| 1 |
commit: f408383b96e3836399199bcd926d3726cc936163 |
| 2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
| 3 |
AuthorDate: Sat Feb 4 20:19:35 2017 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Feb 5 15:10:31 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=f408383b |
| 7 |
|
| 8 |
Create / to /usr equivalence for bin, sbin, and lib, from Russell Coker. |
| 9 |
|
| 10 |
config/file_contexts.subs_dist | 8 +++- |
| 11 |
policy/modules/admin/bootloader.fc | 4 -- |
| 12 |
policy/modules/admin/bootloader.te | 2 +- |
| 13 |
policy/modules/admin/consoletype.fc | 3 -- |
| 14 |
policy/modules/admin/consoletype.te | 2 +- |
| 15 |
policy/modules/admin/dmesg.fc | 3 -- |
| 16 |
policy/modules/admin/dmesg.te | 2 +- |
| 17 |
policy/modules/admin/netutils.fc | 6 --- |
| 18 |
policy/modules/admin/netutils.te | 2 +- |
| 19 |
policy/modules/admin/su.fc | 3 -- |
| 20 |
policy/modules/admin/su.te | 2 +- |
| 21 |
policy/modules/admin/usermanage.fc | 4 -- |
| 22 |
policy/modules/admin/usermanage.te | 2 +- |
| 23 |
policy/modules/kernel/corecommands.fc | 70 +++++++----------------------- |
| 24 |
policy/modules/kernel/corecommands.te | 2 +- |
| 25 |
policy/modules/kernel/corenetwork.fc | 3 -- |
| 26 |
policy/modules/kernel/corenetwork.te.in | 2 +- |
| 27 |
policy/modules/kernel/devices.fc | 5 --- |
| 28 |
policy/modules/kernel/devices.te | 2 +- |
| 29 |
policy/modules/kernel/files.fc | 22 +++------- |
| 30 |
policy/modules/kernel/files.te | 2 +- |
| 31 |
policy/modules/kernel/filesystem.fc | 5 --- |
| 32 |
policy/modules/kernel/filesystem.te | 2 +- |
| 33 |
policy/modules/kernel/storage.fc | 3 -- |
| 34 |
policy/modules/kernel/storage.te | 2 +- |
| 35 |
policy/modules/kernel/terminal.fc | 2 +- |
| 36 |
policy/modules/kernel/terminal.te | 2 +- |
| 37 |
policy/modules/system/authlogin.fc | 15 ++----- |
| 38 |
policy/modules/system/authlogin.te | 2 +- |
| 39 |
policy/modules/system/clock.fc | 3 -- |
| 40 |
policy/modules/system/clock.te | 2 +- |
| 41 |
policy/modules/system/fstools.fc | 45 -------------------- |
| 42 |
policy/modules/system/fstools.te | 2 +- |
| 43 |
policy/modules/system/getty.fc | 3 -- |
| 44 |
policy/modules/system/getty.te | 2 +- |
| 45 |
policy/modules/system/hostname.fc | 3 -- |
| 46 |
policy/modules/system/hostname.te | 2 +- |
| 47 |
policy/modules/system/hotplug.fc | 3 -- |
| 48 |
policy/modules/system/hotplug.te | 2 +- |
| 49 |
policy/modules/system/init.fc | 29 ++++--------- |
| 50 |
policy/modules/system/init.te | 2 +- |
| 51 |
policy/modules/system/ipsec.fc | 2 - |
| 52 |
policy/modules/system/ipsec.te | 2 +- |
| 53 |
policy/modules/system/iptables.fc | 13 ------ |
| 54 |
policy/modules/system/iptables.te | 2 +- |
| 55 |
policy/modules/system/libraries.fc | 30 +++---------- |
| 56 |
policy/modules/system/libraries.te | 2 +- |
| 57 |
policy/modules/system/locallogin.fc | 4 -- |
| 58 |
policy/modules/system/locallogin.te | 2 +- |
| 59 |
policy/modules/system/logging.fc | 11 ----- |
| 60 |
policy/modules/system/logging.te | 2 +- |
| 61 |
policy/modules/system/lvm.fc | 75 ++------------------------------- |
| 62 |
policy/modules/system/lvm.te | 2 +- |
| 63 |
policy/modules/system/modutils.fc | 15 +------ |
| 64 |
policy/modules/system/modutils.te | 2 +- |
| 65 |
policy/modules/system/mount.fc | 8 ---- |
| 66 |
policy/modules/system/mount.te | 2 +- |
| 67 |
policy/modules/system/netlabel.fc | 2 - |
| 68 |
policy/modules/system/netlabel.te | 2 +- |
| 69 |
policy/modules/system/selinuxutil.fc | 7 --- |
| 70 |
policy/modules/system/selinuxutil.te | 2 +- |
| 71 |
policy/modules/system/setrans.fc | 2 - |
| 72 |
policy/modules/system/setrans.te | 2 +- |
| 73 |
policy/modules/system/sysnetwork.fc | 24 ----------- |
| 74 |
policy/modules/system/sysnetwork.te | 2 +- |
| 75 |
policy/modules/system/systemd.fc | 10 ----- |
| 76 |
policy/modules/system/systemd.te | 2 +- |
| 77 |
policy/modules/system/udev.fc | 23 ++++------ |
| 78 |
policy/modules/system/udev.te | 2 +- |
| 79 |
69 files changed, 93 insertions(+), 443 deletions(-) |
| 80 |
|
| 81 |
diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist |
| 82 |
index ade78dc..96c2765 100644 |
| 83 |
--- a/config/file_contexts.subs_dist |
| 84 |
+++ b/config/file_contexts.subs_dist |
| 85 |
@@ -8,10 +8,14 @@ |
| 86 |
# It does not perform substitutions as done by sed(1), for |
| 87 |
# example, but aliasing. |
| 88 |
# |
| 89 |
+/bin /usr/bin |
| 90 |
+/lib /usr/lib |
| 91 |
+/lib32 /usr/lib |
| 92 |
+/lib64 /usr/lib |
| 93 |
+/libx32 /usr/libx32 |
| 94 |
+/sbin /usr/sbin |
| 95 |
/etc/init.d /etc/rc.d/init.d |
| 96 |
/lib/systemd /usr/lib/systemd |
| 97 |
-/lib32 /lib |
| 98 |
-/lib64 /lib |
| 99 |
/run/lock /var/lock |
| 100 |
/usr/lib32 /usr/lib |
| 101 |
/usr/lib64 /usr/lib |
| 102 |
|
| 103 |
diff --git a/policy/modules/admin/bootloader.fc b/policy/modules/admin/bootloader.fc |
| 104 |
index c43c428..d392595 100644 |
| 105 |
--- a/policy/modules/admin/bootloader.fc |
| 106 |
+++ b/policy/modules/admin/bootloader.fc |
| 107 |
@@ -8,10 +8,6 @@ |
| 108 |
/etc/yaboot\.conf.* -- gen_context(system_u:object_r:bootloader_etc_t,s0) |
| 109 |
/etc/grub.d(/.*)? -- gen_context(system_u:object_r:bootloader_etc_t,s0) |
| 110 |
|
| 111 |
-/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0) |
| 112 |
-/sbin/lilo.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) |
| 113 |
-/sbin/ybin.* -- gen_context(system_u:object_r:bootloader_exec_t,s0) |
| 114 |
- |
| 115 |
/usr/sbin/grub -- gen_context(system_u:object_r:bootloader_exec_t,s0) |
| 116 |
/usr/sbin/grub2?-bios-setup -- gen_context(system_u:object_r:bootloader_exec_t,s0) |
| 117 |
/usr/sbin/grub2?-install -- gen_context(system_u:object_r:bootloader_exec_t,s0) |
| 118 |
|
| 119 |
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te |
| 120 |
index 6be4f16..fd9df5c 100644 |
| 121 |
--- a/policy/modules/admin/bootloader.te |
| 122 |
+++ b/policy/modules/admin/bootloader.te |
| 123 |
@@ -1,4 +1,4 @@ |
| 124 |
-policy_module(bootloader, 1.17.0) |
| 125 |
+policy_module(bootloader, 1.17.1) |
| 126 |
|
| 127 |
######################################## |
| 128 |
# |
| 129 |
|
| 130 |
diff --git a/policy/modules/admin/consoletype.fc b/policy/modules/admin/consoletype.fc |
| 131 |
index 5d4fc31..c5190ee 100644 |
| 132 |
--- a/policy/modules/admin/consoletype.fc |
| 133 |
+++ b/policy/modules/admin/consoletype.fc |
| 134 |
@@ -1,4 +1 @@ |
| 135 |
- |
| 136 |
-/sbin/consoletype -- gen_context(system_u:object_r:consoletype_exec_t,s0) |
| 137 |
- |
| 138 |
/usr/sbin/consoletype -- gen_context(system_u:object_r:consoletype_exec_t,s0) |
| 139 |
|
| 140 |
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te |
| 141 |
index 9ed8760..4d295c2 100644 |
| 142 |
--- a/policy/modules/admin/consoletype.te |
| 143 |
+++ b/policy/modules/admin/consoletype.te |
| 144 |
@@ -1,4 +1,4 @@ |
| 145 |
-policy_module(consoletype, 1.11.0) |
| 146 |
+policy_module(consoletype, 1.11.1) |
| 147 |
|
| 148 |
######################################## |
| 149 |
# |
| 150 |
|
| 151 |
diff --git a/policy/modules/admin/dmesg.fc b/policy/modules/admin/dmesg.fc |
| 152 |
index 0685b19..e52fdfc 100644 |
| 153 |
--- a/policy/modules/admin/dmesg.fc |
| 154 |
+++ b/policy/modules/admin/dmesg.fc |
| 155 |
@@ -1,4 +1 @@ |
| 156 |
- |
| 157 |
-/bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0) |
| 158 |
- |
| 159 |
/usr/bin/dmesg -- gen_context(system_u:object_r:dmesg_exec_t,s0) |
| 160 |
|
| 161 |
diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te |
| 162 |
index 36eb120..4b36350 100644 |
| 163 |
--- a/policy/modules/admin/dmesg.te |
| 164 |
+++ b/policy/modules/admin/dmesg.te |
| 165 |
@@ -1,4 +1,4 @@ |
| 166 |
-policy_module(dmesg, 1.5.0) |
| 167 |
+policy_module(dmesg, 1.5.1) |
| 168 |
|
| 169 |
######################################## |
| 170 |
# |
| 171 |
|
| 172 |
diff --git a/policy/modules/admin/netutils.fc b/policy/modules/admin/netutils.fc |
| 173 |
index 44cde12..5041c10 100644 |
| 174 |
--- a/policy/modules/admin/netutils.fc |
| 175 |
+++ b/policy/modules/admin/netutils.fc |
| 176 |
@@ -1,9 +1,3 @@ |
| 177 |
-/bin/ping.* -- gen_context(system_u:object_r:ping_exec_t,s0) |
| 178 |
-/bin/tracepath.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) |
| 179 |
-/bin/traceroute.* -- gen_context(system_u:object_r:traceroute_exec_t,s0) |
| 180 |
- |
| 181 |
-/sbin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0) |
| 182 |
- |
| 183 |
/usr/bin/arping -- gen_context(system_u:object_r:netutils_exec_t,s0) |
| 184 |
/usr/bin/lft -- gen_context(system_u:object_r:traceroute_exec_t,s0) |
