Introduce the substitutions for the /usr/local/lib* locations (towards /usr/lib)
and /etc/init.d (towards /etc/rc.d/init.d).
Update the file contexts of the translated locations.
Rebased (collided with Guido's patch for commenting within the
file_contexts.subs_dist file) since v3.
Signed-off-by: Sven Vermeulen <[email protected]>
---
config/file_contexts.subs_dist | 4 ++++
policy/modules/kernel/corecommands.fc | 3 ---
policy/modules/kernel/files.fc | 2 +-
policy/modules/services/xserver.fc | 4 ++--
policy/modules/system/init.fc | 2 --
policy/modules/system/ipsec.fc | 5 -----
policy/modules/system/libraries.fc | 1 -
7 files changed, 7 insertions(+), 14 deletions(-)
diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
index a31a721..70083d7 100644
--- a/config/file_contexts.subs_dist
+++ b/config/file_contexts.subs_dist
@@ -8,10 +8,14 @@
# It does not perform substitutions as done by sed(1), for
# example, but aliasing.
#
+/etc/init.d /etc/rc.d/init.d
/lib32 /lib
/lib64 /lib
/run /var/run
/run/lock /var/lock
/usr/lib32 /usr/lib
/usr/lib64 /usr/lib
+/usr/local/lib32 /usr/lib
+/usr/local/lib64 /usr/lib
+/usr/local/lib/ /usr/lib/
/var/run/lock /var/lock
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 16b3f1b..9020aa1 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -66,8 +66,6 @@ ifdef(`distro_redhat',`
/etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:bin_t,s0)
/etc/hotplug\.d/default/default.* gen_context(system_u:object_r:bin_t,s0)
-/etc/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
-
/etc/kde/env(/.*)? gen_context(system_u:object_r:bin_t,s0)
/etc/kde/shutdown(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -257,7 +255,6 @@ ifdef(`distro_gentoo',`
/usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
-/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
/usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index 8796ca3..1975fc4 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -84,7 +84,7 @@ ifdef(`distro_redhat',`
ifdef(`distro_suse',`
/etc/defkeymap\.map -- gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/rc\.d/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
')
#
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index fc86b7c..be8f670 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -22,13 +22,13 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
/etc/gdm/PreSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/gdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
-/etc/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)
-
/etc/kde[34]?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/kde[34]?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/kde[34]?/kdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/kde[34]?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0)
+/etc/rc\.d/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)
+
/etc/X11/[wx]dm/Xreset.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/X11/[wxg]dm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
/etc/X11/wdm(/.*)? gen_context(system_u:object_r:xdm_rw_etc_t,s0)
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index d2e40b8..03e27db 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -1,8 +1,6 @@
#
# /etc
#
-/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
-
/etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
/etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0)
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
index ec85acb..662e79b 100644
--- a/policy/modules/system/ipsec.fc
+++ b/policy/modules/system/ipsec.fc
@@ -27,11 +27,6 @@
/usr/libexec/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/libexec/nm-openswan-service -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
-/usr/local/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-
/usr/sbin/ipsec -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
/usr/sbin/racoon -- gen_context(system_u:object_r:racoon_exec_t,s0)
/usr/sbin/setkey -- gen_context(system_u:object_r:setkey_exec_t,s0)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index ef8bbaf..f302477 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -242,7 +242,6 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_
/usr/lib.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/local(/.*)?/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
/usr/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.*/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
--
1.7.8.6
On 08/15/12 10:12, Sven Vermeulen wrote:
> Introduce the substitutions for the /usr/local/lib* locations (towards /usr/lib)
> and /etc/init.d (towards /etc/rc.d/init.d).
>
> Update the file contexts of the translated locations.
>
> Rebased (collided with Guido's patch for commenting within the
> file_contexts.subs_dist file) since v3.
Merged.
