[gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/modules/kernel/, policy/modules/system/, policy/modules/services/, ... - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:master commit in: /, policy/modules/kernel/, policy/modules/system/, policy/modules/services/, ...
Date:	Tue, 24 Dec 2019 10:00:36
Message-Id:	`1577181507.3ad3fd938f3a06d4170286f9e14bbcd0765e8fb6.perfinion@gentoo`

1

commit:     3ad3fd938f3a06d4170286f9e14bbcd0765e8fb6

2

Author:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

3

AuthorDate: Tue Dec 17 04:17:02 2019 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Tue Dec 24 09:58:27 2019 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3ad3fd93

7

8

Fix gentoo-specific lint issues

9

10

Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

11

12

 .travis.yml                           | 2 +-

13

 policy/modules/admin/portage.fc       | 2 +-

14

 policy/modules/apps/java.fc           | 2 +-

15

 policy/modules/apps/qemu.fc           | 4 ++--

16

 policy/modules/contrib/android.fc     | 2 +-

17

 policy/modules/contrib/dirsrv.fc      | 4 ++--

18

 policy/modules/contrib/openrc.fc      | 2 +-

19

 policy/modules/contrib/phpfpm.fc      | 8 ++++----

20

 policy/modules/contrib/resolvconf.fc  | 2 +-

21

 policy/modules/contrib/rtorrent.fc    | 6 +++---

22

 policy/modules/contrib/uwsgi.fc       | 2 +-

23

 policy/modules/contrib/vde.fc         | 2 +-

24

 policy/modules/kernel/corecommands.fc | 8 ++++----

25

 policy/modules/services/ntp.fc        | 2 +-

26

 policy/modules/system/lvm.fc          | 5 -----

27

 policy/modules/system/miscfiles.fc    | 6 ++----

28

 policy/modules/system/tmpfiles.fc     | 6 +++---

29

 17 files changed, 29 insertions(+), 36 deletions(-)

30

31

diff --git a/.travis.yml b/.travis.yml

32

index 8be908cc..5dfbe090 100644

33

--- a/.travis.yml

34

+++ b/.travis.yml

35

@@ -25,7 +25,7 @@ env:

36

 matrix:

37

   include:

38

   - python: 3.7

39

-    env: LINT=true TYPE=standard

40

+    env: LINT=true TYPE=standard DISTRO=gentoo

41

42

 sudo: false

43

 dist: bionic

44

45

diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc

46

index 8a41cfff..26850f9d 100644

47

--- a/policy/modules/admin/portage.fc

48

+++ b/policy/modules/admin/portage.fc

49

@@ -23,7 +23,7 @@

50

 /usr/portage(/.*)?	gen_context(system_u:object_r:portage_ebuild_t,s0)

51

 /usr/portage/distfiles/cvs-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

52

 /usr/portage/distfiles/egit-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

53

-/usr/portage/distfiles/git.?-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

54

+/usr/portage/distfiles/git[0-9]-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

55

 /usr/portage/distfiles/go-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

56

 /usr/portage/distfiles/hg-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

57

 /usr/portage/distfiles/svn-src(/.*)?	gen_context(system_u:object_r:portage_srcrepo_t,s0)

58

59

diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc

60

index e8804805..d0476be2 100644

61

--- a/policy/modules/apps/java.fc

62

+++ b/policy/modules/apps/java.fc

63

@@ -34,5 +34,5 @@ HOME_DIR/\.java(/.*)?	gen_context(system_u:object_r:java_home_t,s0)

64

65

 ifdef(`distro_gentoo',`

66

 # Running maven (mvn) command needs read access to this, yet the file is marked as bin_t otherwise

67

-/usr/share/maven-bin-[^/]*/bin/m2.conf	--	gen_context(system_u:object_r:usr_t,s0)

68

+/usr/share/maven-bin-[^/]*/bin/m2\.conf	--	gen_context(system_u:object_r:usr_t,s0)

69

')

70

71

diff --git a/policy/modules/apps/qemu.fc b/policy/modules/apps/qemu.fc

72

index df3aa2d3..59dcb78b 100644

73

--- a/policy/modules/apps/qemu.fc

74

+++ b/policy/modules/apps/qemu.fc

75

@@ -12,8 +12,8 @@

76

 ifdef(`distro_gentoo',`

77

 /usr/bin/qemu-ga	--	gen_context(system_u:object_r:qemu_ga_exec_t,s0)