| 185 |
/usr/bin/nmap -- gen_context(system_u:object_r:traceroute_exec_t,s0) |
| 186 |
|
| 187 |
diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te |
| 188 |
index 5525583..9eabff3 100644 |
| 189 |
--- a/policy/modules/admin/netutils.te |
| 190 |
+++ b/policy/modules/admin/netutils.te |
| 191 |
@@ -1,4 +1,4 @@ |
| 192 |
-policy_module(netutils, 1.16.0) |
| 193 |
+policy_module(netutils, 1.16.1) |
| 194 |
|
| 195 |
######################################## |
| 196 |
# |
| 197 |
|
| 198 |
diff --git a/policy/modules/admin/su.fc b/policy/modules/admin/su.fc |
| 199 |
index 3d89250..3375c96 100644 |
| 200 |
--- a/policy/modules/admin/su.fc |
| 201 |
+++ b/policy/modules/admin/su.fc |
| 202 |
@@ -1,6 +1,3 @@ |
| 203 |
- |
| 204 |
-/bin/su -- gen_context(system_u:object_r:su_exec_t,s0) |
| 205 |
- |
| 206 |
/usr/(local/)?bin/ksu -- gen_context(system_u:object_r:su_exec_t,s0) |
| 207 |
/usr/bin/kdesu -- gen_context(system_u:object_r:su_exec_t,s0) |
| 208 |
/usr/bin/su -- gen_context(system_u:object_r:su_exec_t,s0) |
| 209 |
|
| 210 |
diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te |
| 211 |
index afdd022..e553769 100644 |
| 212 |
--- a/policy/modules/admin/su.te |
| 213 |
+++ b/policy/modules/admin/su.te |
| 214 |
@@ -1,4 +1,4 @@ |
| 215 |
-policy_module(su, 1.14.0) |
| 216 |
+policy_module(su, 1.14.1) |
| 217 |
|
| 218 |
######################################## |
| 219 |
# |
| 220 |
|
| 221 |
diff --git a/policy/modules/admin/usermanage.fc b/policy/modules/admin/usermanage.fc |
| 222 |
index 1184395..0e00005 100644 |
| 223 |
--- a/policy/modules/admin/usermanage.fc |
| 224 |
+++ b/policy/modules/admin/usermanage.fc |
| 225 |
@@ -1,7 +1,3 @@ |
| 226 |
-ifdef(`distro_gentoo',` |
| 227 |
-/bin/passwd -- gen_context(system_u:object_r:passwd_exec_t,s0) |
| 228 |
-') |
| 229 |
- |
| 230 |
ifdef(`distro_debian',` |
| 231 |
/etc/cron\.daily/cracklib-runtime -- gen_context(system_u:object_r:crack_exec_t,s0) |
| 232 |
') |
| 233 |
|
| 234 |
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te |
| 235 |
index e11f53a..ab0ba0a 100644 |
| 236 |
--- a/policy/modules/admin/usermanage.te |
| 237 |
+++ b/policy/modules/admin/usermanage.te |
| 238 |
@@ -1,4 +1,4 @@ |
| 239 |
-policy_module(usermanage, 1.20.0) |
| 240 |
+policy_module(usermanage, 1.20.1) |
| 241 |
|
| 242 |
######################################## |
| 243 |
# |
| 244 |
|
| 245 |
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc |
| 246 |
index f2a1991..d8c7389 100644 |
| 247 |
--- a/policy/modules/kernel/corecommands.fc |
| 248 |
+++ b/policy/modules/kernel/corecommands.fc |
| 249 |
@@ -1,21 +1,4 @@ |
| 250 |
# |
| 251 |
-# /bin |
| 252 |
-# |
| 253 |
-/bin -d gen_context(system_u:object_r:bin_t,s0) |
| 254 |
-/bin/.* gen_context(system_u:object_r:bin_t,s0) |
| 255 |
-/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 256 |
-/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 257 |
-/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 258 |
-/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 259 |
-/bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 260 |
-/bin/mksh -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 261 |
-/bin/mountpoint -- gen_context(system_u:object_r:bin_t,s0) |
| 262 |
-/bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 263 |
-/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 264 |
-/bin/yash -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 265 |
-/bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 266 |
- |
| 267 |
-# |
| 268 |
# /dev |
| 269 |
# |
| 270 |
/dev/MAKEDEV -- gen_context(system_u:object_r:bin_t,s0) |
| 271 |
@@ -130,38 +113,6 @@ ifdef(`distro_debian',` |
| 272 |
') |
| 273 |
|
| 274 |
# |
| 275 |
-# /lib |
| 276 |
-# |
| 277 |
- |
| 278 |
-/lib/nut/.* -- gen_context(system_u:object_r:bin_t,s0) |
| 279 |
-/lib/readahead(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 280 |
-/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0) |
| 281 |
-/lib/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0) |
| 282 |
-/lib/udev/scsi_id -- gen_context(system_u:object_r:bin_t,s0) |
| 283 |
-/lib/upstart(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 284 |
- |
| 285 |
-ifdef(`distro_gentoo',` |
| 286 |
-#/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0) |
| 287 |
- |
| 288 |
-/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 289 |
-/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 290 |
-/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0) |
| 291 |
-/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0) |
| 292 |
-/lib/rc/bin/.* -- gen_context(system_u:object_r:bin_t,s0) |
| 293 |
-/lib/rc/sbin/.* -- gen_context(system_u:object_r:bin_t,s0) |
| 294 |
-/lib/rc/sh/.* -- gen_context(system_u:object_r:bin_t,s0) |
| 295 |
-') |
| 296 |
- |
| 297 |
-# |
| 298 |
-# /sbin |
| 299 |
-# |
| 300 |
-/sbin -d gen_context(system_u:object_r:bin_t,s0) |
| 301 |
-/sbin/.* gen_context(system_u:object_r:bin_t,s0) |
| 302 |
-/sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0) |
| 303 |
-/sbin/mkfs\.cramfs -- gen_context(system_u:object_r:bin_t,s0) |
| 304 |
-/sbin/nologin -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 305 |
- |
| 306 |
-# |
| 307 |
# /opt |
| 308 |
# |
| 309 |
/opt/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 310 |
@@ -186,7 +137,7 @@ ifdef(`distro_gentoo',` |
| 311 |
# /usr |
| 312 |
# |
| 313 |
/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 314 |
-/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 315 |
+/usr/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 316 |
/usr/bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 317 |
/usr/bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 318 |
/usr/bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 319 |
@@ -201,10 +152,10 @@ ifdef(`distro_gentoo',` |
| 320 |
/usr/bin/yash -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 321 |
/usr/bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 322 |
|
| 323 |
-/usr/lib(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 324 |
+/usr/lib/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 325 |
|
| 326 |
/usr/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 327 |
-/usr/lib(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 328 |
+/usr/lib/(.*/)?sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 329 |
|
| 330 |
/usr/lib/at-spi2-core(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 331 |
/usr/lib/avahi/avahi-daemon-check-dns\.sh -- gen_context(system_u:object_r:bin_t,s0) |
| 332 |
@@ -294,18 +245,19 @@ ifdef(`distro_gentoo',` |
| 333 |
/usr/lib/nspluginwrapper/i386/linux/npviewer -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 334 |
/usr/lib/xulrunner-.*/plugin-container -- gen_context(system_u:object_r:bin_t,s0) |
| 335 |
|
| 336 |
-/usr/lib/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 337 |
- |
| 338 |
/usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 339 |
/usr/libexec/git-core/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 340 |
/usr/libexec/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 341 |
|
| 342 |
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) |
| 343 |
|
| 344 |
+/usr/local/bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 345 |
+/usr/local/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 346 |
/usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 347 |
/usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 348 |
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 349 |
|
| 350 |
+/usr/sbin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 351 |
/usr/sbin/insmod_ksymoops_clean -- gen_context(system_u:object_r:bin_t,s0) |
| 352 |
/usr/sbin/mkfs\.cramfs -- gen_context(system_u:object_r:bin_t,s0) |
| 353 |
/usr/sbin/nologin -- gen_context(system_u:object_r:shell_exec_t,s0) |
| 354 |
@@ -368,6 +320,16 @@ ifdef(`distro_gentoo', ` |
| 355 |
/usr/[^/]+-[^/]+-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 356 |
/usr/[^/]+-[^/]+-linux-gnu/[^/]+/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 357 |
/usr/[^/]+-[^/]+-linux-gnu/[^/]+/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 358 |
+ |
| 359 |
+#/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:bin_t,s0) |
| 360 |
+ |
| 361 |
+/usr/lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 362 |
+/usr/lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0) |
| 363 |
+/usr/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0) |
| 364 |
+/usr/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0) |
