This patch adds unit files labels for many daemons. Of all those daemons all
apart from consolekit.fc and selinuxutil.fc have *_initrc_exec_t types.
Another possibility is to use a template so that we don't have special code
in every daemon module for both *_initrc_exec_t and *_unit_t.
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apache.fc ./policy/modules/contrib/apache.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/apache.fc 2016-07-30 08:14:41.069649126 +1000
+++ ./policy/modules/contrib/apache.fc 2016-08-03 15:58:36.561019479 +1000
@@ -28,6 +28,9 @@
/etc/WebCalendar(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
/etc/zabbix/web(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
+/usr/lib/systemd/system/httpd.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
+/usr/lib/systemd/system/jetty.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
+
/opt/.*\.cgi -- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apache.te ./policy/modules/contrib/apache.te
--- /home/rjc/src/pol-git/policy/modules/contrib/apache.te 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/apache.te 2016-08-03 15:58:36.565019587 +1000
@@ -289,6 +289,8 @@
type httpd_keytab_t;
files_type(httpd_keytab_t)
+type httpd_unit_t;
+init_unit_file(httpd_unit_t)
type httpd_lock_t;
files_lock_file(httpd_lock_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.fc ./policy/modules/contrib/apcupsd.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.fc 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/apcupsd.fc 2016-08-03 15:58:36.565019587 +1000
@@ -1,5 +1,7 @@
/etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
+/usr/lib/systemd/system/apcupsd.*\.service -- gen_context(system_u:object_r:apcupsd_unit_t,s0)
+
/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
/usr/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.te ./policy/modules/contrib/apcupsd.te
--- /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.te 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/apcupsd.te 2016-08-03 15:58:36.565019587 +1000
@@ -24,6 +24,9 @@
type apcupsd_var_run_t;
files_pid_file(apcupsd_var_run_t)
+type apcupsd_unit_t;
+init_unit_file(apcupsd_unit_t)
+
########################################
#
# Local policy
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apm.fc ./policy/modules/contrib/apm.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/apm.fc 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/apm.fc 2016-08-03 15:58:36.565019587 +1000
@@ -17,3 +17,5 @@
/var/run/powersave_socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
/var/lib/acpi(/.*)? gen_context(system_u:object_r:apmd_var_lib_t,s0)
+
+/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apm.te ./policy/modules/contrib/apm.te
--- /home/rjc/src/pol-git/policy/modules/contrib/apm.te 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/apm.te 2016-08-03 15:58:36.565019587 +1000
@@ -35,6 +35,9 @@
type apmd_var_run_t;
files_pid_file(apmd_var_run_t)
+type apmd_unit_t;
+init_unit_file(apmd_unit_t)
+
########################################
#
# Client local policy
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.fc ./policy/modules/contrib/arpwatch.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.fc 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/arpwatch.fc 2016-08-03 15:58:36.569019697 +1000
@@ -7,3 +7,5 @@
/var/lib/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0)
/var/run/arpwatch.*\.pid -- gen_context(system_u:object_r:arpwatch_var_run_t,s0)
+
+/usr/lib/systemd/system/arpwatch.*\.service -- gen_context(system_u:object_r:arpwatch_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.te ./policy/modules/contrib/arpwatch.te
--- /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.te 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/arpwatch.te 2016-08-03 15:58:36.569019697 +1000
@@ -21,6 +21,9 @@
type arpwatch_var_run_t;
files_pid_file(arpwatch_var_run_t)
+type arpwatch_unit_t;
+init_unit_file(arpwatch_unit_t)
+
########################################