78

79

-/var/log/qemu-ga.log	--	gen_context(system_u:object_r:qemu_ga_log_t,s0)

80

+/var/log/qemu-ga\.log	--	gen_context(system_u:object_r:qemu_ga_log_t,s0)

81

 /var/log/qemu-ga(/.*)?	--	gen_context(system_u:object_r:qemu_ga_log_t,s0)

82

83

-/run/qemu-ga.pid	--	gen_context(system_u:object_r:qemu_ga_run_t,s0)

84

+/run/qemu-ga\.pid	--	gen_context(system_u:object_r:qemu_ga_run_t,s0)

85

')

86

87

diff --git a/policy/modules/contrib/android.fc b/policy/modules/contrib/android.fc

88

index af983112..a72f5d9f 100644

89

--- a/policy/modules/contrib/android.fc

90

+++ b/policy/modules/contrib/android.fc

91

@@ -2,7 +2,7 @@ HOME_DIR/\.AndroidStudio.*(/.*)?		gen_context(system_u:object_r:android_home_t,s

92

 HOME_DIR/\.android(/.*)?			gen_context(system_u:object_r:android_home_t,s0)

93

 HOME_DIR/\.gradle(/.*)?				gen_context(system_u:object_r:android_home_t,s0)

94

95

-/opt/android-studio/bin/studio.sh		gen_context(system_u:object_r:android_java_exec_t,s0)

96

+/opt/android-studio/bin/studio\.sh		gen_context(system_u:object_r:android_java_exec_t,s0)

97

98

 /opt/android-sdk-update-manager/platform-tools/adb	--	gen_context(system_u:object_r:android_tools_exec_t,s0)

99

 /opt/android-sdk-update-manager/platform-tools/fastboot	--	gen_context(system_u:object_r:android_tools_exec_t,s0)

100

101

diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc

102

index 3a33d632..a675110f 100644

103

--- a/policy/modules/contrib/dirsrv.fc

104

+++ b/policy/modules/contrib/dirsrv.fc

105

@@ -5,8 +5,8 @@

106

 /var/lib/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_var_lib_t,s0)

107

 /var/lock/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_var_lock_t,s0)

108

 /var/log/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_var_log_t,s0)

109

-/var/log/dirsrv/ldap-agent.log	gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)

110

+/var/log/dirsrv/ldap-agent\.log	gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)

111

 /run/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_runtime_t,s0)

112

-/run/ldap-agent.pid	gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0)

113

+/run/ldap-agent\.pid	gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0)

114

115

 /etc/dirsrv(/.*)?	gen_context(system_u:object_r:dirsrv_config_t,s0)

116

117

diff --git a/policy/modules/contrib/openrc.fc b/policy/modules/contrib/openrc.fc

118

index 7d62191c..11bfd461 100644

119

--- a/policy/modules/contrib/openrc.fc

120

+++ b/policy/modules/contrib/openrc.fc

121

@@ -1 +1 @@

122

-/usr/lib/rc/sh/cgroup-release-agent.sh	--	gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0)

123

+/usr/lib/rc/sh/cgroup-release-agent\.sh	--	gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0)

124

125

diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc

126

index da28e772..5592e409 100644

127

--- a/policy/modules/contrib/phpfpm.fc

128

+++ b/policy/modules/contrib/phpfpm.fc

129

@@ -1,5 +1,5 @@

130

-/usr/lib/php.*/bin/php-fpm		gen_context(system_u:object_r:phpfpm_exec_t,s0)

131

-/run/php*-fpm/*.sock			gen_context(system_u:object_r:phpfpm_runtime_t,s0)

132

+/usr/lib/php[^/]*/bin/php-fpm		gen_context(system_u:object_r:phpfpm_exec_t,s0)

133

+/run/php[^/]*-fpm/[^/]*\.sock			gen_context(system_u:object_r:phpfpm_runtime_t,s0)

134

135

-/var/log/php-fpm.log			gen_context(system_u:object_r:phpfpm_log_t,s0)

136

-/run/php-fpm.pid			gen_context(system_u:object_r:phpfpm_runtime_t,s0)

137

+/var/log/php-fpm\.log			gen_context(system_u:object_r:phpfpm_log_t,s0)