| 365 |
+/usr/lib/rc/bin/.* -- gen_context(system_u:object_r:bin_t,s0) |
| 366 |
+/usr/lib/rc/sbin/.* -- gen_context(system_u:object_r:bin_t,s0) |
| 367 |
+/usr/lib/rc/sh/.* -- gen_context(system_u:object_r:bin_t,s0) |
| 368 |
') |
| 369 |
|
| 370 |
ifdef(`distro_redhat', ` |
| 371 |
|
| 372 |
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te |
| 373 |
index f7ca08a..ca4e75f 100644 |
| 374 |
--- a/policy/modules/kernel/corecommands.te |
| 375 |
+++ b/policy/modules/kernel/corecommands.te |
| 376 |
@@ -1,4 +1,4 @@ |
| 377 |
-policy_module(corecommands, 1.23.0) |
| 378 |
+policy_module(corecommands, 1.23.1) |
| 379 |
|
| 380 |
######################################## |
| 381 |
# |
| 382 |
|
| 383 |
diff --git a/policy/modules/kernel/corenetwork.fc b/policy/modules/kernel/corenetwork.fc |
| 384 |
index a717876..b8e9fb3 100644 |
| 385 |
--- a/policy/modules/kernel/corenetwork.fc |
| 386 |
+++ b/policy/modules/kernel/corenetwork.fc |
| 387 |
@@ -5,8 +5,5 @@ |
| 388 |
|
| 389 |
/dev/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) |
| 390 |
|
| 391 |
-/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) |
| 392 |
-/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) |
| 393 |
- |
| 394 |
/usr/lib/udev/devices/ppp -c gen_context(system_u:object_r:ppp_device_t,s0) |
| 395 |
/usr/lib/udev/devices/net/.* -c gen_context(system_u:object_r:tun_tap_device_t,s0) |
| 396 |
|
| 397 |
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in |
| 398 |
index 0196dde..efae68a 100644 |
| 399 |
--- a/policy/modules/kernel/corenetwork.te.in |
| 400 |
+++ b/policy/modules/kernel/corenetwork.te.in |
| 401 |
@@ -1,4 +1,4 @@ |
| 402 |
-policy_module(corenetwork, 1.23.0) |
| 403 |
+policy_module(corenetwork, 1.23.1) |
| 404 |
|
| 405 |
######################################## |
| 406 |
# |
| 407 |
|
| 408 |
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc |
| 409 |
index 6a2e601..19cd972 100644 |
| 410 |
--- a/policy/modules/kernel/devices.fc |
| 411 |
+++ b/policy/modules/kernel/devices.fc |
| 412 |
@@ -194,11 +194,6 @@ ifdef(`distro_debian',` |
| 413 |
/etc/udev/devices -d gen_context(system_u:object_r:device_t,s0) |
| 414 |
|
| 415 |
# used by init scripts to initally populate udev /dev |
| 416 |
-/lib/udev/devices(/.*)? gen_context(system_u:object_r:device_t,s0) |
| 417 |
-/lib/udev/devices/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) |
| 418 |
-/lib/udev/devices/null -c gen_context(system_u:object_r:null_device_t,s0) |
| 419 |
-/lib/udev/devices/zero -c gen_context(system_u:object_r:zero_device_t,s0) |
| 420 |
- |
| 421 |
/usr/lib/udev/devices(/.*)? gen_context(system_u:object_r:device_t,s0) |
| 422 |
/usr/lib/udev/devices/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) |
| 423 |
/usr/lib/udev/devices/null -c gen_context(system_u:object_r:null_device_t,s0) |
| 424 |
|
| 425 |
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te |
| 426 |
index 37dceb4..767da24 100644 |
| 427 |
--- a/policy/modules/kernel/devices.te |
| 428 |
+++ b/policy/modules/kernel/devices.te |
| 429 |
@@ -1,4 +1,4 @@ |
| 430 |
-policy_module(devices, 1.20.0) |
| 431 |
+policy_module(devices, 1.20.1) |
| 432 |
|
| 433 |
######################################## |
| 434 |
# |
| 435 |
|
| 436 |
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc |
| 437 |
index f506f56..39491e9 100644 |
| 438 |
--- a/policy/modules/kernel/files.fc |
| 439 |
+++ b/policy/modules/kernel/files.fc |
| 440 |
@@ -104,17 +104,6 @@ HOME_ROOT/lost\+found/.* <<none>> |
| 441 |
/initrd -d gen_context(system_u:object_r:root_t,s0) |
| 442 |
|
| 443 |
# |
| 444 |
-# /lib(64)? |
| 445 |
-# |
| 446 |
-/lib/modules(/.*)? gen_context(system_u:object_r:modules_object_t,s0) |
| 447 |
- |
| 448 |
-ifdef(`distro_debian',` |
| 449 |
-# on Debian /lib/init/rw is a tmpfs used like /var/run but |
| 450 |
-# before /var is mounted |
| 451 |
-/lib/init/rw(/.*)? gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh) |
| 452 |
-') |
| 453 |
- |
| 454 |
-# |
| 455 |
# /lost+found |
| 456 |
# |
| 457 |
/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh) |
| 458 |
@@ -185,11 +174,6 @@ ifdef(`distro_debian',` |
| 459 |
/srv/.* gen_context(system_u:object_r:var_t,s0) |
| 460 |
|
| 461 |
# |
| 462 |
-# /usr/lib(64)? |
| 463 |
-# |
| 464 |
-/usr/lib/modules(/.*)? gen_context(system_u:object_r:modules_object_t,s0) |
| 465 |
- |
| 466 |
-# |
| 467 |
# /tmp |
| 468 |
# |
| 469 |
/tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh) |
| 470 |
@@ -231,6 +215,12 @@ ifdef(`distro_debian',` |
| 471 |
/usr/tmp -d gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh) |
| 472 |
/usr/tmp/.* <<none>> |
| 473 |
|
| 474 |
+ifdef(`distro_debian',` |
| 475 |
+# on Debian /lib/init/rw is a tmpfs used like /var/run but |
| 476 |
+# before /var is mounted |
| 477 |
+/usr/lib/init/rw(/.*)? gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh) |
| 478 |
+') |
| 479 |
+ |
| 480 |
ifndef(`distro_redhat',` |
| 481 |
/usr/local/src(/.*)? gen_context(system_u:object_r:src_t,s0) |
| 482 |
|
| 483 |
|
| 484 |
diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te |
| 485 |
index 3f4fdad..2d8fa23 100644 |
| 486 |
--- a/policy/modules/kernel/files.te |
| 487 |
+++ b/policy/modules/kernel/files.te |
| 488 |
@@ -1,4 +1,4 @@ |
| 489 |
-policy_module(files, 1.23.0) |
| 490 |
+policy_module(files, 1.23.1) |
| 491 |
|
| 492 |
######################################## |
| 493 |
# |
| 494 |
|
| 495 |
diff --git a/policy/modules/kernel/filesystem.fc b/policy/modules/kernel/filesystem.fc |
| 496 |
index 2029784..f46a280 100644 |
| 497 |
--- a/policy/modules/kernel/filesystem.fc |
| 498 |
+++ b/policy/modules/kernel/filesystem.fc |
| 499 |
@@ -6,11 +6,6 @@ |
| 500 |
/dev/shm -d gen_context(system_u:object_r:tmpfs_t,s0) |
| 501 |
/dev/shm/.* <<none>> |
| 502 |
|
| 503 |
-/lib/udev/devices/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0) |
| 504 |
-/lib/udev/devices/hugepages/.* <<none>> |
| 505 |
-/lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0) |
| 506 |
-/lib/udev/devices/shm/.* <<none>> |
| 507 |
- |
| 508 |
/usr/lib/udev/devices/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0) |
| 509 |
/usr/lib/udev/devices/hugepages/.* <<none>> |
| 510 |
/usr/lib/udev/devices/shm -d gen_context(system_u:object_r:tmpfs_t,s0) |
| 511 |
|
| 512 |
diff --git a/policy/modules/kernel/filesystem.te b/policy/modules/kernel/filesystem.te |
| 513 |
index 50a59ac..e6a6930 100644 |
| 514 |
--- a/policy/modules/kernel/filesystem.te |
| 515 |
+++ b/policy/modules/kernel/filesystem.te |
| 516 |
@@ -1,4 +1,4 @@ |
| 517 |
-policy_module(filesystem, 1.22.0) |
| 518 |
+policy_module(filesystem, 1.22.1) |
| 519 |
|
| 520 |
######################################## |
| 521 |
# |
| 522 |
|
| 523 |
diff --git a/policy/modules/kernel/storage.fc b/policy/modules/kernel/storage.fc |
| 524 |
index cd1b439..375b10b 100644 |
| 525 |
--- a/policy/modules/kernel/storage.fc |
| 526 |
+++ b/policy/modules/kernel/storage.fc |
| 527 |
@@ -83,8 +83,5 @@ ifdef(`distro_redhat', ` |
| 528 |
|
| 529 |
/dev/usb/rio500 -c gen_context(system_u:object_r:removable_device_t,s0) |
| 530 |
|
| 531 |
-/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) |
| 532 |
-/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0) |
| 533 |
- |
| 534 |
/usr/lib/udev/devices/loop.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh) |
| 535 |
/usr/lib/udev/devices/fuse -c gen_context(system_u:object_r:fuse_device_t,s0) |
| 536 |
|
| 537 |
diff --git a/policy/modules/kernel/storage.te b/policy/modules/kernel/storage.te |
| 538 |
index a049e30..59329dc 100644 |
| 539 |
--- a/policy/modules/kernel/storage.te |
| 540 |
+++ b/policy/modules/kernel/storage.te |
| 541 |
@@ -1,4 +1,4 @@ |
| 542 |
-policy_module(storage, 1.14.0) |
| 543 |
+policy_module(storage, 1.14.1) |
| 544 |
|
| 545 |
######################################## |
| 546 |
# |
| 547 |
|
| 548 |
diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc |
| 549 |
index 256ad29..6657b04 100644 |
| 550 |
--- a/policy/modules/kernel/terminal.fc |
| 551 |
+++ b/policy/modules/kernel/terminal.fc |
| 552 |
@@ -41,5 +41,5 @@ ifdef(`distro_gentoo',` |
| 553 |
/dev/tts/[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) |
| 554 |
|
| 555 |
# used by init scripts to initally populate udev /dev |
| 556 |
-/lib/udev/devices/console -c gen_context(system_u:object_r:console_device_t,s0) |
| 557 |
+/usr/lib/udev/devices/console -c gen_context(system_u:object_r:console_device_t,s0) |
| 558 |
') |
| 559 |
|