#
# Local policy
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/automount.fc ./policy/modules/contrib/automount.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/automount.fc 2016-07-30 08:14:41.073649232 +1000
+++ ./policy/modules/contrib/automount.fc 2016-08-03 15:58:36.569019697 +1000
@@ -6,3 +6,5 @@
/var/lock/subsys/autofs -- gen_context(system_u:object_r:automount_lock_t,s0)
/var/run/autofs.* gen_context(system_u:object_r:automount_var_run_t,s0)
+
+/usr/lib/systemd/system/autofs.*\.service -- gen_context(system_u:object_r:automount_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/automount.te ./policy/modules/contrib/automount.te
--- /home/rjc/src/pol-git/policy/modules/contrib/automount.te 2016-07-30 08:14:41.077649338 +1000
+++ ./policy/modules/contrib/automount.te 2016-08-03 15:58:36.569019697 +1000
@@ -25,6 +25,9 @@
type automount_var_run_t;
files_pid_file(automount_var_run_t)
+type automount_unit_t;
+init_unit_file(automount_unit_t)
+
########################################
#
# Local policy
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/avahi.fc ./policy/modules/contrib/avahi.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/avahi.fc 2016-07-30 08:14:41.077649338 +1000
+++ ./policy/modules/contrib/avahi.fc 2016-08-03 15:58:36.569019697 +1000
@@ -7,3 +7,5 @@
/var/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0)
/var/lib/avahi-autoipd(/.*)? gen_context(system_u:object_r:avahi_var_lib_t,s0)
+
+/usr/lib/systemd/system/avahi.*\.service -- gen_context(system_u:object_r:avahi_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/avahi.te ./policy/modules/contrib/avahi.te
--- /home/rjc/src/pol-git/policy/modules/contrib/avahi.te 2016-07-30 08:14:41.077649338 +1000
+++ ./policy/modules/contrib/avahi.te 2016-08-03 15:58:36.569019697 +1000
@@ -19,6 +19,9 @@
type avahi_var_run_t;
files_pid_file(avahi_var_run_t)
+type avahi_unit_t;
+init_unit_file(avahi_unit_t)
+
########################################
#
# Local policy
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/bind.fc ./policy/modules/contrib/bind.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/bind.fc 2016-07-30 08:14:41.077649338 +1000
+++ ./policy/modules/contrib/bind.fc 2016-08-03 15:58:36.573019806 +1000
@@ -14,6 +14,9 @@
/etc/unbound(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
/etc/unbound/.*\.key -- gen_context(system_u:object_r:dnssec_t,s0)
+/usr/lib/systemd/system/unbound.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
+/usr/lib/systemd/system/named.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
+
/usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
/usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0)
/usr/sbin/named-checkconf -- gen_context(system_u:object_r:named_checkconf_exec_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/bind.te ./policy/modules/contrib/bind.te
--- /home/rjc/src/pol-git/policy/modules/contrib/bind.te 2016-07-30 08:14:41.077649338 +1000
+++ ./policy/modules/contrib/bind.te 2016-08-03 15:58:36.573019806 +1000
@@ -47,6 +47,9 @@
type named_keytab_t;
files_type(named_keytab_t)
+type named_unit_t;
+init_unit_file(named_unit_t)
+
type named_log_t;
logging_log_file(named_log_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/clamav.fc ./policy/modules/contrib/clamav.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/clamav.fc 2016-07-30 08:14:41.085649549 +1000
+++ ./policy/modules/contrib/clamav.fc 2016-08-03 15:58:36.573019806 +1000
@@ -24,3 +24,5 @@
/var/run/clamd.* gen_context(system_u:object_r:clamd_var_run_t,s0)
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
+
+/usr/lib/systemd/system/clamd.*\.service -- gen_context(system_u:object_r:clamd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/clamav.te ./policy/modules/contrib/clamav.te
--- /home/rjc/src/pol-git/policy/modules/contrib/clamav.te 2016-07-30 08:14:41.085649549 +1000
+++ ./policy/modules/contrib/clamav.te 2016-08-03 15:58:36.573019806 +1000
@@ -38,6 +38,9 @@
type clamd_initrc_exec_t;
init_script_file(clamd_initrc_exec_t)
+type clamd_unit_t;
+init_unit_file(clamd_unit_t)
+
