) +/usr/sbin/clvmd -- gen_context(system_u:object_r:clvmd_exec_t,s0) +/usr/sbin/lvm -- gen_context(system_u:object_r:lvm_exec_t,s0) # # /var # -/var/lock/lvm(/.*)? context_template(system_u:object_r:lvm_lock_t,s0) +/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0) -/var/cache/multipathd(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0) +/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) diff --git a/refpolicy/policy/modules/system/miscfiles.fc b/refpolicy/policy/modules/system/miscfiles.fc index 53e11f1..3443014 100644 --- a/refpolicy/policy/modules/system/miscfiles.fc +++ b/refpolicy/policy/modules/system/miscfiles.fc @@ -1,58 +1,58 @@ # # /etc # -/etc/localtime -- context_template(system_u:object_r:locale_t,s0) -/etc/pki(/.*)? context_template(system_u:object_r:cert_t,s0) +/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) +/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) # # /opt # -/opt/(.*)?/man(/.*)? context_template(system_u:object_r:man_t,s0) +/opt/(.*)?/man(/.*)? gen_context(system_u:object_r:man_t,s0) # # /srv # -/srv/([^/]*/)?ftp(/.*)? context_template(system_u:object_r:ftpd_anon_t,s0) -/srv/([^/]*/)?rsync(/.*)? context_template(system_u:object_r:ftpd_anon_t,s0) +/srv/([^/]*/)?ftp(/.*)? gen_context(system_u:object_r:ftpd_anon_t,s0) +/srv/([^/]*/)?rsync(/.*)? gen_context(system_u:object_r:ftpd_anon_t,s0) # # /usr # -/usr/lib/locale(/.*)? context_template(system_u:object_r:locale_t,s0) +/usr/lib/locale(/.*)? gen_context(system_u:object_r:locale_t,s0) -/usr/lib(64)?/perl5/man(/.*)? context_template(system_u:object_r:man_t,s0) +/usr/lib(64)?/perl5/man(/.*)? gen_context(system_u:object_r:man_t,s0) -/usr/local/man(/.*)? context_template(system_u:object_r:man_t,s0) +/usr/local/man(/.*)? gen_context(system_u:object_r:man_t,s0) -/usr/local/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) +/usr/local/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) -/usr/man(/.*)? context_template(system_u:object_r:man_t,s0) +/usr/man(/.*)? gen_context(system_u:object_r:man_t,s0) -/usr/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) -/usr/share/ghostscript/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) -/usr/share/locale(/.*)? context_template(system_u:object_r:locale_t,s0) -/usr/share/man(/.*)? context_template(system_u:object_r:man_t,s0) -/usr/share/zoneinfo(/.*)? context_template(system_u:object_r:locale_t,s0) +/usr/share/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) +/usr/share/ghostscript/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) +/usr/share/locale(/.*)? gen_context(system_u:object_r:locale_t,s0) +/usr/share/man(/.*)? gen_context(system_u:object_r:man_t,s0) +/usr/share/zoneinfo(/.*)? gen_context(system_u:object_r:locale_t,s0) -/usr/share/ssl/certs(/.*)? context_template(system_u:object_r:cert_t,s0) -/usr/share/ssl/private(/.*)? context_template(system_u:object_r:cert_t,s0) +/usr/share/ssl/certs(/.*)? gen_context(system_u:object_r:cert_t,s0) +/usr/share/ssl/private(/.*)? gen_context(system_u:object_r:cert_t,s0) -/usr/X11R6/lib/X11/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0) +/usr/X11R6/lib/X11/fonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) -/usr/X11R6/man(/.*)? context_template(system_u:object_r:man_t,s0) +/usr/X11R6/man(/.*)? gen_context(system_u:object_r:man_t,s0) # # /var # -/var/ftp(/.*)? context_template(system_u:object_r:ftpd_anon_t,s0) +/var/ftp(/.*)? gen_context(system_u:object_r:ftpd_anon_t,s0) ifdef(`distro_debian', ` -/var/lib/msttcorefonts(/.*)? context_template(system_u:object_r:fonts_t,s0) +/var/lib/msttcorefonts(/.*)? gen_context(system_u:object_r:fonts_t,s0) ') -/var/lib/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0) +/var/lib/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0) -/var/cache/fonts(/.*)? context_template(system_u:object_r:tetex_data_t,s0) -/var/cache/man(/.*)? context_template(system_u:object_r:man_t,s0) +/var/cache/fonts(/.*)? gen_context(system_u:object_r:tetex_data_t,s0) +/var/cache/man(/.*)? gen_context(system_u:object_r:man_t,s0) -/var/spool/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0) +/var/spool/texmf(/.*)? gen_context(system_u:object_r:tetex_data_t,s0) diff --git a/refpolicy/policy/modules/system/modutils.fc b/refpolicy/policy/modules/system/modutils.fc index a6bcef3..d35dff1 100644 --- a/refpolicy/policy/modules/system/modutils.fc +++ b/refpolicy/policy/modules/system/modutils.fc @@ -1,14 +1,14 @@ -/etc/modules\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0) -/etc/modprobe\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0) +/etc/modules\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0) +/etc/modprobe\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0) -/lib(64)?