| 560 |
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te |
| 561 |
index d9415fc..b77752b 100644 |
| 562 |
--- a/policy/modules/kernel/terminal.te |
| 563 |
+++ b/policy/modules/kernel/terminal.te |
| 564 |
@@ -1,4 +1,4 @@ |
| 565 |
-policy_module(terminal, 1.16.0) |
| 566 |
+policy_module(terminal, 1.16.1) |
| 567 |
|
| 568 |
######################################## |
| 569 |
# |
| 570 |
|
| 571 |
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc |
| 572 |
index fe15c99..d68f6bb 100644 |
| 573 |
--- a/policy/modules/system/authlogin.fc |
| 574 |
+++ b/policy/modules/system/authlogin.fc |
| 575 |
@@ -1,21 +1,9 @@ |
| 576 |
- |
| 577 |
-/bin/login -- gen_context(system_u:object_r:login_exec_t,s0) |
| 578 |
- |
| 579 |
/etc/\.pwd\.lock -- gen_context(system_u:object_r:shadow_t,s0) |
| 580 |
/etc/group\.lock -- gen_context(system_u:object_r:shadow_t,s0) |
| 581 |
/etc/gshadow.* -- gen_context(system_u:object_r:shadow_t,s0) |
| 582 |
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0) |
| 583 |
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0) |
| 584 |
|
| 585 |
-/sbin/pam_console_apply -- gen_context(system_u:object_r:pam_console_exec_t,s0) |
| 586 |
-/sbin/pam_timestamp_check -- gen_context(system_u:object_r:pam_exec_t,s0) |
| 587 |
-/sbin/unix_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) |
| 588 |
-/sbin/unix_update -- gen_context(system_u:object_r:updpwd_exec_t,s0) |
| 589 |
-/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0) |
| 590 |
-ifdef(`distro_suse', ` |
| 591 |
-/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) |
| 592 |
-') |
| 593 |
- |
| 594 |
/usr/bin/login -- gen_context(system_u:object_r:login_exec_t,s0) |
| 595 |
|
| 596 |
/usr/kerberos/sbin/login\.krb5 -- gen_context(system_u:object_r:login_exec_t,s0) |
| 597 |
@@ -29,6 +17,9 @@ ifdef(`distro_suse', ` |
| 598 |
/usr/sbin/unix_verify -- gen_context(system_u:object_r:chkpwd_exec_t,s0) |
| 599 |
/usr/sbin/utempter -- gen_context(system_u:object_r:utempter_exec_t,s0) |
| 600 |
/usr/sbin/validate -- gen_context(system_u:object_r:chkpwd_exec_t,s0) |
| 601 |
+ifdef(`distro_suse', ` |
| 602 |
+/usr/sbin/unix2_chkpwd -- gen_context(system_u:object_r:chkpwd_exec_t,s0) |
| 603 |
+') |
| 604 |
|
| 605 |
/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0) |
| 606 |
|
| 607 |
|
| 608 |
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te |
| 609 |
index afc873d..b427368 100644 |
| 610 |
--- a/policy/modules/system/authlogin.te |
| 611 |
+++ b/policy/modules/system/authlogin.te |
| 612 |
@@ -1,4 +1,4 @@ |
| 613 |
-policy_module(authlogin, 2.10.0) |
| 614 |
+policy_module(authlogin, 2.10.1) |
| 615 |
|
| 616 |
######################################## |
| 617 |
# |
| 618 |
|
| 619 |
diff --git a/policy/modules/system/clock.fc b/policy/modules/system/clock.fc |
| 620 |
index 2ec76e2..61e6fe5 100644 |
| 621 |
--- a/policy/modules/system/clock.fc |
| 622 |
+++ b/policy/modules/system/clock.fc |
| 623 |
@@ -1,6 +1,3 @@ |
| 624 |
- |
| 625 |
/etc/adjtime -- gen_context(system_u:object_r:adjtime_t,s0) |
| 626 |
|
| 627 |
-/sbin/hwclock -- gen_context(system_u:object_r:hwclock_exec_t,s0) |
| 628 |
- |
| 629 |
/usr/sbin/hwclock -- gen_context(system_u:object_r:hwclock_exec_t,s0) |
| 630 |
|
| 631 |
diff --git a/policy/modules/system/clock.te b/policy/modules/system/clock.te |
| 632 |
index 6a54f6e..288422b 100644 |
| 633 |
--- a/policy/modules/system/clock.te |
| 634 |
+++ b/policy/modules/system/clock.te |
| 635 |
@@ -1,4 +1,4 @@ |
| 636 |
-policy_module(clock, 1.9.0) |
| 637 |
+policy_module(clock, 1.9.1) |
| 638 |
|
| 639 |
######################################## |
| 640 |
# |
| 641 |
|
| 642 |
diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc |
| 643 |
index 1f6f5f7..5249a70 100644 |
| 644 |
--- a/policy/modules/system/fstools.fc |
| 645 |
+++ b/policy/modules/system/fstools.fc |
| 646 |
@@ -1,48 +1,3 @@ |
| 647 |
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 648 |
-/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 649 |
-/sbin/blockdev -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 650 |
-/sbin/cfdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 651 |
-/sbin/dosfsck -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 652 |
-/sbin/dump -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 653 |
-/sbin/dumpe2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 654 |
-/sbin/e2fsck -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 655 |
-/sbin/e4fsck -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 656 |
-/sbin/e2label -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 657 |
-/sbin/fdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 658 |
-/sbin/findfs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 659 |
-/sbin/fsck.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 660 |
-/sbin/hdparm -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 661 |
-/sbin/install-mbr -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 662 |
-/sbin/jfs_.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 663 |
-/sbin/losetup.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 664 |
-/sbin/lsraid -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 665 |
-/sbin/make_reiser4 -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 666 |
-/sbin/mkdosfs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 667 |
-/sbin/mke2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 668 |
-/sbin/mke4fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 669 |
-/sbin/mkfs.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 670 |
-/sbin/mkraid -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 671 |
-/sbin/mkreiserfs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 672 |
-/sbin/mkswap -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 673 |
-/sbin/parted -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 674 |
-/sbin/partprobe -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 675 |
-/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 676 |
-/sbin/raidautorun -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 677 |
-/sbin/raidstart -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 678 |
-/sbin/reiserfs(ck|tune) -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 679 |
-/sbin/resize.*fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 680 |
-/sbin/scsi_info -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 681 |
-/sbin/sfdisk -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 682 |
-/sbin/swapoff -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 683 |
-/sbin/swapon.* -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 684 |
-/sbin/tune2fs -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 685 |
-/sbin/zdb -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 686 |
-/sbin/zhack -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 687 |
-/sbin/zinject -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 688 |
-/sbin/zpios -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 689 |
-/sbin/zstreamdump -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 690 |
-/sbin/ztest -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 691 |
- |
| 692 |
/usr/bin/partition_uuid -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 693 |
/usr/bin/raw -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 694 |
/usr/bin/scsi_unique_id -- gen_context(system_u:object_r:fsadm_exec_t,s0) |
| 695 |
|
| 696 |
diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te |
| 697 |
index b2c7f9a..16bd067 100644 |
| 698 |
--- a/policy/modules/system/fstools.te |
| 699 |
+++ b/policy/modules/system/fstools.te |
| 700 |
@@ -1,4 +1,4 @@ |
| 701 |
-policy_module(fstools, 1.20.0) |
| 702 |
+policy_module(fstools, 1.20.1) |
| 703 |
|
| 704 |
######################################## |
| 705 |
# |
| 706 |
|
| 707 |
diff --git a/policy/modules/system/getty.fc b/policy/modules/system/getty.fc |
| 708 |
index 77dc825..07d2ada 100644 |
| 709 |
--- a/policy/modules/system/getty.fc |
| 710 |
+++ b/policy/modules/system/getty.fc |
| 711 |
@@ -1,8 +1,5 @@ |
| 712 |
- |
| 713 |
/etc/mgetty(/.*)? gen_context(system_u:object_r:getty_etc_t,s0) |
| 714 |
|
| 715 |
-/sbin/.*getty -- gen_context(system_u:object_r:getty_exec_t,s0) |
| 716 |
- |
| 717 |
/usr/sbin/.*getty -- gen_context(system_u:object_r:getty_exec_t,s0) |
| 718 |
|
| 719 |
/var/log/mgetty\.log.* -- gen_context(system_u:object_r:getty_log_t,s0) |
| 720 |
|
| 721 |
diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te |
| 722 |