type clamd_tmp_t;
files_tmp_file(clamd_tmp_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/consolekit.fc ./policy/modules/contrib/consolekit.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/consolekit.fc 2016-07-30 08:14:41.085649549 +1000
+++ ./policy/modules/contrib/consolekit.fc 2016-08-03 15:58:36.573019806 +1000
@@ -1,3 +1,5 @@
+/usr/lib/systemd/system/console-kit.*\.service -- gen_context(system_u:object_r:consolekit_unit_t,s0)
+
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/consolekit.te ./policy/modules/contrib/consolekit.te
--- /home/rjc/src/pol-git/policy/modules/contrib/consolekit.te 2016-07-30 08:14:41.085649549 +1000
+++ ./policy/modules/contrib/consolekit.te 2016-08-03 15:58:36.577019915 +1000
@@ -19,6 +19,9 @@
files_pid_file(consolekit_var_run_t)
init_daemon_pid_file(consolekit_var_run_t, dir, "ConsoleKit")
+type consolekit_unit_t;
+init_unit_file(consolekit_unit_t)
+
########################################
#
# Local policy
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cron.fc ./policy/modules/contrib/cron.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/cron.fc 2016-07-30 08:14:41.089649654 +1000
+++ ./policy/modules/contrib/cron.fc 2016-08-03 15:58:36.577019915 +1000
@@ -64,3 +64,6 @@
/var/spool/cron/lastrun/[^/]* -- <<none>>
/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0)
')
+
+/usr/lib/systemd/system/atd.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
+/usr/lib/systemd/system/crond.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cron.te ./policy/modules/contrib/cron.te
--- /home/rjc/src/pol-git/policy/modules/contrib/cron.te 2016-07-30 08:14:41.089649654 +1000
+++ ./policy/modules/contrib/cron.te 2016-08-03 15:58:36.577019915 +1000
@@ -71,6 +71,9 @@
type crond_initrc_exec_t;
init_script_file(crond_initrc_exec_t)
+type crond_unit_t;
+init_unit_file(crond_unit_t)
+
type crond_tmp_t;
files_tmp_file(crond_tmp_t)
files_poly_parent(crond_tmp_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cups.fc ./policy/modules/contrib/cups.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/cups.fc 2016-07-30 08:14:41.089649654 +1000
+++ ./policy/modules/contrib/cups.fc 2016-08-03 15:58:36.577019915 +1000
@@ -75,3 +75,5 @@
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
/var/run/udev-configure-printer(/.*)? gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
/var/turboprint(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
+
+/usr/lib/systemd/system/cups.*\.service -- gen_context(system_u:object_r:cupsd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cups.te ./policy/modules/contrib/cups.te
--- /home/rjc/src/pol-git/policy/modules/contrib/cups.te 2016-07-30 08:14:41.089649654 +1000
+++ ./policy/modules/contrib/cups.te 2016-08-03 15:58:36.577019915 +1000
@@ -63,6 +63,9 @@
init_daemon_pid_file(cupsd_var_run_t, dir, "cups")
mls_trusted_object(cupsd_var_run_t)
+type cupsd_unit_t;
+init_unit_file(cupsd_unit_t)
+
type hplip_t;
type hplip_exec_t;
init_daemon_domain(hplip_t, hplip_exec_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/dhcp.fc ./policy/modules/contrib/dhcp.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/dhcp.fc 2016-07-30 08:14:41.093649760 +1000
+++ ./policy/modules/contrib/dhcp.fc 2016-08-03 15:58:36.577019915 +1000
@@ -6,3 +6,4 @@
/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
/var/run/dhcpd(6)?\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0)
+/usr/lib/systemd/system/dhcpcd.*\.service -- gen_context(system_u:object_r:dhcpd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/dhcp.te ./policy/modules/contrib/dhcp.te
--- /home/rjc/src/pol-git/policy/modules/contrib/dhcp.te 2016-07-30 08:14:41.093649760 +1000
+++ ./policy/modules/contrib/dhcp.te 2016-08-03 15:58:36.581020025 +1000
@@ -20,6 +20,9 @@
type dhcpd_initrc_exec_t;
init_script_file(dhcpd_initrc_exec_t)
+type dhcpd_unit_t;
+init_unit_file(dhcpd_unit_t)
+
type dhcpd_state_t;
files_type(dhcpd_state_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ftp.fc ./policy/modules/contrib/ftp.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/ftp.fc 2016-07-30 08:14:41.101649971 +1000
