[gentoo-commits] proj/hardened-refpolicy:usrmerge commit in: policy/modules/system/ - gentoo-commits

From:	Jason Zaman <perfinion@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-refpolicy:usrmerge commit in: policy/modules/system/
Date:	Sun, 05 Feb 2017 15:13:45
Message-Id:	`1486307431.a22e9f51496b244924b7103da65925d57e8603df.perfinion@gentoo`

1

commit:     a22e9f51496b244924b7103da65925d57e8603df

2

Author:     Jason Zaman <jason <AT> perfinion <DOT> com>

3

AuthorDate: Sun Feb  5 08:58:28 2017 +0000

4

Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>

5

CommitDate: Sun Feb  5 15:10:31 2017 +0000

6

URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a22e9f51

7

8

usrmerge: Add gentoo-specific /usr fcontexts

9

10

 policy/modules/system/fstools.fc    | 1 -

11

 policy/modules/system/init.fc       | 6 +++---

12

 policy/modules/system/lvm.fc        | 4 ++--

13

 policy/modules/system/sysnetwork.fc | 2 +-

14

 policy/modules/system/tmpfiles.fc   | 4 ++--

15

 policy/modules/system/udev.fc       | 7 ++-----

16

 6 files changed, 10 insertions(+), 14 deletions(-)

17

18

diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc

19

index 5249a70..4dca3ed 100644

20

--- a/policy/modules/system/fstools.fc

21

+++ b/policy/modules/system/fstools.fc

22

@@ -61,6 +61,5 @@

23

 /run/fsck(/.*)?		gen_context(system_u:object_r:fsadm_run_t,s0)

24

25

 ifdef(`distro_gentoo',`

26

-/sbin/mkfs\.f2fs	--	gen_context(system_u:object_r:fsadm_exec_t,s0)

27

 /usr/sbin/mkfs\.f2fs	--	gen_context(system_u:object_r:fsadm_exec_t,s0)

28

')

29

30

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc

31

index 3e1365c..19a953f 100644

32

--- a/policy/modules/system/init.fc

33

+++ b/policy/modules/system/init.fc

34

@@ -81,13 +81,13 @@ ifdef(`distro_gentoo',`

35

#

36

 # /lib

37

#

38

-/lib/rc/console(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)

39

-/lib/rc/cache(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)

40

+/usr/lib/rc/console(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)

41

+/usr/lib/rc/cache(/.*)?		gen_context(system_u:object_r:initrc_state_t,s0)

42

43

#

44

 # /sbin

45

#

46

-/sbin/openrc		--	gen_context(system_u:object_r:rc_exec_t,s0)

47

+/usr/sbin/openrc		--	gen_context(system_u:object_r:rc_exec_t,s0)

48

49

#

50

 # /var

51

52

diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc

53

index 8f4988e..3fc24cc 100644

54

--- a/policy/modules/system/lvm.fc

55

+++ b/policy/modules/system/lvm.fc

56

@@ -100,9 +100,9 @@ ifdef(`distro_gentoo',`

57

58

 ifdef(`distro_gentoo',`

59

 # Bug 529430 comment 7

60

-/sbin/lvmetad		--	gen_context(system_u:object_r:lvm_exec_t,s0)

61

+/usr/sbin/lvmetad		--	gen_context(system_u:object_r:lvm_exec_t,s0)

62

 /var/run/lvm(/.*)?		gen_context(system_u:object_r:lvm_var_run_t,s0)

63

64

 # Bug 529430 comment 8

65

-/sbin/dmeventd		--	gen_context(system_u:object_r:lvm_exec_t,s0)

66

+/usr/sbin/dmeventd		--	gen_context(system_u:object_r:lvm_exec_t,s0)

67

')

68

69

diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc

70

index a295f46..2c93c41 100644

71

--- a/policy/modules/system/sysnetwork.fc

72

+++ b/policy/modules/system/sysnetwork.fc

73

@@ -72,7 +72,7 @@ ifdef(`distro_debian',`

74

')

75

76

 ifdef(`distro_gentoo',`

77

-/lib/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:dhcpc_script_exec_t,s0)

78

+/usr/lib/dhcpcd/dhcpcd-run-hooks	--	gen_context(system_u:object_r:dhcpc_script_exec_t,s0)

79

 /var/run/dhcpcd\.sock	-s	gen_context(system_u:object_r:dhcpc_var_run_t,s0)

80

 /var/run/dhcpcd\.unpriv\.sock	-s	gen_context(system_u:object_r:dhcpc_var_run_t,s0)

81

')

82

83

diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc

84

index 12fd30a..3f9b2b8 100644

85

--- a/policy/modules/system/tmpfiles.fc

86

+++ b/policy/modules/system/tmpfiles.fc

87

@@ -2,6 +2,6 @@

88

 /etc/tmpfiles.d(/.*)?				gen_context(system_u:object_r:tmpfiles_conf_t,s0)

89

 /var/run/tmpfiles.d(/.*)?			gen_context(system_u:object_r:tmpfiles_var_run_t,s0)

90

91

-/lib/rc/bin/checkpath			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

92

-/lib/rc/sh/tmpfiles.sh			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

93

+/usr/lib/rc/bin/checkpath			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