index 3b849cb..af89899 100644 |
| 723 |
--- a/policy/modules/system/getty.te |
| 724 |
+++ b/policy/modules/system/getty.te |
| 725 |
@@ -1,4 +1,4 @@ |
| 726 |
-policy_module(getty, 1.12.0) |
| 727 |
+policy_module(getty, 1.12.1) |
| 728 |
|
| 729 |
######################################## |
| 730 |
# |
| 731 |
|
| 732 |
diff --git a/policy/modules/system/hostname.fc b/policy/modules/system/hostname.fc |
| 733 |
index 6d00f5c..83ddeb5 100644 |
| 734 |
--- a/policy/modules/system/hostname.fc |
| 735 |
+++ b/policy/modules/system/hostname.fc |
| 736 |
@@ -1,4 +1 @@ |
| 737 |
- |
| 738 |
-/bin/hostname -- gen_context(system_u:object_r:hostname_exec_t,s0) |
| 739 |
- |
| 740 |
/usr/bin/hostname -- gen_context(system_u:object_r:hostname_exec_t,s0) |
| 741 |
|
| 742 |
diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te |
| 743 |
index a25fdf2..f4036d8 100644 |
| 744 |
--- a/policy/modules/system/hostname.te |
| 745 |
+++ b/policy/modules/system/hostname.te |
| 746 |
@@ -1,4 +1,4 @@ |
| 747 |
-policy_module(hostname, 1.10.0) |
| 748 |
+policy_module(hostname, 1.10.1) |
| 749 |
|
| 750 |
######################################## |
| 751 |
# |
| 752 |
|
| 753 |
diff --git a/policy/modules/system/hotplug.fc b/policy/modules/system/hotplug.fc |
| 754 |
index 9ef3e9f..05e1d78 100644 |
| 755 |
--- a/policy/modules/system/hotplug.fc |
| 756 |
+++ b/policy/modules/system/hotplug.fc |
| 757 |
@@ -7,8 +7,5 @@ |
| 758 |
/run/usb(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0) |
| 759 |
/run/hotplug(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0) |
| 760 |
|
| 761 |
-/sbin/hotplug -- gen_context(system_u:object_r:hotplug_exec_t,s0) |
| 762 |
-/sbin/netplugd -- gen_context(system_u:object_r:hotplug_exec_t,s0) |
| 763 |
- |
| 764 |
/usr/sbin/hotplug -- gen_context(system_u:object_r:hotplug_exec_t,s0) |
| 765 |
/usr/sbin/netplugd -- gen_context(system_u:object_r:hotplug_exec_t,s0) |
| 766 |
|
| 767 |
diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te |
| 768 |
index 11a5bce..4572650 100644 |
| 769 |
--- a/policy/modules/system/hotplug.te |
| 770 |
+++ b/policy/modules/system/hotplug.te |
| 771 |
@@ -1,4 +1,4 @@ |
| 772 |
-policy_module(hotplug, 1.18.0) |
| 773 |
+policy_module(hotplug, 1.18.1) |
| 774 |
|
| 775 |
######################################## |
| 776 |
# |
| 777 |
|
| 778 |
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc |
| 779 |
index a5c9bfa..3e1365c 100644 |
| 780 |
--- a/policy/modules/system/init.fc |
| 781 |
+++ b/policy/modules/system/init.fc |
| 782 |
@@ -20,26 +20,6 @@ ifdef(`distro_gentoo',` |
| 783 |
/dev/initctl -p gen_context(system_u:object_r:initctl_t,s0) |
| 784 |
|
| 785 |
# |
| 786 |
-# /lib |
| 787 |
-# |
| 788 |
-/lib/systemd/systemd -- gen_context(system_u:object_r:init_exec_t,s0) |
| 789 |
- |
| 790 |
-ifdef(`distro_gentoo', ` |
| 791 |
-/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) |
| 792 |
-') |
| 793 |
- |
| 794 |
-# |
| 795 |
-# /sbin |
| 796 |
-# |
| 797 |
-/sbin/init(ng)? -- gen_context(system_u:object_r:init_exec_t,s0) |
| 798 |
-# because nowadays, /sbin/init is often a symlink to /sbin/upstart |
| 799 |
-/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0) |
| 800 |
- |
| 801 |
-ifdef(`distro_gentoo', ` |
| 802 |
-/sbin/rc -- gen_context(system_u:object_r:rc_exec_t,s0) |
| 803 |
-') |
| 804 |
- |
| 805 |
-# |
| 806 |
# /usr |
| 807 |
# |
| 808 |
/usr/bin/sepg_ctl -- gen_context(system_u:object_r:initrc_exec_t,s0) |
| 809 |
@@ -50,6 +30,11 @@ ifdef(`distro_gentoo', ` |
| 810 |
/usr/lib/systemd/ntp-units\.d -d gen_context(system_u:object_r:systemd_unit_t,s0) |
| 811 |
/usr/lib/systemd/system(/.*)? gen_context(system_u:object_r:systemd_unit_t,s0) |
| 812 |
|
| 813 |
+ifdef(`distro_gentoo', ` |
| 814 |
+/usr/lib/rc/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) |
| 815 |
+') |
| 816 |
+ |
| 817 |
+ |
| 818 |
/usr/libexec/dcc/start-.* -- gen_context(system_u:object_r:initrc_exec_t,s0) |
| 819 |
/usr/libexec/dcc/stop-.* -- gen_context(system_u:object_r:initrc_exec_t,s0) |
| 820 |
|
| 821 |
@@ -58,6 +43,10 @@ ifdef(`distro_gentoo', ` |
| 822 |
/usr/sbin/open_init_pty -- gen_context(system_u:object_r:initrc_exec_t,s0) |
| 823 |
/usr/sbin/upstart -- gen_context(system_u:object_r:init_exec_t,s0) |
| 824 |
|
| 825 |
+ifdef(`distro_gentoo', ` |
| 826 |
+/usr/sbin/rc -- gen_context(system_u:object_r:rc_exec_t,s0) |
| 827 |
+') |
| 828 |
+ |
| 829 |
# |
| 830 |
# /var |
| 831 |
# |
| 832 |
|
| 833 |
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te |
| 834 |
index 3b7eea2..c688c89 100644 |
| 835 |
--- a/policy/modules/system/init.te |
| 836 |
+++ b/policy/modules/system/init.te |
| 837 |
@@ -1,4 +1,4 @@ |
| 838 |
-policy_module(init, 2.2.0) |
| 839 |
+policy_module(init, 2.2.1) |
| 840 |
|
| 841 |
gen_require(` |
| 842 |
class passwd rootok; |
| 843 |
|
| 844 |
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc |
| 845 |
index d741318..a1fb308 100644 |
| 846 |
--- a/policy/modules/system/ipsec.fc |
| 847 |
+++ b/policy/modules/system/ipsec.fc |
| 848 |
@@ -18,8 +18,6 @@ |
| 849 |
/etc/swanctl -d gen_context(system_u:object_r:ipsec_conf_file_t,s0) |
| 850 |
/etc/swanctl/swanctl.conf -- gen_context(system_u:object_r:ipsec_conf_file_t,s0) |
| 851 |
|
| 852 |
-/sbin/setkey -- gen_context(system_u:object_r:setkey_exec_t,s0) |
| 853 |
- |
| 854 |
/usr/lib/ipsec/_plutoload -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0) |
| 855 |
/usr/lib/ipsec/_plutorun -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0) |
| 856 |
/usr/lib/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0) |
| 857 |
|
| 858 |
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te |
| 859 |
index 012d463..6801811 100644 |
| 860 |
--- a/policy/modules/system/ipsec.te |
| 861 |
+++ b/policy/modules/system/ipsec.te |
| 862 |
@@ -1,4 +1,4 @@ |
| 863 |
-policy_module(ipsec, 1.17.0) |
| 864 |
+policy_module(ipsec, 1.17.1) |
| 865 |
|
| 866 |
######################################## |
| 867 |
# |
| 868 |
|
| 869 |
diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc |
| 870 |
index 70790fc..01b404f 100644 |
| 871 |
--- a/policy/modules/system/iptables.fc |
| 872 |
+++ b/policy/modules/system/iptables.fc |
| 873 |
@@ -4,19 +4,6 @@ |
| 874 |
/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0) |
| 875 |
/etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:iptables_conf_t,s0) |
| 876 |
|
| 877 |
-/sbin/ebtables -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 878 |
-/sbin/ebtables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 879 |
-/sbin/ipchains.* -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 880 |
-/sbin/ipset -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 881 |
-/sbin/ip6?tables -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 882 |
-/sbin/ip6?tables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 883 |
-/sbin/ip6?tables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 884 |
-/sbin/ipvsadm -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 885 |
-/sbin/ipvsadm-restore -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 886 |
-/sbin/ipvsadm-save -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 887 |
-/sbin/nft -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 888 |
-/sbin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0) |
| 889 |
- |
| 890 |
/usr/lib/systemd/system/[^/]*arptables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) |
| 891 |
/usr/lib/systemd/system/[^/]*ebtables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) |
| 892 |
/usr/lib/systemd/system/[^/]*ip6tables.* -- gen_context(system_u:object_r:iptables_unit_t,s0) |
| 893 |
|
| 894 |
diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te |
| 895 |
index 6ad95f4..e062e44 100644 |
| 896 |
--- a/policy/modules/system/iptables.te |
| 897 |
+++ b/policy/modules/system/iptables.te |
| 898 |
@@ -1,4 +1,4 @@ |
| 899 |
-policy_module(iptables, 1.18.0) |
| 900 |
+policy_module(iptables, 1.18.1) |
| 901 |
|
| 902 |
######################################## |
| 903 |
# |
| 904 |
|
| 905 |
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc |
| 906 |
index 126e120..1bac965 100644 |
| 907 |
--- a/policy/modules/system/libraries.fc |
| 908 |
+++ b/policy/modules/system/libraries.fc |
| 909 |
@@ -33,16 +33,6 @@ ifdef(`distro_redhat',` |
| 910 |
/etc/ppp/plugins/rp-pppoe\.so -- gen_context(system_u:object_r:lib_t,s0) |
| 911 |
|
| 912 |
# |
| 913 |
-# /lib(64)? |
| 914 |
-# |
| 915 |
-/lib -d gen_context(system_u:object_r:lib_t,s0) |
| 916 |