138

+/run/php-fpm\.pid			gen_context(system_u:object_r:phpfpm_runtime_t,s0)

139

140

diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc

141

index 4e5df895..51383c24 100644

142

--- a/policy/modules/contrib/resolvconf.fc

143

+++ b/policy/modules/contrib/resolvconf.fc

144

@@ -1,4 +1,4 @@

145

-/etc/resolvconf.conf	--	gen_context(system_u:object_r:resolvconf_conf_t,s0)

146

+/etc/resolvconf\.conf	--	gen_context(system_u:object_r:resolvconf_conf_t,s0)

147

148

 /usr/lib/resolvconf(/.*)?		gen_context(system_u:object_r:bin_t,s0)

149

150

151

diff --git a/policy/modules/contrib/rtorrent.fc b/policy/modules/contrib/rtorrent.fc

152

index 65a77bf0..5e248d1e 100644

153

--- a/policy/modules/contrib/rtorrent.fc

154

+++ b/policy/modules/contrib/rtorrent.fc

155

@@ -1,5 +1,5 @@

156

-HOME_DIR/.rtorrent.rc	--	gen_context(system_u:object_r:rtorrent_home_t,s0)

157

-HOME_DIR/.rtsession(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)

158

-HOME_DIR/.rtorrent(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)

159

+HOME_DIR/\.rtorrent\.rc	--	gen_context(system_u:object_r:rtorrent_home_t,s0)

160

+HOME_DIR/\.rtsession(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)

161

+HOME_DIR/\.rtorrent(/.*)?	gen_context(system_u:object_r:rtorrent_session_t,s0)

162

163

 /usr/bin/rtorrent	--	gen_context(system_u:object_r:rtorrent_exec_t,s0)

164

165

diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc

166

index 2cf031c1..49580994 100644

167

--- a/policy/modules/contrib/uwsgi.fc

168

+++ b/policy/modules/contrib/uwsgi.fc

169

@@ -1,4 +1,4 @@

170

-/etc/uwsgi.d(/.*)?					gen_context(system_u:object_r:uwsgi_conf_t,s0)

171

+/etc/uwsgi\.d(/.*)?					gen_context(system_u:object_r:uwsgi_conf_t,s0)

172

173

 /usr/bin/uwsgi.*				--	gen_context(system_u:object_r:uwsgi_exec_t,s0)

174

175

176

diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc

177

index bea4fd72..6ba4cc75 100644

178

--- a/policy/modules/contrib/vde.fc

179

+++ b/policy/modules/contrib/vde.fc

180

@@ -2,4 +2,4 @@

181

 /usr/bin/vde_switch	--	gen_context(system_u:object_r:vde_exec_t,s0)

182

 /usr/sbin/vde_tunctl	--	gen_context(system_u:object_r:vde_exec_t,s0)

183

 /run/vde\.ctl(/.*)?		gen_context(system_u:object_r:vde_runtime_t,s0)

184

-/tmp/vde.[0-9-]*	-s	gen_context(system_u:object_r:vde_tmp_t,s0)

185

+/tmp/vde\.[^/]*		-s	gen_context(system_u:object_r:vde_tmp_t,s0)

186

187

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc

188

index 68944c05..9369157b 100644

189

--- a/policy/modules/kernel/corecommands.fc

190

+++ b/policy/modules/kernel/corecommands.fc

191

@@ -101,7 +101,7 @@ ifdef(`distro_redhat',`

192

193

 /etc/vmware-tools(/.*)?			gen_context(system_u:object_r:bin_t,s0)

194

195

-/etc/wpa_supplicant/wpa_cli.sh	--	gen_context(system_u:object_r:bin_t,s0)

196

+/etc/wpa_supplicant/wpa_cli\.sh	--	gen_context(system_u:object_r:bin_t,s0)

197

198

 /etc/X11/xdm/GiveConsole	--	gen_context(system_u:object_r:bin_t,s0)

199

 /etc/X11/xdm/TakeConsole	--	gen_context(system_u:object_r:bin_t,s0)

200

@@ -268,7 +268,7 @@ ifdef(`distro_gentoo',`

201

 /usr/lib/[^/]*/run-mozilla\.sh --	gen_context(system_u:object_r:bin_t,s0)

202

 /usr/lib/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)

203

 /usr/lib/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)