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> config/file_contexts.subs_dist | 4 ++++
> policy/modules/kernel/corecommands.fc | 3 ---
> policy/modules/kernel/files.fc | 2 +-
> policy/modules/services/xserver.fc | 4 ++--
> policy/modules/system/init.fc | 2 --
> policy/modules/system/ipsec.fc | 5 -----
> policy/modules/system/libraries.fc | 1 -
> 7 files changed, 7 insertions(+), 14 deletions(-)
>
> diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
> index a31a721..70083d7 100644
> --- a/config/file_contexts.subs_dist
> +++ b/config/file_contexts.subs_dist
> @@ -8,10 +8,14 @@
> # It does not perform substitutions as done by sed(1), for
> # example, but aliasing.
> #
> +/etc/init.d /etc/rc.d/init.d
> /lib32 /lib
> /lib64 /lib
> /run /var/run
> /run/lock /var/lock
> /usr/lib32 /usr/lib
> /usr/lib64 /usr/lib
> +/usr/local/lib32 /usr/lib
> +/usr/local/lib64 /usr/lib
> +/usr/local/lib/ /usr/lib/
> /var/run/lock /var/lock
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index 16b3f1b..9020aa1 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -66,8 +66,6 @@ ifdef(`distro_redhat',`
> /etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:bin_t,s0)
> /etc/hotplug\.d/default/default.* gen_context(system_u:object_r:bin_t,s0)
>
> -/etc/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0)
> -
> /etc/kde/env(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /etc/kde/shutdown(/.*)? gen_context(system_u:object_r:bin_t,s0)
>
> @@ -257,7 +255,6 @@ ifdef(`distro_gentoo',`
>
> /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
>
> -/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
> /usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0)
> /usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
> diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
> index 8796ca3..1975fc4 100644
> --- a/policy/modules/kernel/files.fc
> +++ b/policy/modules/kernel/files.fc
> @@ -84,7 +84,7 @@ ifdef(`distro_redhat',`
>
> ifdef(`distro_suse',`
> /etc/defkeymap\.map -- gen_context(system_u:object_r:etc_runtime_t,s0)
> -/etc/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
> +/etc/rc\.d/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
> ')
>
> #
> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> index fc86b7c..be8f670 100644
> --- a/policy/modules/services/xserver.fc
> +++ b/policy/modules/services/xserver.fc
> @@ -22,13 +22,13 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0)
> /etc/gdm/PreSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
> /etc/gdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
>
> -/etc/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)
> -
> /etc/kde[34]?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0)
> /etc/kde[34]?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0)
> /etc/kde[34]?/kdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
> /etc/kde[34]?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0)
>
> +/etc/rc\.d/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)
> +
> /etc/X11/[wx]dm/Xreset.* -- gen_context(system_u:object_r:xsession_exec_t,s0)
> /etc/X11/[wxg]dm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0)
> /etc/X11/wdm(/.*)? gen_context(system_u:object_r:xdm_rw_etc_t,s0)
> diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
> index d2e40b8..03e27db 100644
> --- a/policy/modules/system/init.fc
> +++ b/policy/modules/system/init.fc
> @@ -1,8 +1,6 @@
> #
> # /etc
> #
> -/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
> -
> /etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0)
> /etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0)
>
> diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
> index ec85acb..662e79b 100644
> --- a/policy/modules/system/ipsec.fc
> +++ b/policy/modules/system/ipsec.fc
> @@ -27,11 +27,6 @@
> /usr/libexec/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
> /usr/libexec/nm-openswan-service -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
>
> -/usr/local/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0)
> -/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
> -/usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
> -/usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
> -
> /usr/sbin/ipsec -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
> /usr/sbin/racoon -- gen_context(system_u:object_r:racoon_exec_t,s0)
> /usr/sbin/setkey -- gen_context(system_u:object_r:setkey_exec_t,s0)
> diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
> index ef8bbaf..f302477 100644
> --- a/policy/modules/system/libraries.fc
> +++ b/policy/modules/system/libraries.fc
> @@ -242,7 +242,6 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_
> /usr/lib.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
> /usr/local(/.*)?/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
> /usr/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
> -/usr/local/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>
> HOME_DIR/.*/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
> HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com