+++ ./policy/modules/contrib/ftp.fc 2016-08-03 15:58:36.593020353 +1000
@@ -26,3 +26,6 @@
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0)
+
+/usr/lib/systemd/system/vsftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
+/usr/lib/systemd/system/proftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ftp.te ./policy/modules/contrib/ftp.te
--- /home/rjc/src/pol-git/policy/modules/contrib/ftp.te 2016-07-30 08:14:41.101649971 +1000
+++ ./policy/modules/contrib/ftp.te 2016-08-03 15:58:36.581020025 +1000
@@ -127,6 +127,9 @@
type ftpd_keytab_t;
files_type(ftpd_keytab_t)
+type ftpd_unit_t;
+init_unit_file(ftpd_unit_t)
+
type ftpd_lock_t;
files_lock_file(ftpd_lock_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/kdump.fc ./policy/modules/contrib/kdump.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/kdump.fc 2016-07-30 08:14:41.109650183 +1000
+++ ./policy/modules/contrib/kdump.fc 2016-08-03 15:58:36.581020025 +1000
@@ -11,3 +11,5 @@
/usr/sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0)
/usr/sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0)
+
+/usr/lib/systemd/system/kdump.*\.service -- gen_context(system_u:object_r:kdump_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ldap.fc ./policy/modules/contrib/ldap.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/ldap.fc 2016-07-30 08:14:41.113650288 +1000
+++ ./policy/modules/contrib/ldap.fc 2016-08-03 15:58:36.581020025 +1000
@@ -27,3 +27,5 @@
/var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
+
+/usr/lib/systemd/system/slapd.*\.service -- gen_context(system_u:object_r:slapd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ldap.te ./policy/modules/contrib/ldap.te
--- /home/rjc/src/pol-git/policy/modules/contrib/ldap.te 2016-07-30 08:14:41.113650288 +1000
+++ ./policy/modules/contrib/ldap.te 2016-08-03 15:58:36.581020025 +1000
@@ -24,6 +24,9 @@
type slapd_keytab_t;
files_type(slapd_keytab_t)
+type slapd_unit_t;
+init_unit_file(slapd_unit_t)
+
type slapd_lock_t;
files_lock_file(slapd_lock_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/mysql.fc ./policy/modules/contrib/mysql.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/mysql.fc 2016-07-30 08:14:41.121650499 +1000
+++ ./policy/modules/contrib/mysql.fc 2016-08-03 15:58:36.581020025 +1000
@@ -25,3 +25,5 @@
/var/run/mysqld.* gen_context(system_u:object_r:mysqld_var_run_t,s0)
/var/run/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
+
+/usr/lib/systemd/system/mysqld.*\.service -- gen_context(system_u:object_r:mysqld_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/mysql.te ./policy/modules/contrib/mysql.te
--- /home/rjc/src/pol-git/policy/modules/contrib/mysql.te 2016-07-30 08:14:41.121650499 +1000
+++ ./policy/modules/contrib/mysql.te 2016-08-03 15:58:36.581020025 +1000
@@ -38,6 +38,9 @@
type mysqld_home_t;
userdom_user_home_content(mysqld_home_t)
+type mysqld_unit_t;
+init_unit_file(mysqld_unit_t)
+
type mysqld_initrc_exec_t;
init_script_file(mysqld_initrc_exec_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nis.fc ./policy/modules/contrib/nis.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/nis.fc 2016-07-30 08:14:41.125650605 +1000
+++ ./policy/modules/contrib/nis.fc 2016-08-03 15:58:36.585020134 +1000
@@ -20,3 +20,8 @@
/var/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0)
/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
+
+/usr/lib/systemd/system/ypbind.*\.service -- gen_context(system_u:object_r:ypbind_unit_t,s0)
+/usr/lib/systemd/system/ypserv.*\.service -- gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/yppasswdd.*\.service -- gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/ypxfrd.*\.service -- gen_context(system_u:object_r:nis_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nis.te ./policy/modules/contrib/nis.te
--- /home/rjc/src/pol-git/policy/modules/contrib/nis.te 2016-07-30 08:14:41.125650605 +1000
+++ ./policy/modules/contrib/nis.te 2016-08-03 15:58:36.585020134 +1000
@@ -27,6 +27,9 @@
type ypbind_var_run_t;