204

-/usr/lib/nspluginwrapper/i386/linux/npviewer.bin --	gen_context(system_u:object_r:bin_t,s0)

205

+/usr/lib/nspluginwrapper/i386/linux/npviewer\.bin --	gen_context(system_u:object_r:bin_t,s0)

206

 /usr/lib/nspluginwrapper/i386/linux/npviewer	--	gen_context(system_u:object_r:shell_exec_t,s0)

207

 /usr/lib/xulrunner-.*/plugin-container		--	gen_context(system_u:object_r:bin_t,s0)

208

209

@@ -301,7 +301,7 @@ ifdef(`distro_gentoo',`

210

 /usr/share/apr(-[0-9])?/build/libtool --	gen_context(system_u:object_r:bin_t,s0)

211

 /usr/share/build-1/[^/]+\.sh	--	gen_context(system_u:object_r:bin_t,s0)

212

 /usr/share/build-1/libtool	--	gen_context(system_u:object_r:bin_t,s0)

213

-/usr/share/build-1/mkdir.sh	--	gen_context(system_u:object_r:bin_t,s0)

214

+/usr/share/build-1/mkdir\.sh	--	gen_context(system_u:object_r:bin_t,s0)

215

 /usr/share/dayplanner/dayplanner --	gen_context(system_u:object_r:bin_t,s0)

216

 /usr/share/debconf/.+		--	gen_context(system_u:object_r:bin_t,s0)

217

 /usr/share/denyhosts/scripts(/.*)?	gen_context(system_u:object_r:bin_t,s0)

218

@@ -319,7 +319,7 @@ ifdef(`distro_gentoo',`

219

 /usr/share/gnome-sound-recorder/org\.gnome\.SoundRecorder	--	gen_context(system_u:object_r:bin_t,s0)

220

 /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)

221

 /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)

222

-/usr/share/GNUstep/Makefiles/*\.sh		--	gen_context(system_u:object_r:bin_t,s0)

223

+/usr/share/GNUstep/Makefiles/[^/]*\.sh		--	gen_context(system_u:object_r:bin_t,s0)

224

 /usr/share/GNUstep/Makefiles/mkinstalldirs	--	gen_context(system_u:object_r:bin_t,s0)

225

 /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)

226

 /usr/share/hal/scripts(/.*)?		gen_context(system_u:object_r:bin_t,s0)

227

228

diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc

229

index b16c5739..4d014d19 100644

230

--- a/policy/modules/services/ntp.fc

231

+++ b/policy/modules/services/ntp.fc

232

@@ -42,7 +42,7 @@

233

 /run/ntpd\.sock	-s	gen_context(system_u:object_r:ntpd_pid_t,s0)

234

235

 ifdef(`distro_gentoo',`

236

-/var/lib/openntpd/ntpd.drift	--	gen_context(system_u:object_r:ntp_drift_t,s0)

237

+/var/lib/openntpd/ntpd\.drift	--	gen_context(system_u:object_r:ntp_drift_t,s0)

238

239

 # hardlinked to ntpd

240

 /usr/sbin/ntpctl		--	gen_context(system_u:object_r:ntpd_exec_t,s0)

241

242

diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc

243

index a3c68a97..8d50e1f2 100644

244

--- a/policy/modules/system/lvm.fc

245

+++ b/policy/modules/system/lvm.fc

246

@@ -2,11 +2,6 @@

247

 # configure LVM to put lockfiles in /etc/lvm/lock instead

248

 # for this policy to work (unless you have no separate /var)

249

250

-#

251

-# /dev

252

-#

253

-/dev/.lvm(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)

254

-

255

#

256

 # /etc

257

#

258

259

diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc

260

index 031bb2e0..19c4e2e3 100644

261

--- a/policy/modules/system/miscfiles.fc

262

+++ b/policy/modules/system/miscfiles.fc

263

@@ -11,11 +11,9 @@ ifdef(`distro_gentoo',`

264

 /etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)

265

 /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0)

266

 /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)

267

-/etc/pki/certs/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)

268

+/etc/pki(/.*)?			gen_context(system_u:object_r:cert_t,s0)

269

 /etc/pki/.*/private(/.*)?	gen_context(system_u:object_r:tls_privkey_t,s0)

270

-/etc/pki/private/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)

271

-/etc/ssl/certs/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)

272

-/etc/ssl/private/(.*)?	--	gen_context(system_u:object_r:cert_t,s0)