/modules/[^/]+/modules\..+ -- context_template(system_u:object_r:modules_dep_t,s0) +/lib(64)?/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0) -/lib(64)?/modules/modprobe\.conf -- context_template(system_u:object_r:modules_conf_t,s0) +/lib(64)?/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0) -/sbin/depmod.* -- context_template(system_u:object_r:depmod_exec_t,s0) -/sbin/generate-modprobe\.conf -- context_template(system_u:object_r:update_modules_exec_t,s0) -/sbin/insmod.* -- context_template(system_u:object_r:insmod_exec_t,s0) -/sbin/modprobe.* -- context_template(system_u:object_r:insmod_exec_t,s0) -/sbin/rmmod.* -- context_template(system_u:object_r:insmod_exec_t,s0) -/sbin/update-modules -- context_template(system_u:object_r:update_modules_exec_t,s0) +/sbin/depmod.* -- gen_context(system_u:object_r:depmod_exec_t,s0) +/sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:update_modules_exec_t,s0) +/sbin/insmod.* -- gen_context(system_u:object_r:insmod_exec_t,s0) +/sbin/modprobe.* -- gen_context(system_u:object_r:insmod_exec_t,s0) +/sbin/rmmod.* -- gen_context(system_u:object_r:insmod_exec_t,s0) +/sbin/update-modules -- gen_context(system_u:object_r:update_modules_exec_t,s0) diff --git a/refpolicy/policy/modules/system/mount.fc b/refpolicy/policy/modules/system/mount.fc index c9bb6fc..b2b7f82 100644 --- a/refpolicy/policy/modules/system/mount.fc +++ b/refpolicy/policy/modules/system/mount.fc @@ -3,5 +3,5 @@ # # mount file contexts # -/bin/mount.* -- context_template(system_u:object_r:mount_exec_t,s0) -/bin/umount.* -- context_template(system_u:object_r:mount_exec_t,s0) +/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) +/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) diff --git a/refpolicy/policy/modules/system/pcmcia.fc b/refpolicy/policy/modules/system/pcmcia.fc index aafe8e2..9cf0e56 100644 --- a/refpolicy/policy/modules/system/pcmcia.fc +++ b/refpolicy/policy/modules/system/pcmcia.fc @@ -1,10 +1,10 @@ -/etc/apm/event\.d/pcmcia -- context_template(system_u:object_r:cardmgr_exec_t,s0) +/etc/apm/event\.d/pcmcia -- gen_context(system_u:object_r:cardmgr_exec_t,s0) -/sbin/cardctl -- context_template(system_u:object_r:cardctl_exec_t,s0) -/sbin/cardmgr -- context_template(system_u:object_r:cardmgr_exec_t,s0) +/sbin/cardctl -- gen_context(system_u:object_r:cardctl_exec_t,s0) +/sbin/cardmgr -- gen_context(system_u:object_r:cardmgr_exec_t,s0) -/var/lib/pcmcia(/.*)? context_template(system_u:object_r:cardmgr_var_run_t,s0) +/var/lib/pcmcia(/.*)? gen_context(system_u:object_r:cardmgr_var_run_t,s0) -/var/run/cardmgr\.pid -- context_template(system_u:object_r:cardmgr_var_run_t,s0) -/var/run/stab -- context_template(system_u:object_r:cardmgr_var_run_t,s0) +/var/run/cardmgr\.pid -- gen_context(system_u:object_r:cardmgr_var_run_t,s0) +/var/run/stab -- gen_context(system_u:object_r:cardmgr_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/raid.fc b/refpolicy/policy/modules/system/raid.fc index e7118d6..0709927 100644 --- a/refpolicy/policy/modules/system/raid.fc +++ b/refpolicy/policy/modules/system/raid.fc @@ -1,5 +1,5 @@ -/sbin/mdadm -- context_template(system_u:object_r:mdadm_exec_t,s0) -/sbin/mdmpd -- context_template(system_u:object_r:mdadm_exec_t,s0) +/sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0) +/sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0) -/var/run/mdadm(/.*)? context_template(system_u:object_r:mdadm_var_run_t,s0) +/var/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/selinuxutil.fc b/refpolicy/policy/modules/system/selinuxutil.fc index 13db385..b709812 100644 --- a/refpolicy/policy/modules/system/selinuxutil.fc +++ b/refpolicy/policy/modules/system/selinuxutil.fc @@ -3,39 +3,39 @@ # # /etc # -/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0) +/etc/selinux(/.*)? gen_context(system_u:object_r:selinux_config_t,s0) -/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0) +/etc/selinux/([^/]*/)?contexts(/.*)? gen_context(system_u:object_r:default_context_t,s0) -/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0) +/etc/selinux/([^/]*/)?contexts/files(/.