files_pid_file(ypbind_var_run_t)
+type ypbind_unit_t;
+init_unit_file(ypbind_unit_t)
+
type yppasswdd_t;
type yppasswdd_exec_t;
init_daemon_domain(yppasswdd_t, yppasswdd_exec_t)
@@ -55,6 +58,9 @@
type ypxfr_var_run_t;
files_pid_file(ypxfr_var_run_t)
+type nis_unit_t;
+init_unit_file(nis_unit_t)
+
########################################
#
# ypbind local policy
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nscd.te ./policy/modules/contrib/nscd.te
--- /home/rjc/src/pol-git/policy/modules/contrib/nscd.te 2016-07-30 08:14:41.125650605 +1000
+++ ./policy/modules/contrib/nscd.te 2016-08-03 15:58:36.585020134 +1000
@@ -31,6 +31,9 @@
type nscd_initrc_exec_t;
init_script_file(nscd_initrc_exec_t)
+type nscd_unit_t;
+init_unit_file(nscd_unit_t)
+
type nscd_log_t;
logging_log_file(nscd_log_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ntp.fc ./policy/modules/contrib/ntp.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/ntp.fc 2016-07-30 08:14:41.125650605 +1000
+++ ./policy/modules/contrib/ntp.fc 2016-08-03 15:58:36.585020134 +1000
@@ -27,3 +27,7 @@
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
/var/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0)
+
+/usr/lib/systemd/system/ntpd.*\.service -- gen_context(system_u:object_r:ntpd_unit_t,s0)
+
+/usr/usr/lib/systemd/system/ntpd.*\.service -- gen_context(system_u:object_r:ntpd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ppp.fc ./policy/modules/contrib/ppp.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/ppp.fc 2016-07-30 08:14:41.133650816 +1000
+++ ./policy/modules/contrib/ppp.fc 2016-08-03 15:58:36.585020134 +1000
@@ -28,3 +28,5 @@
/var/run/pppd[0-9]*\.tdb -- gen_context(system_u:object_r:pppd_var_run_t,s0)
/var/run/ppp(/.*)? gen_context(system_u:object_r:pppd_var_run_t,s0)
/var/run/pptp(/.*)? gen_context(system_u:object_r:pptp_var_run_t,s0)
+
+/usr/lib/systemd/system/ppp.*\.service -- gen_context(system_u:object_r:pppd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ppp.te ./policy/modules/contrib/ppp.te
--- /home/rjc/src/pol-git/policy/modules/contrib/ppp.te 2016-07-30 08:14:41.133650816 +1000
+++ ./policy/modules/contrib/ppp.te 2016-08-03 15:58:36.585020134 +1000
@@ -41,6 +41,9 @@
type pppd_initrc_exec_t alias pppd_script_exec_t;
init_script_file(pppd_initrc_exec_t)
+type pppd_unit_t;
+init_unit_file(pppd_unit_t)
+
type pppd_secret_t;
files_type(pppd_secret_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/rpc.fc ./policy/modules/contrib/rpc.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/rpc.fc 2016-07-30 08:14:41.141651028 +1000
+++ ./policy/modules/contrib/rpc.fc 2016-08-03 15:58:36.589020244 +1000
@@ -20,3 +20,6 @@
/var/run/rpc\.statd(/.*)? gen_context(system_u:object_r:rpcd_var_run_t,s0)
/var/run/rpc\.statd\.pid -- gen_context(system_u:object_r:rpcd_var_run_t,s0)
+
+/usr/lib/systemd/system/nfs.*\.service -- gen_context(system_u:object_r:nfsd_unit_t,s0)
+/usr/lib/systemd/system/rpc.*\.service -- gen_context(system_u:object_r:rpcd_unit_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/rpc.te ./policy/modules/contrib/rpc.te
--- /home/rjc/src/pol-git/policy/modules/contrib/rpc.te 2016-07-30 08:14:41.145651133 +1000
+++ ./policy/modules/contrib/rpc.te 2016-08-03 15:58:36.589020244 +1000
@@ -52,11 +52,17 @@
type rpcd_initrc_exec_t;
init_script_file(rpcd_initrc_exec_t)
+type rpcd_unit_t;
+init_unit_file(rpcd_unit_t)
+
rpc_domain_template(nfsd)
type nfsd_initrc_exec_t;
init_script_file(nfsd_initrc_exec_t)
+type nfsd_unit_t;
+init_unit_file(nfsd_unit_t)
+
type nfsd_rw_t;
files_type(nfsd_rw_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/samba.fc ./policy/modules/contrib/samba.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/samba.fc 2016-07-30 08:14:41.145651133 +1000
+++ ./policy/modules/contrib/samba.fc 2016-08-03 15:58:36.589020244 +1000
@@ -8,6 +8,8 @@
/etc/samba/smbpasswd -- gen_context(system_u:object_r:samba_secrets_t,s0)
/etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0)
+/usr/lib/systemd/system/smb.*\.service -- gen_context(system_u:object_r:samba_unit_t,s0)
+