273

+/etc/ssl(/.*)?			gen_context(system_u:object_r:cert_t,s0)

274

 /etc/timezone		--	gen_context(system_u:object_r:locale_t,s0)

275

276

 ifdef(`distro_debian',`

277

278

diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc

279

index 5a13949c..a25eaa58 100644

280

--- a/policy/modules/system/tmpfiles.fc

281

+++ b/policy/modules/system/tmpfiles.fc

282

@@ -1,10 +1,10 @@

283

284

 ifndef(`init_systemd',`

285

-/etc/tmpfiles.d(/.*)?				gen_context(system_u:object_r:tmpfiles_conf_t,s0)

286

-/run/tmpfiles.d(/.*)?				gen_context(system_u:object_r:tmpfiles_runtime_t,s0)

287

+/etc/tmpfiles\.d(/.*)?				gen_context(system_u:object_r:tmpfiles_conf_t,s0)

288

+/run/tmpfiles\.d(/.*)?				gen_context(system_u:object_r:tmpfiles_runtime_t,s0)

289

')

290

291

 /usr/bin/tmpfiles				--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

292

 /usr/lib/rc/bin/checkpath			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

293

-/usr/lib/rc/sh/tmpfiles.sh			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

294

+/usr/lib/rc/sh/tmpfiles\.sh			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