*)? gen_context(system_u:object_r:file_context_t,s0) -/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0) +/etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s0) -/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0) +/etc/selinux/([^/]*/)?src(/.*)? gen_context(system_u:object_r:policy_src_t,s0) # # /root # -/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0) +/root/\.default_contexts -- gen_context(system_u:object_r:default_context_t,s0) # # /sbin # -/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0) -/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0) +/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) +/sbin/restorecon -- gen_context(system_u:object_r:restorecon_exec_t,s0) # # /usr # -/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0) -/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0) +/usr/bin/checkpolicy -- gen_context(system_u:object_r:checkpolicy_exec_t,s0) +/usr/bin/newrole -- gen_context(system_u:object_r:newrole_exec_t,s0) -/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0) +/usr/lib(64)?/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0) -/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0) -/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0) -/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0) +/usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) +/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0) +/usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0) ifdef(`distro_debian', ` -/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0) +/usr/share/selinux(/.*)? gen_context(system_u:object_r:policy_src_t,s0) ') diff --git a/refpolicy/policy/modules/system/sysnetwork.fc b/refpolicy/policy/modules/system/sysnetwork.fc index 98904af..fe1511a 100644 --- a/refpolicy/policy/modules/system/sysnetwork.fc +++ b/refpolicy/policy/modules/system/sysnetwork.fc @@ -2,48 +2,48 @@ # # /bin # -/bin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/bin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0) # # /etc # -/etc/dhclient.*conf -- context_template(system_u:object_r:dhcp_etc_t,s0) -/etc/dhclient-script -- context_template(system_u:object_r:dhcp_etc_t,s0) -/etc/dhcpc.* context_template(system_u:object_r:dhcp_etc_t,s0) -/etc/dhcpd\.conf -- context_template(system_u:object_r:dhcp_etc_t,s0) -/etc/resolv\.conf.* -- context_template(system_u:object_r:net_conf_t,s0) -/etc/yp\.conf.* -- context_template(system_u:object_r:net_conf_t,s0) +/etc/dhclient.*conf -- gen_context(system_u:object_r:dhcp_etc_t,s0) +/etc/dhclient-script -- gen_context(system_u:object_r:dhcp_etc_t,s0) +/etc/dhcpc.* gen_context(system_u:object_r:dhcp_etc_t,s0) +/etc/dhcpd\.conf -- gen_context(system_u:object_r:dhcp_etc_t,s0) +/etc/resolv\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0) +/etc/yp\.conf.* -- gen_context(system_u:object_r:net_conf_t,s0) -/etc/dhcp3(/.*)? context_template(system_u:object_r:dhcp_etc_t,s0) -/etc/dhcp3?/dhclient.* context_template(system_u:object_r:dhcp_etc_t,s0) +/etc/dhcp3(/.*)? gen_context(system_u:object_r:dhcp_etc_t,s0) +/etc/dhcp3?/dhclient.* gen_context(system_u:object_r:dhcp_etc_t,s0) # # /sbin # -/sbin/dhclient.* -- context_template(system_u:object_r:dhcpc_exec_t,s0) -/sbin/dhcpcd -- context_template(system_u:object_r:dhcpc_exec_t,s0) -/sbin/ethtool -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/ifconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/ipx_configure -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/ipx_interface -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/ipx_internal_net -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/iwconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/mii-tool -- context_template(system_u:object_r:ifconfig_exec_t,s0) -/sbin/pump -- context_template(system_u:object_r:dhcpc_exec_t,s0) -/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/sbin/dhclient.* -- gen_context(system_u:object_r:dhcpc_exec_t,s0) +/sbin/dhcpcd -- gen_context(system_u:object_r:dhcpc_exec_t,s0) +/sbin/ethtool -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ipx_configure -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ipx_interface -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/ipx_internal_net -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/iwconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/mii-tool -- gen_context(system_u:object_r:ifconfig_exec_t,s0) +/sbin/pump -- gen_context(system_u:object_r:dhcpc_exec_t,s0) +/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0) # # /usr # -/usr/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0) +/usr/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0) # # /var # -/var/lib/dhcp3? -d context_template(system_u:object_r:dhcp_state_t,s0) -/var/lib/dhcp3?