-/lib -l gen_context(system_u:object_r:lib_t,s0) |
| 917 |
-/lib/.* gen_context(system_u:object_r:lib_t,s0) |
| 918 |
-/lib/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) |
| 919 |
- |
| 920 |
-/lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) |
| 921 |
- |
| 922 |
-# |
| 923 |
# /opt |
| 924 |
# |
| 925 |
/opt/.*\.so gen_context(system_u:object_r:lib_t,s0) |
| 926 |
@@ -91,13 +81,11 @@ ifdef(`distro_redhat',` |
| 927 |
') |
| 928 |
|
| 929 |
# |
| 930 |
-# /sbin |
| 931 |
-# |
| 932 |
-/sbin/ldconfig -- gen_context(system_u:object_r:ldconfig_exec_t,s0) |
| 933 |
- |
| 934 |
-# |
| 935 |
# /usr |
| 936 |
# |
| 937 |
+/usr/lib gen_context(system_u:object_r:lib_t,s0) |
| 938 |
+/usr/lib/.* gen_context(system_u:object_r:lib_t,s0) |
| 939 |
+ |
| 940 |
/usr/(.*/)?/HelixPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) |
| 941 |
/usr/(.*/)?/RealPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) |
| 942 |
|
| 943 |
@@ -108,8 +96,8 @@ ifdef(`distro_redhat',` |
| 944 |
/usr/(.*/)?lib(/.*)? gen_context(system_u:object_r:lib_t,s0) |
| 945 |
/usr/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) |
| 946 |
|
| 947 |
-/usr/(.*/)?lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) |
| 948 |
-/usr/(.*/)?lib64(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) |
| 949 |
+/usr/lib/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) |
| 950 |
+/usr/lib/(.*/)?ld-[^/]*\.so(\.[^/]*)? -- gen_context(system_u:object_r:ld_so_t,s0) |
| 951 |
|
| 952 |
/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) |
| 953 |
|
| 954 |
@@ -167,14 +155,6 @@ ifdef(`distro_debian',` |
| 955 |
/usr/lib/xorg/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) |
| 956 |
/usr/x11R6/lib/modules/extensions/libglx\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) |
| 957 |
|
| 958 |
-ifdef(`distro_debian',` |
| 959 |
-/usr/lib -l gen_context(system_u:object_r:lib_t,s0) |
| 960 |
-') |
| 961 |
- |
| 962 |
-ifdef(`distro_gentoo',` |
| 963 |
-/usr/lib -l gen_context(system_u:object_r:lib_t,s0) |
| 964 |
-') |
| 965 |
- |
| 966 |
/usr/sbin/ldconfig -- gen_context(system_u:object_r:ldconfig_exec_t,s0) |
| 967 |
|
| 968 |
ifdef(`distro_redhat',` |
| 969 |
|
| 970 |
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te |
| 971 |
index ef8780c..bf5a9b6 100644 |
| 972 |
--- a/policy/modules/system/libraries.te |
| 973 |
+++ b/policy/modules/system/libraries.te |
| 974 |
@@ -1,4 +1,4 @@ |
| 975 |
-policy_module(libraries, 2.14.0) |
| 976 |
+policy_module(libraries, 2.14.1) |
| 977 |
|
| 978 |
######################################## |
| 979 |
# |
| 980 |
|
| 981 |
diff --git a/policy/modules/system/locallogin.fc b/policy/modules/system/locallogin.fc |
| 982 |
index 06b5de6..755e304 100644 |
| 983 |
--- a/policy/modules/system/locallogin.fc |
| 984 |
+++ b/policy/modules/system/locallogin.fc |
| 985 |
@@ -1,6 +1,2 @@ |
| 986 |
- |
| 987 |
-/sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0) |
| 988 |
-/sbin/sushell -- gen_context(system_u:object_r:sulogin_exec_t,s0) |
| 989 |
- |
| 990 |
/usr/sbin/sulogin -- gen_context(system_u:object_r:sulogin_exec_t,s0) |
| 991 |
/usr/sbin/sushell -- gen_context(system_u:object_r:sulogin_exec_t,s0) |
| 992 |
|
| 993 |
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te |
| 994 |
index eb645f4..8748ca8 100644 |
| 995 |
--- a/policy/modules/system/locallogin.te |
| 996 |
+++ b/policy/modules/system/locallogin.te |
| 997 |
@@ -1,4 +1,4 @@ |
| 998 |
-policy_module(locallogin, 1.15.0) |
| 999 |
+policy_module(locallogin, 1.15.1) |
| 1000 |
|
| 1001 |
######################################## |
| 1002 |
# |
| 1003 |
|
| 1004 |
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc |
| 1005 |
index c5b20f7..6258954 100644 |
| 1006 |
--- a/policy/modules/system/logging.fc |
| 1007 |
+++ b/policy/modules/system/logging.fc |
| 1008 |
@@ -6,17 +6,6 @@ |
| 1009 |
/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0) |
| 1010 |
/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) |
| 1011 |
|
| 1012 |
-/sbin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0) |
| 1013 |
-/sbin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0) |
| 1014 |
-/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0) |
| 1015 |
-/sbin/auditd -- gen_context(system_u:object_r:auditd_exec_t,s0) |
| 1016 |
-/sbin/klogd -- gen_context(system_u:object_r:klogd_exec_t,s0) |
| 1017 |
-/sbin/minilogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) |
| 1018 |
-/sbin/rklogd -- gen_context(system_u:object_r:klogd_exec_t,s0) |
| 1019 |
-/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) |
| 1020 |
-/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0) |
| 1021 |
-/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0) |
| 1022 |
- |
| 1023 |
/usr/lib/systemd/system/auditd.* -- gen_context(system_u:object_r:auditd_unit_t,s0) |
| 1024 |
/usr/lib/systemd/system/[^/]*systemd-journal.* -- gen_context(system_u:object_r:syslogd_unit_t,s0) |
| 1025 |
/usr/lib/systemd/systemd-journald -- gen_context(system_u:object_r:syslogd_exec_t,s0) |
| 1026 |
|
| 1027 |
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te |
| 1028 |
index 311d0a0..9232f26 100644 |
| 1029 |
--- a/policy/modules/system/logging.te |
| 1030 |
+++ b/policy/modules/system/logging.te |
| 1031 |
@@ -1,4 +1,4 @@ |
| 1032 |
-policy_module(logging, 1.25.0) |
| 1033 |
+policy_module(logging, 1.25.1) |
| 1034 |
|
| 1035 |
######################################## |
| 1036 |
# |
| 1037 |
|
| 1038 |
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc |
| 1039 |
index 48c2df1..8f4988e 100644 |
| 1040 |
--- a/policy/modules/system/lvm.fc |
| 1041 |
+++ b/policy/modules/system/lvm.fc |
| 1042 |
@@ -1,16 +1,8 @@ |
| 1043 |
- |
| 1044 |
# LVM creates lock files in /var before /var is mounted |
| 1045 |
# configure LVM to put lockfiles in /etc/lvm/lock instead |
| 1046 |
# for this policy to work (unless you have no separate /var) |
| 1047 |
|
| 1048 |
# |
| 1049 |
-# /bin |
| 1050 |
-# |
| 1051 |
-ifdef(`distro_gentoo',` |
| 1052 |
-/bin/cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1053 |
-') |
| 1054 |
- |
| 1055 |
-# |
| 1056 |
# /dev |
| 1057 |
# |
| 1058 |
/dev/.lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0) |
| 1059 |
@@ -29,71 +21,12 @@ ifdef(`distro_gentoo',` |
| 1060 |
/etc/lvmtab\.d(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) |
| 1061 |
|
| 1062 |
# |
| 1063 |
-# /lib |
| 1064 |
-# |
| 1065 |
-/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1066 |
-/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1067 |
-/lib/udev/udisks-lvm-pv-export -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1068 |
- |
| 1069 |
-# |
| 1070 |
-# /sbin |
| 1071 |
-# |
| 1072 |
-/sbin/cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1073 |
-/sbin/dmraid -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1074 |
-/sbin/dmsetup -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1075 |
-/sbin/dmsetup\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1076 |
-/sbin/e2fsadm -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1077 |
-/sbin/lvchange -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1078 |
-/sbin/lvcreate -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1079 |
-/sbin/lvdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1080 |
-/sbin/lvextend -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1081 |
-/sbin/lvm -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1082 |
-/sbin/lvm\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1083 |
-/sbin/lvmchange -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1084 |
-/sbin/lvmdiskscan -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1085 |
-/sbin/lvmiopversion -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1086 |
-/sbin/lvmsadc -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1087 |
-/sbin/lvmsar -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1088 |
-/sbin/lvreduce -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1089 |
-/sbin/lvremove -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1090 |
-/sbin/lvrename -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1091 |
-/sbin/lvresize -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1092 |
-/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1093 |
-/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1094 |
-/sbin/multipathd -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1095 |
-/sbin/multipath\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1096 |
-/sbin/pvchange -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1097 |