1	commit: 3ad3fd938f3a06d4170286f9e14bbcd0765e8fb6
2	Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
3	AuthorDate: Tue Dec 17 04:17:02 2019 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Tue Dec 24 09:58:27 2019 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3ad3fd93
7
8	Fix gentoo-specific lint issues
9
10	Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
11
12	.travis.yml \| 2 +-
13	policy/modules/admin/portage.fc \| 2 +-
14	policy/modules/apps/java.fc \| 2 +-
15	policy/modules/apps/qemu.fc \| 4 ++--
16	policy/modules/contrib/android.fc \| 2 +-
17	policy/modules/contrib/dirsrv.fc \| 4 ++--
18	policy/modules/contrib/openrc.fc \| 2 +-
19	policy/modules/contrib/phpfpm.fc \| 8 ++++----
20	policy/modules/contrib/resolvconf.fc \| 2 +-
21	policy/modules/contrib/rtorrent.fc \| 6 +++---
22	policy/modules/contrib/uwsgi.fc \| 2 +-
23	policy/modules/contrib/vde.fc \| 2 +-
24	policy/modules/kernel/corecommands.fc \| 8 ++++----
25	policy/modules/services/ntp.fc \| 2 +-
26	policy/modules/system/lvm.fc \| 5 -----
27	policy/modules/system/miscfiles.fc \| 6 ++----
28	policy/modules/system/tmpfiles.fc \| 6 +++---
29	17 files changed, 29 insertions(+), 36 deletions(-)
30
31	diff --git a/.travis.yml b/.travis.yml
32	index 8be908cc..5dfbe090 100644
33	--- a/.travis.yml
34	+++ b/.travis.yml
35	@@ -25,7 +25,7 @@ env:
36	matrix:
37	include:
38	- python: 3.7
39	- env: LINT=true TYPE=standard
40	+ env: LINT=true TYPE=standard DISTRO=gentoo
41
42	sudo: false
43	dist: bionic
44
45	diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc
46	index 8a41cfff..26850f9d 100644
47	--- a/policy/modules/admin/portage.fc
48	+++ b/policy/modules/admin/portage.fc
49	@@ -23,7 +23,7 @@
50	/usr/portage(/.*)? gen_context(system_u:object_r:portage_ebuild_t,s0)
51	/usr/portage/distfiles/cvs-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0)
52	/usr/portage/distfiles/egit-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0)
53	-/usr/portage/distfiles/git.?-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0)
54	+/usr/portage/distfiles/git[0-9]-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0)
55	/usr/portage/distfiles/go-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0)
56	/usr/portage/distfiles/hg-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0)
57	/usr/portage/distfiles/svn-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0)
58
59	diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc
60	index e8804805..d0476be2 100644
61	--- a/policy/modules/apps/java.fc
62	+++ b/policy/modules/apps/java.fc
63	@@ -34,5 +34,5 @@ HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:java_home_t,s0)
64
65	ifdef(`distro_gentoo',`
66	# Running maven (mvn) command needs read access to this, yet the file is marked as bin_t otherwise
67	-/usr/share/maven-bin-[^/]*/bin/m2.conf -- gen_context(system_u:object_r:usr_t,s0)
68	+/usr/share/maven-bin-[^/]*/bin/m2\.conf -- gen_context(system_u:object_r:usr_t,s0)
69	')
70
71	diff --git a/policy/modules/apps/qemu.fc b/policy/modules/apps/qemu.fc
72	index df3aa2d3..59dcb78b 100644
73	--- a/policy/modules/apps/qemu.fc
74	+++ b/policy/modules/apps/qemu.fc
75	@@ -12,8 +12,8 @@
76	ifdef(`distro_gentoo',`
77	/usr/bin/qemu-ga -- gen_context(system_u:object_r:qemu_ga_exec_t,s0)
78
79	-/var/log/qemu-ga.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0)
80	+/var/log/qemu-ga\.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0)
81	/var/log/qemu-ga(/.*)? -- gen_context(system_u:object_r:qemu_ga_log_t,s0)
82
83	-/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0)
84	+/run/qemu-ga\.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0)
85	')
86
87	diff --git a/policy/modules/contrib/android.fc b/policy/modules/contrib/android.fc
88	index af983112..a72f5d9f 100644
89	--- a/policy/modules/contrib/android.fc
90	+++ b/policy/modules/contrib/android.fc
91	@@ -2,7 +2,7 @@ HOME_DIR/\.AndroidStudio.(/.)? gen_context(system_u:object_r:android_home_t,s
92	HOME_DIR/\.android(/.*)? gen_context(system_u:object_r:android_home_t,s0)
93	HOME_DIR/\.gradle(/.*)? gen_context(system_u:object_r:android_home_t,s0)
94
95	-/opt/android-studio/bin/studio.sh gen_context(system_u:object_r:android_java_exec_t,s0)
96	+/opt/android-studio/bin/studio\.sh gen_context(system_u:object_r:android_java_exec_t,s0)
97
98	/opt/android-sdk-update-manager/platform-tools/adb -- gen_context(system_u:object_r:android_tools_exec_t,s0)
99	/opt/android-sdk-update-manager/platform-tools/fastboot -- gen_context(system_u:object_r:android_tools_exec_t,s0)
100
101	diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc
102	index 3a33d632..a675110f 100644
103	--- a/policy/modules/contrib/dirsrv.fc
104	+++ b/policy/modules/contrib/dirsrv.fc
105	@@ -5,8 +5,8 @@
106	/var/lib/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lib_t,s0)