/dhclient.* context_template(system_u:object_r:dhcpc_state_t,s0) -/var/lib/dhcpcd(/.*)? context_template(system_u:object_r:dhcpc_state_t,s0) +/var/lib/dhcp3? -d gen_context(system_u:object_r:dhcp_state_t,s0) +/var/lib/dhcp3?/dhclient.* gen_context(system_u:object_r:dhcpc_state_t,s0) +/var/lib/dhcpcd(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0) -/var/run/dhclient.*\.pid -- context_template(system_u:object_r:dhcpc_var_run_t,s0) -/var/run/dhclient.*\.leases -- context_template(system_u:object_r:dhcpc_var_run_t,s0) +/var/run/dhclient.*\.pid -- gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/var/run/dhclient.*\.leases -- gen_context(system_u:object_r:dhcpc_var_run_t,s0) diff --git a/refpolicy/policy/modules/system/udev.fc b/refpolicy/policy/modules/system/udev.fc index 133ddd5..1a6c288 100644 --- a/refpolicy/policy/modules/system/udev.fc +++ b/refpolicy/policy/modules/system/udev.fc @@ -1,19 +1,19 @@ # udev -/dev/\.udevdb -- context_template(system_u:object_r:udev_tbl_t,s0) -/dev/udev\.tbl -- context_template(system_u:object_r:udev_tbl_t,s0) +/dev/\.udevdb -- gen_context(system_u:object_r:udev_tbl_t,s0) +/dev/udev\.tbl -- gen_context(system_u:object_r:udev_tbl_t,s0) -/etc/dev\.d/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0) +/etc/dev\.d/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0) -/etc/hotplug\.d/default/udev.* -- context_template(system_u:object_r:udev_helper_exec_t,s0) +/etc/hotplug\.d/default/udev.* -- gen_context(system_u:object_r:udev_helper_exec_t,s0) -/etc/udev/scripts/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0) +/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0) -/sbin/start_udev -- context_template(system_u:object_r:udev_exec_t,s0) -/sbin/udev -- context_template(system_u:object_r:udev_exec_t,s0) -/sbin/udevd -- context_template(system_u:object_r:udev_exec_t,s0) -/sbin/udevsend -- context_template(system_u:object_r:udev_exec_t,s0) -/sbin/udevstart -- context_template(system_u:object_r:udev_exec_t,s0) -/sbin/wait_for_sysfs -- context_template(system_u:object_r:udev_exec_t,s0) +/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0) +/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0) +/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0) +/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0) +/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0) +/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0) -/usr/bin/udevinfo -- context_template(system_u:object_r:udev_exec_t,s0) +/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0) diff --git a/refpolicy/policy/modules/system/unconfined.fc b/refpolicy/policy/modules/system/unconfined.fc index cc078b1..b0b5ed8 100644 --- a/refpolicy/policy/modules/system/unconfined.fc +++ b/refpolicy/policy/modules/system/unconfined.fc @@ -1,3 +1,3 @@ # Add programs here which should not be confined by SELinux # e.g.: -# /usr/local/bin/appsrv -- context_template(system_u:object_r:unconfined_exec_t,s0) +# /usr/local/bin/appsrv -- gen_context(system_u:object_r:unconfined_exec_t,s0) diff --git a/refpolicy/policy/modules/system/userdomain.fc b/refpolicy/policy/modules/system/userdomain.fc index a9bd174..78d6da5 100644 --- a/refpolicy/policy/modules/system/userdomain.fc +++ b/refpolicy/policy/modules/system/userdomain.fc @@ -1,4 +1,4 @@ -HOME_DIR -d context_template(system_u:object_r:ROLE_home_dir_t,s0) -HOME_DIR/.+ context_template(system_u:object_r:ROLE_home_t,s0) +HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0) +HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0) diff --git a/refpolicy/policy/support/misc_macros.spt b/refpolicy/policy/support/misc_macros.spt index 2c869d3..25ca305 100644 --- a/refpolicy/policy/support/misc_macros.spt +++ b/refpolicy/policy/support/misc_macros.spt @@ -19,9 +19,9 @@ define(`gen_user',`user $1 roles { $2 }`'ifdef(`enable_mls', ` level $3 range $4 ######################################## # -# gen_con(context,mls_sensitivity,[mcs_categories]) +# gen_context(context,mls_sensitivity,[mcs_categories]) # -define(`context_template',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl +define(`gen_context',`$1`'ifdef(`enable_mls',`:$2')`'ifdef(`enable_mcs',`:s0`'ifelse(`$3',,,`:$3')')') dnl ######################################## #