94

+/usr/lib/rc/sh/tmpfiles.sh			--	gen_context(system_u:object_r:tmpfiles_exec_t,s0)

95

96

97

diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc

98

index 6801d63..de64670 100644

99

--- a/policy/modules/system/udev.fc

100

+++ b/policy/modules/system/udev.fc

101

@@ -42,11 +42,8 @@ ifdef(`distro_debian',`

102

')

103

104

 ifdef(`distro_gentoo',`

105

-/bin/udevadm	--	gen_context(system_u:object_r:udev_exec_t,s0)

106

-

107

-/lib/udev/udevd	--	gen_context(system_u:object_r:udev_exec_t,s0)

108

-/lib/udev/rules\.d(/.*)?	gen_context(system_u:object_r:udev_rules_t,s0)

109

-/lib/systemd/systemd-udevd  --  gen_context(system_u:object_r:udev_exec_t,s0)

110

+/usr/lib/udev/udevd	--	gen_context(system_u:object_r:udev_exec_t,s0)

111

+/usr/lib/udev/rules\.d(/.*)?	gen_context(system_u:object_r:udev_rules_t,s0)

112

113

 /usr/bin/udevadm	--	gen_context(system_u:object_r:udev_exec_t,s0)

1	commit: a22e9f51496b244924b7103da65925d57e8603df
2	Author: Jason Zaman <jason <AT> perfinion <DOT> com>
3	AuthorDate: Sun Feb 5 08:58:28 2017 +0000
4	Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
5	CommitDate: Sun Feb 5 15:10:31 2017 +0000
6	URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a22e9f51
7
8	usrmerge: Add gentoo-specific /usr fcontexts
9
10	policy/modules/system/fstools.fc \| 1 -
11	policy/modules/system/init.fc \| 6 +++---
12	policy/modules/system/lvm.fc \| 4 ++--
13	policy/modules/system/sysnetwork.fc \| 2 +-
14	policy/modules/system/tmpfiles.fc \| 4 ++--
15	policy/modules/system/udev.fc \| 7 ++-----
16	6 files changed, 10 insertions(+), 14 deletions(-)
17
18	diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
19	index 5249a70..4dca3ed 100644
20	--- a/policy/modules/system/fstools.fc
21	+++ b/policy/modules/system/fstools.fc
22	@@ -61,6 +61,5 @@
23	/run/fsck(/.*)? gen_context(system_u:object_r:fsadm_run_t,s0)
24
25	ifdef(`distro_gentoo',`
26	-/sbin/mkfs\.f2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
27	/usr/sbin/mkfs\.f2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0)
28	')
29
30	diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
31	index 3e1365c..19a953f 100644
32	--- a/policy/modules/system/init.fc
33	+++ b/policy/modules/system/init.fc
34	@@ -81,13 +81,13 @@ ifdef(`distro_gentoo',`
35	#
36	# /lib
37	#
38	-/lib/rc/console(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
39	-/lib/rc/cache(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
40	+/usr/lib/rc/console(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
41	+/usr/lib/rc/cache(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
42
43	#
44	# /sbin
45	#
46	-/sbin/openrc -- gen_context(system_u:object_r:rc_exec_t,s0)
47	+/usr/sbin/openrc -- gen_context(system_u:object_r:rc_exec_t,s0)
48
49	#
50	# /var
51
52	diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
53	index 8f4988e..3fc24cc 100644
54	--- a/policy/modules/system/lvm.fc
55	+++ b/policy/modules/system/lvm.fc
56	@@ -100,9 +100,9 @@ ifdef(`distro_gentoo',`
57
58	ifdef(`distro_gentoo',`
59	# Bug 529430 comment 7
60	-/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0)
61	+/usr/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0)
62	/var/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
63
64	# Bug 529430 comment 8
65	-/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0)
66	+/usr/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0)
67	')
68
69	diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
70	index a295f46..2c93c41 100644
71	--- a/policy/modules/system/sysnetwork.fc
72	+++ b/policy/modules/system/sysnetwork.fc
73	@@ -72,7 +72,7 @@ ifdef(`distro_debian',`
74	')
75
76	ifdef(`distro_gentoo',`
77	-/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:dhcpc_script_exec_t,s0)
78	+/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:dhcpc_script_exec_t,s0)
79	/var/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
80	/var/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
81	')
82
83	diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc
84	index 12fd30a..3f9b2b8 100644
85	--- a/policy/modules/system/tmpfiles.fc
86	+++ b/policy/modules/system/tmpfiles.fc
87	@@ -2,6 +2,6 @@
88	/etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0)
89	/var/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
90
91	-/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
92	-/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
93	+/usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
94	+/usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
95
96
97	diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
98	index 6801d63..de64670 100644
99	--- a/policy/modules/system/udev.fc
100	+++ b/policy/modules/system/udev.fc
101	@@ -42,11 +42,8 @@ ifdef(`distro_debian',`
102	')
103
104	ifdef(`distro_gentoo',`
105	-/bin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)
106	-
107	-/lib/udev/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
108	-/lib/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
109	-/lib/systemd/systemd-udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
110	+/usr/lib/udev/udevd -- gen_context(system_u:object_r:udev_exec_t,s0)
111	+/usr/lib/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
112
113	/usr/bin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0)

Gentoo Archives: gentoo-commits