107	/var/lock/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lock_t,s0)
108	/var/log/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_log_t,s0)
109	-/var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
110	+/var/log/dirsrv/ldap-agent\.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
111	/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_runtime_t,s0)
112	-/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0)
113	+/run/ldap-agent\.pid gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0)
114
115	/etc/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_config_t,s0)
116
117	diff --git a/policy/modules/contrib/openrc.fc b/policy/modules/contrib/openrc.fc
118	index 7d62191c..11bfd461 100644
119	--- a/policy/modules/contrib/openrc.fc
120	+++ b/policy/modules/contrib/openrc.fc
121	@@ -1 +1 @@
122	-/usr/lib/rc/sh/cgroup-release-agent.sh -- gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0)
123	+/usr/lib/rc/sh/cgroup-release-agent\.sh -- gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0)
124
125	diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc
126	index da28e772..5592e409 100644
127	--- a/policy/modules/contrib/phpfpm.fc
128	+++ b/policy/modules/contrib/phpfpm.fc
129	@@ -1,5 +1,5 @@
130	-/usr/lib/php.*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0)
131	-/run/php-fpm/.sock gen_context(system_u:object_r:phpfpm_runtime_t,s0)
132	+/usr/lib/php[^/]*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0)
133	+/run/php[^/]-fpm/[^/]\.sock gen_context(system_u:object_r:phpfpm_runtime_t,s0)
134
135	-/var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0)
136	-/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_runtime_t,s0)
137	+/var/log/php-fpm\.log gen_context(system_u:object_r:phpfpm_log_t,s0)
138	+/run/php-fpm\.pid gen_context(system_u:object_r:phpfpm_runtime_t,s0)
139
140	diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc
141	index 4e5df895..51383c24 100644
142	--- a/policy/modules/contrib/resolvconf.fc
143	+++ b/policy/modules/contrib/resolvconf.fc
144	@@ -1,4 +1,4 @@
145	-/etc/resolvconf.conf -- gen_context(system_u:object_r:resolvconf_conf_t,s0)
146	+/etc/resolvconf\.conf -- gen_context(system_u:object_r:resolvconf_conf_t,s0)
147
148	/usr/lib/resolvconf(/.*)? gen_context(system_u:object_r:bin_t,s0)
149
150
151	diff --git a/policy/modules/contrib/rtorrent.fc b/policy/modules/contrib/rtorrent.fc
152	index 65a77bf0..5e248d1e 100644
153	--- a/policy/modules/contrib/rtorrent.fc
154	+++ b/policy/modules/contrib/rtorrent.fc
155	@@ -1,5 +1,5 @@
156	-HOME_DIR/.rtorrent.rc -- gen_context(system_u:object_r:rtorrent_home_t,s0)
157	-HOME_DIR/.rtsession(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0)
158	-HOME_DIR/.rtorrent(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0)
159	+HOME_DIR/\.rtorrent\.rc -- gen_context(system_u:object_r:rtorrent_home_t,s0)
160	+HOME_DIR/\.rtsession(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0)
161	+HOME_DIR/\.rtorrent(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0)
162
163	/usr/bin/rtorrent -- gen_context(system_u:object_r:rtorrent_exec_t,s0)
164
165	diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc
166	index 2cf031c1..49580994 100644
167	--- a/policy/modules/contrib/uwsgi.fc
168	+++ b/policy/modules/contrib/uwsgi.fc
169	@@ -1,4 +1,4 @@
170	-/etc/uwsgi.d(/.*)? gen_context(system_u:object_r:uwsgi_conf_t,s0)
171	+/etc/uwsgi\.d(/.*)? gen_context(system_u:object_r:uwsgi_conf_t,s0)
172
173	/usr/bin/uwsgi.* -- gen_context(system_u:object_r:uwsgi_exec_t,s0)
174
175
176	diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc
177	index bea4fd72..6ba4cc75 100644
178	--- a/policy/modules/contrib/vde.fc
179	+++ b/policy/modules/contrib/vde.fc
180	@@ -2,4 +2,4 @@
181	/usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0)
182	/usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0)
183	/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_runtime_t,s0)
184	-/tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0)
185	+/tmp/vde\.[^/]* -s gen_context(system_u:object_r:vde_tmp_t,s0)
186
187	diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
188	index 68944c05..9369157b 100644
189	--- a/policy/modules/kernel/corecommands.fc
190	+++ b/policy/modules/kernel/corecommands.fc
191	@@ -101,7 +101,7 @@ ifdef(`distro_redhat',`
192
193	/etc/vmware-tools(/.*)? gen_context(system_u:object_r:bin_t,s0)
194
195	-/etc/wpa_supplicant/wpa_cli.sh -- gen_context(system_u:object_r:bin_t,s0)
196	+/etc/wpa_supplicant/wpa_cli\.sh -- gen_context(system_u:object_r:bin_t,s0)
197
198	/etc/X11/xdm/GiveConsole -- gen_context(system_u:object_r:bin_t,s0)
199	/etc/X11/xdm/TakeConsole -- gen_context(system_u:object_r:bin_t,s0)
200	@@ -268,7 +268,7 @@ ifdef(`distro_gentoo',`
201	/usr/lib/[^/]*/run-mozilla\.sh -- gen_context(system_u:object_r:bin_t,s0)