-/sbin/pvcreate -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1098 |
-/sbin/pvdata -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1099 |
-/sbin/pvdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1100 |
-/sbin/pvmove -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1101 |
-/sbin/pvremove -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1102 |
-/sbin/pvs -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1103 |
-/sbin/pvscan -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1104 |
-/sbin/vgcfgbackup -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1105 |
-/sbin/vgcfgrestore -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1106 |
-/sbin/vgchange -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1107 |
-/sbin/vgchange\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1108 |
-/sbin/vgck -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1109 |
-/sbin/vgcreate -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1110 |
-/sbin/vgdisplay -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1111 |
-/sbin/vgexport -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1112 |
-/sbin/vgextend -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1113 |
-/sbin/vgimport -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1114 |
-/sbin/vgmerge -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1115 |
-/sbin/vgmknodes -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1116 |
-/sbin/vgreduce -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1117 |
-/sbin/vgremove -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1118 |
-/sbin/vgrename -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1119 |
-/sbin/vgs -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1120 |
-/sbin/vgscan -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1121 |
-/sbin/vgscan\.static -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1122 |
-/sbin/vgsplit -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1123 |
-/sbin/vgwrapper -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1124 |
- |
| 1125 |
-# |
| 1126 |
# /usr |
| 1127 |
# |
| 1128 |
+ifdef(`distro_gentoo',` |
| 1129 |
+/usr/bin/cryptsetup -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1130 |
+') |
| 1131 |
+ |
| 1132 |
/usr/lib/lvm-10/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1133 |
/usr/lib/lvm-200/.* -- gen_context(system_u:object_r:lvm_exec_t,s0) |
| 1134 |
/usr/lib/systemd/system/blk-availability.* -- gen_context(system_u:object_r:lvm_unit_t,s0) |
| 1135 |
|
| 1136 |
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te |
| 1137 |
index a179b18..3dc2dca 100644 |
| 1138 |
--- a/policy/modules/system/lvm.te |
| 1139 |
+++ b/policy/modules/system/lvm.te |
| 1140 |
@@ -1,4 +1,4 @@ |
| 1141 |
-policy_module(lvm, 1.19.0) |
| 1142 |
+policy_module(lvm, 1.19.1) |
| 1143 |
|
| 1144 |
######################################## |
| 1145 |
# |
| 1146 |
|
| 1147 |
diff --git a/policy/modules/system/modutils.fc b/policy/modules/system/modutils.fc |
| 1148 |
index 410e4b7..b12547a 100644 |
| 1149 |
--- a/policy/modules/system/modutils.fc |
| 1150 |
+++ b/policy/modules/system/modutils.fc |
| 1151 |
@@ -1,5 +1,3 @@ |
| 1152 |
-/bin/kmod -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1153 |
- |
| 1154 |
/etc/modules\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0) |
| 1155 |
/etc/modprobe\.conf.* -- gen_context(system_u:object_r:modules_conf_t,s0) |
| 1156 |
/etc/modprobe\.d(/.*)? gen_context(system_u:object_r:modules_conf_t,s0) |
| 1157 |
@@ -10,22 +8,11 @@ ifdef(`distro_gentoo',` |
| 1158 |
/etc/modprobe.devfs.* -- gen_context(system_u:object_r:modules_conf_t,s0) |
| 1159 |
') |
| 1160 |
|
| 1161 |
-/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0) |
| 1162 |
- |
| 1163 |
-/lib/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0) |
| 1164 |
- |
| 1165 |
/run/tmpfiles\.d/kmod\.conf -- gen_context(system_u:object_r:kmod_var_run_t,s0) |
| 1166 |
|
| 1167 |
-/sbin/depmod.* -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1168 |
-/sbin/generate-modprobe\.conf -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1169 |
-/sbin/insmod.* -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1170 |
-/sbin/modprobe.* -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1171 |
-/sbin/modules-update -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1172 |
-/sbin/rmmod.* -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1173 |
-/sbin/update-modules -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1174 |
- |
| 1175 |
/usr/bin/kmod -- gen_context(system_u:object_r:kmod_exec_t,s0) |
| 1176 |
|
| 1177 |
+/usr/lib/modules(/.*)? gen_context(system_u:object_r:modules_object_t,s0) |
| 1178 |
/usr/lib/modules/[^/]+/modules\..+ -- gen_context(system_u:object_r:modules_dep_t,s0) |
| 1179 |
/usr/lib/modules/modprobe\.conf -- gen_context(system_u:object_r:modules_conf_t,s0) |
| 1180 |
|
| 1181 |
|
| 1182 |
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te |
| 1183 |
index a76339b..901cdea 100644 |
| 1184 |
--- a/policy/modules/system/modutils.te |
| 1185 |
+++ b/policy/modules/system/modutils.te |
| 1186 |
@@ -1,4 +1,4 @@ |
| 1187 |
-policy_module(modutils, 1.17.0) |
| 1188 |
+policy_module(modutils, 1.17.1) |
| 1189 |
|
| 1190 |
######################################## |
| 1191 |
# |
| 1192 |
|
| 1193 |
diff --git a/policy/modules/system/mount.fc b/policy/modules/system/mount.fc |
| 1194 |
index 182d0fd..39ea6f5 100644 |
| 1195 |
--- a/policy/modules/system/mount.fc |
| 1196 |
+++ b/policy/modules/system/mount.fc |
| 1197 |
@@ -1,11 +1,3 @@ |
| 1198 |
-/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1199 |
-/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1200 |
-/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1201 |
- |
| 1202 |
-/sbin/mount\.zfs -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1203 |
-/sbin/zfs -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1204 |
-/sbin/zpool -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1205 |
- |
| 1206 |
/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1207 |
/usr/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1208 |
/usr/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0) |
| 1209 |
|
| 1210 |
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te |
| 1211 |
index 0d20a69..fc25ee0 100644 |
| 1212 |
--- a/policy/modules/system/mount.te |
| 1213 |
+++ b/policy/modules/system/mount.te |
| 1214 |
@@ -1,4 +1,4 @@ |
| 1215 |
-policy_module(mount, 1.19.0) |
| 1216 |
+policy_module(mount, 1.19.1) |
| 1217 |
|
| 1218 |
######################################## |
| 1219 |
# |
| 1220 |
|
| 1221 |
diff --git a/policy/modules/system/netlabel.fc b/policy/modules/system/netlabel.fc |
| 1222 |
index 9348c8c..f44bf7a 100644 |
| 1223 |
--- a/policy/modules/system/netlabel.fc |
| 1224 |
+++ b/policy/modules/system/netlabel.fc |
| 1225 |
@@ -1,3 +1 @@ |
| 1226 |
-/sbin/netlabelctl -- gen_context(system_u:object_r:netlabel_mgmt_exec_t,s0) |
| 1227 |
- |
| 1228 |
/usr/sbin/netlabelctl -- gen_context(system_u:object_r:netlabel_mgmt_exec_t,s0) |
| 1229 |
|
| 1230 |
diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te |
| 1231 |
index c0a73af..bff50bd 100644 |
| 1232 |
--- a/policy/modules/system/netlabel.te |
| 1233 |
+++ b/policy/modules/system/netlabel.te |
| 1234 |
@@ -1,4 +1,4 @@ |
| 1235 |
-policy_module(netlabel, 1.5.0) |
| 1236 |
+policy_module(netlabel, 1.5.1) |
| 1237 |
|
| 1238 |
######################################## |
| 1239 |
# |
| 1240 |
|
| 1241 |
diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc |
| 1242 |
index 1c5d836..8159897 100644 |
| 1243 |
--- a/policy/modules/system/selinuxutil.fc |
| 1244 |
+++ b/policy/modules/system/selinuxutil.fc |
| 1245 |
@@ -20,13 +20,6 @@ |
| 1246 |
/root/\.default_contexts -- gen_context(system_u:object_r:default_context_t,s0) |
| 1247 |
|
| 1248 |
# |
| 1249 |
-# /sbin |
| 1250 |
-# |
| 1251 |
-/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0) |
| 1252 |
-/sbin/restorecon -- gen_context(system_u:object_r:setfiles_exec_t,s0) |
| 1253 |
-/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0) |
| 1254 |
- |
| 1255 |
-# |
| 1256 |
# /usr |
| 1257 |
# |
| 1258 |
/usr/bin/checkpolicy -- gen_context(system_u:object_r:checkpolicy_exec_t,s0) |
| 1259 |
|
| 1260 |
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te |
| 1261 |
index 1117206..ed15375 100644 |
| 1262 |
--- a/policy/modules/system/selinuxutil.te |
| 1263 |
+++ b/policy/modules/system/selinuxutil.te |