202	/usr/lib/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
203	/usr/lib/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0)
204	-/usr/lib/nspluginwrapper/i386/linux/npviewer.bin -- gen_context(system_u:object_r:bin_t,s0)
205	+/usr/lib/nspluginwrapper/i386/linux/npviewer\.bin -- gen_context(system_u:object_r:bin_t,s0)
206	/usr/lib/nspluginwrapper/i386/linux/npviewer -- gen_context(system_u:object_r:shell_exec_t,s0)
207	/usr/lib/xulrunner-.*/plugin-container -- gen_context(system_u:object_r:bin_t,s0)
208
209	@@ -301,7 +301,7 @@ ifdef(`distro_gentoo',`
210	/usr/share/apr(-[0-9])?/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
211	/usr/share/build-1/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
212	/usr/share/build-1/libtool -- gen_context(system_u:object_r:bin_t,s0)
213	-/usr/share/build-1/mkdir.sh -- gen_context(system_u:object_r:bin_t,s0)
214	+/usr/share/build-1/mkdir\.sh -- gen_context(system_u:object_r:bin_t,s0)
215	/usr/share/dayplanner/dayplanner -- gen_context(system_u:object_r:bin_t,s0)
216	/usr/share/debconf/.+ -- gen_context(system_u:object_r:bin_t,s0)
217	/usr/share/denyhosts/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
218	@@ -319,7 +319,7 @@ ifdef(`distro_gentoo',`
219	/usr/share/gnome-sound-recorder/org\.gnome\.SoundRecorder -- gen_context(system_u:object_r:bin_t,s0)
220	/usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0)
221	/usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0)
222	-/usr/share/GNUstep/Makefiles/*\.sh -- gen_context(system_u:object_r:bin_t,s0)
223	+/usr/share/GNUstep/Makefiles/[^/]*\.sh -- gen_context(system_u:object_r:bin_t,s0)
224	/usr/share/GNUstep/Makefiles/mkinstalldirs -- gen_context(system_u:object_r:bin_t,s0)
225	/usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0)
226	/usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
227
228	diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc
229	index b16c5739..4d014d19 100644
230	--- a/policy/modules/services/ntp.fc
231	+++ b/policy/modules/services/ntp.fc
232	@@ -42,7 +42,7 @@
233	/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_pid_t,s0)
234
235	ifdef(`distro_gentoo',`
236	-/var/lib/openntpd/ntpd.drift -- gen_context(system_u:object_r:ntp_drift_t,s0)
237	+/var/lib/openntpd/ntpd\.drift -- gen_context(system_u:object_r:ntp_drift_t,s0)
238
239	# hardlinked to ntpd
240	/usr/sbin/ntpctl -- gen_context(system_u:object_r:ntpd_exec_t,s0)
241
242	diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
243	index a3c68a97..8d50e1f2 100644
244	--- a/policy/modules/system/lvm.fc
245	+++ b/policy/modules/system/lvm.fc
246	@@ -2,11 +2,6 @@
247	# configure LVM to put lockfiles in /etc/lvm/lock instead
248	# for this policy to work (unless you have no separate /var)
249
250	-#
251	-# /dev
252	-#
253	-/dev/.lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
254	-
255	#
256	# /etc
257	#
258
259	diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc
260	index 031bb2e0..19c4e2e3 100644
261	--- a/policy/modules/system/miscfiles.fc
262	+++ b/policy/modules/system/miscfiles.fc
263	@@ -11,11 +11,9 @@ ifdef(`distro_gentoo',`
264	/etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
265	/etc/httpd/alias/[^/]\.db(\.[^/])* -- gen_context(system_u:object_r:cert_t,s0)
266	/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
267	-/etc/pki/certs/(.*)? -- gen_context(system_u:object_r:cert_t,s0)
268	+/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0)
269	/etc/pki/./private(/.)? gen_context(system_u:object_r:tls_privkey_t,s0)
270	-/etc/pki/private/(.*)? -- gen_context(system_u:object_r:cert_t,s0)
271	-/etc/ssl/certs/(.*)? -- gen_context(system_u:object_r:cert_t,s0)
272	-/etc/ssl/private/(.*)? -- gen_context(system_u:object_r:cert_t,s0)
273	+/etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0)
274	/etc/timezone -- gen_context(system_u:object_r:locale_t,s0)
275
276	ifdef(`distro_debian',`
277
278	diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc
279	index 5a13949c..a25eaa58 100644
280	--- a/policy/modules/system/tmpfiles.fc
281	+++ b/policy/modules/system/tmpfiles.fc
282	@@ -1,10 +1,10 @@
283
284	ifndef(`init_systemd',`
285	-/etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0)
286	-/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_runtime_t,s0)
287	+/etc/tmpfiles\.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0)
288	+/run/tmpfiles\.d(/.*)? gen_context(system_u:object_r:tmpfiles_runtime_t,s0)
289	')
290
291	/usr/bin/tmpfiles -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
292	/usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
293	-/usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
294	+/usr/lib/rc/sh/tmpfiles\.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)

Gentoo Archives: gentoo-commits