| 1264 |
@@ -1,4 +1,4 @@ |
| 1265 |
-policy_module(selinuxutil, 1.22.0) |
| 1266 |
+policy_module(selinuxutil, 1.22.1) |
| 1267 |
|
| 1268 |
gen_require(` |
| 1269 |
bool secure_mode; |
| 1270 |
|
| 1271 |
diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc |
| 1272 |
index 2ed445d..6e60bbe 100644 |
| 1273 |
--- a/policy/modules/system/setrans.fc |
| 1274 |
+++ b/policy/modules/system/setrans.fc |
| 1275 |
@@ -2,8 +2,6 @@ |
| 1276 |
|
| 1277 |
/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh) |
| 1278 |
|
| 1279 |
-/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0) |
| 1280 |
- |
| 1281 |
/usr/lib/systemd/system/mcstrans.*\.service -- gen_context(system_u:object_r:setrans_unit_t,s0) |
| 1282 |
|
| 1283 |
/usr/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0) |
| 1284 |
|
| 1285 |
diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te |
| 1286 |
index ffd287c..c68f97e 100644 |
| 1287 |
--- a/policy/modules/system/setrans.te |
| 1288 |
+++ b/policy/modules/system/setrans.te |
| 1289 |
@@ -1,4 +1,4 @@ |
| 1290 |
-policy_module(setrans, 1.13.0) |
| 1291 |
+policy_module(setrans, 1.13.1) |
| 1292 |
|
| 1293 |
gen_require(` |
| 1294 |
class context contains; |
| 1295 |
|
| 1296 |
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc |
| 1297 |
index 1847cc5..a295f46 100644 |
| 1298 |
--- a/policy/modules/system/sysnetwork.fc |
| 1299 |
+++ b/policy/modules/system/sysnetwork.fc |
| 1300 |
@@ -1,11 +1,5 @@ |
| 1301 |
|
| 1302 |
# |
| 1303 |
-# /bin |
| 1304 |
-# |
| 1305 |
-/bin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1306 |
-/bin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1307 |
- |
| 1308 |
-# |
| 1309 |
# /dev |
| 1310 |
# |
| 1311 |
ifdef(`distro_debian',` |
| 1312 |
@@ -37,24 +31,6 @@ ifdef(`distro_redhat',` |
| 1313 |
') |
| 1314 |
|
| 1315 |
# |
| 1316 |
-# /sbin |
| 1317 |
-# |
| 1318 |
-/sbin/dhclient.* -- gen_context(system_u:object_r:dhcpc_exec_t,s0) |
| 1319 |
-/sbin/dhcdbd -- gen_context(system_u:object_r:dhcpc_exec_t,s0) |
| 1320 |
-/sbin/dhcpcd -- gen_context(system_u:object_r:dhcpc_exec_t,s0) |
| 1321 |
-/sbin/ethtool -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1322 |
-/sbin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1323 |
-/sbin/ip -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1324 |
-/sbin/ipx_configure -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1325 |
-/sbin/ipx_interface -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1326 |
-/sbin/ipx_internal_net -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1327 |
-/sbin/iw -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1328 |
-/sbin/iwconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1329 |
-/sbin/mii-tool -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1330 |
-/sbin/pump -- gen_context(system_u:object_r:dhcpc_exec_t,s0) |
| 1331 |
-/sbin/tc -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1332 |
- |
| 1333 |
-# |
| 1334 |
# /usr |
| 1335 |
# |
| 1336 |
/usr/bin/ifconfig -- gen_context(system_u:object_r:ifconfig_exec_t,s0) |
| 1337 |
|
| 1338 |
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te |
| 1339 |
index eb01183..fffa6ab 100644 |
| 1340 |
--- a/policy/modules/system/sysnetwork.te |
| 1341 |
+++ b/policy/modules/system/sysnetwork.te |
| 1342 |
@@ -1,4 +1,4 @@ |
| 1343 |
-policy_module(sysnetwork, 1.20.0) |
| 1344 |
+policy_module(sysnetwork, 1.20.1) |
| 1345 |
|
| 1346 |
######################################## |
| 1347 |
# |
| 1348 |
|
| 1349 |
diff --git a/policy/modules/system/systemd.fc b/policy/modules/system/systemd.fc |
| 1350 |
index b6a8656..a3b3767 100644 |
| 1351 |
--- a/policy/modules/system/systemd.fc |
| 1352 |
+++ b/policy/modules/system/systemd.fc |
| 1353 |
@@ -1,13 +1,3 @@ |
| 1354 |
-/bin/systemd-analyze -- gen_context(system_u:object_r:systemd_analyze_exec_t,s0) |
| 1355 |
-/bin/systemd-cgtop -- gen_context(system_u:object_r:systemd_cgtop_exec_t,s0) |
| 1356 |
-/bin/systemd-coredump -- gen_context(system_u:object_r:systemd_coredump_exec_t,s0) |
| 1357 |
-/bin/systemd-detect-virt -- gen_context(system_u:object_r:systemd_detect_virt_exec_t,s0) |
| 1358 |
-/bin/systemd-nspawn -- gen_context(system_u:object_r:systemd_nspawn_exec_t,s0) |
| 1359 |
-/bin/systemd-run -- gen_context(system_u:object_r:systemd_run_exec_t,s0) |
| 1360 |
-/bin/systemd-stdio-bridge -- gen_context(system_u:object_r:systemd_stdio_bridge_exec_t,s0) |
| 1361 |
-/bin/systemd-tmpfiles -- gen_context(system_u:object_r:systemd_tmpfiles_exec_t,s0) |
| 1362 |
-/bin/systemd-tty-ask-password-agent -- gen_context(system_u:object_r:systemd_passwd_agent_exec_t,s0) |
| 1363 |
- |
| 1364 |
/usr/bin/systemd-analyze -- gen_context(system_u:object_r:systemd_analyze_exec_t,s0) |
| 1365 |
/usr/bin/systemd-cgtop -- gen_context(system_u:object_r:systemd_cgtop_exec_t,s0) |
| 1366 |
/usr/bin/systemd-coredump -- gen_context(system_u:object_r:systemd_coredump_exec_t,s0) |
| 1367 |
|
| 1368 |
diff --git a/policy/modules/system/systemd.te b/policy/modules/system/systemd.te |
| 1369 |
index 17afc50..48e9ee1 100644 |
| 1370 |
--- a/policy/modules/system/systemd.te |
| 1371 |
+++ b/policy/modules/system/systemd.te |
| 1372 |
@@ -1,4 +1,4 @@ |
| 1373 |
-policy_module(systemd, 1.3.0) |
| 1374 |
+policy_module(systemd, 1.3.1) |
| 1375 |
|
| 1376 |
######################################### |
| 1377 |
# |
| 1378 |
|
| 1379 |
diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc |
| 1380 |
index 698d1dd..6801d63 100644 |
| 1381 |
--- a/policy/modules/system/udev.fc |
| 1382 |
+++ b/policy/modules/system/udev.fc |
| 1383 |
@@ -9,26 +9,16 @@ |
| 1384 |
/etc/udev/rules.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0) |
| 1385 |
/etc/udev/scripts/.+ -- gen_context(system_u:object_r:udev_helper_exec_t,s0) |
| 1386 |
|
| 1387 |
-/lib/udev/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1388 |
+/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1389 |
|
| 1390 |
ifdef(`distro_debian',` |
| 1391 |
-/bin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1392 |
-/lib/udev/create_static_nodes -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1393 |
+/usr/bin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1394 |
') |
| 1395 |
|
| 1396 |
-/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1397 |
-/sbin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1398 |
-/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1399 |
-/sbin/udevsend -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1400 |
-/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1401 |
-/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1402 |
- |
| 1403 |
-ifdef(`distro_redhat',` |
| 1404 |
-/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1405 |
+ifdef(`distro_debian',` |
| 1406 |
+/usr/lib/udev/create_static_nodes -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1407 |
') |
| 1408 |
|
| 1409 |
-/usr/bin/udevinfo -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1410 |
- |
| 1411 |
/usr/sbin/udev -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1412 |
/usr/sbin/udevadm -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1413 |
/usr/sbin/udevd -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1414 |
@@ -36,6 +26,10 @@ ifdef(`distro_redhat',` |
| 1415 |
/usr/sbin/udevstart -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1416 |
/usr/sbin/wait_for_sysfs -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1417 |
|
| 1418 |
+ifdef(`distro_redhat',` |
| 1419 |
+/usr/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1420 |
+') |
| 1421 |
+ |
| 1422 |
/usr/lib/systemd/systemd-udevd -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1423 |
/usr/lib/udev/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1424 |
|
| 1425 |
@@ -44,7 +38,6 @@ ifdef(`distro_redhat',` |
| 1426 |
/run/udev(/.*)? gen_context(system_u:object_r:udev_var_run_t,s0) |
| 1427 |
|
| 1428 |
ifdef(`distro_debian',` |
| 1429 |
-/lib/systemd/systemd-udevd -- gen_context(system_u:object_r:udev_exec_t,s0) |
| 1430 |
/run/xen-hotplug -d gen_context(system_u:object_r:udev_var_run_t,s0) |
| 1431 |
') |
| 1432 |
|
| 1433 |
|
| 1434 |
diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te |
| 1435 |
index 44f674f..d42ac73 100644 |
| 1436 |
--- a/policy/modules/system/udev.te |
| 1437 |
+++ b/policy/modules/system/udev.te |
| 1438 |
@@ -1,4 +1,4 @@ |
| 1439 |
-policy_module(udev, 1.21.0) |
| 1440 |
+policy_module(udev, 1.21.1) |
| 1441 |
|
| 1442 |
######################################## |
| 1443 |
# |
Archives