/usr/bin/net -- gen_context(system_u:object_r:samba_net_exec_t,s0)
/usr/bin/ntlm_auth -- gen_context(system_u:object_r:winbind_helper_exec_t,s0)
/usr/bin/smbcontrol -- gen_context(system_u:object_r:smbcontrol_exec_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/samba.te ./policy/modules/contrib/samba.te
--- /home/rjc/src/pol-git/policy/modules/contrib/samba.te 2016-07-30 08:14:41.145651133 +1000
+++ ./policy/modules/contrib/samba.te 2016-08-03 15:58:36.589020244 +1000
@@ -113,6 +113,9 @@
type samba_initrc_exec_t;
init_script_file(samba_initrc_exec_t)
+type samba_unit_t;
+init_unit_file(samba_unit_t)
+
type samba_log_t;
logging_log_file(samba_log_t)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/tor.fc ./policy/modules/contrib/tor.fc
--- /home/rjc/src/pol-git/policy/modules/contrib/tor.fc 2016-07-30 08:14:41.153651345 +1000
+++ ./policy/modules/contrib/tor.fc 2016-08-03 15:58:36.589020244 +1000
@@ -5,6 +5,8 @@
/usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
/usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
+/usr/lib/systemd/system/tor.*\.service -- gen_context(system_u:object_r:tor_unit_t,s0)
+
/var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
/var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/contrib/tor.te ./policy/modules/contrib/tor.te
--- /home/rjc/src/pol-git/policy/modules/contrib/tor.te 2016-07-30 08:14:41.153651345 +1000
+++ ./policy/modules/contrib/tor.te 2016-08-03 15:58:36.589020244 +1000
@@ -33,6 +33,9 @@
files_pid_file(tor_var_run_t)
init_daemon_pid_file(tor_var_run_t, dir, "tor")
+type tor_unit_t;
+init_unit_file(tor_unit_t)
+
########################################
#
# Local policy
diff -ru /home/rjc/src/pol-git/policy/modules/system/init.te ./policy/modules/system/init.te
--- /home/rjc/src/pol-git/policy/modules/system/init.te 2016-07-28 20:33:39.967961825 +1000
+++ ./policy/modules/system/init.te 2016-08-03 15:45:01.782699499 +1000
@@ -568,6 +568,9 @@
userdom_use_user_terminals(initrc_t)
ifdef(`distro_debian',`
+ kernel_getattr_core_if(initrc_t)
+
+ dev_getattr_generic_blk_files(initrc_t)
dev_setattr_generic_dirs(initrc_t)
fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)
diff -ru /home/rjc/src/pol-git/policy/modules/system/logging.fc ./policy/modules/system/logging.fc
--- /home/rjc/src/pol-git/policy/modules/system/logging.fc 2016-07-28 20:33:39.967961825 +1000
+++ ./policy/modules/system/logging.fc 2016-08-03 15:58:36.589020244 +1000
@@ -27,6 +27,7 @@
/usr/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
+/usr/lib/systemd/system/rsyslog.*\.service -- gen_context(system_u:object_r:syslogd_unit_t,s0)
/var/lib/misc/syslog-ng.persist-? -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
/var/lib/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/system/selinuxutil.fc ./policy/modules/system/selinuxutil.fc
--- /home/rjc/src/pol-git/policy/modules/system/selinuxutil.fc 2016-07-28 20:33:39.971961928 +1000
+++ ./policy/modules/system/selinuxutil.fc 2016-08-03 15:58:36.593020353 +1000
@@ -36,6 +36,7 @@
/usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0)
/usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
+/usr/lib/systemd/system/restorecond.*\.service -- gen_context(system_u:object_r:restorecond_unit_t,s0)
/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
/usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
/usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
diff -ru /home/rjc/src/pol-git/policy/modules/system/selinuxutil.te ./policy/modules/system/selinuxutil.te
--- /home/rjc/src/pol-git/policy/modules/system/selinuxutil.te 2016-07-28 20:33:39.971961928 +1000
+++ ./policy/modules/system/selinuxutil.te 2016-08-03 15:58:36.593020353 +1000
@@ -85,6 +85,9 @@
domain_obj_id_change_exemption(restorecond_t)
role system_r types restorecond_t;
+type restorecond_unit_t;
+init_unit_file(restorecond_unit_t)
+
type restorecond_var_run_t;
files_pid_file(restorecond_var_run_t)
diff -ru /home/rjc/src/pol-git/policy/modules/system/setrans.fc ./policy/modules/system/setrans.fc
--- /home/rjc/src/pol-git/policy/modules/system/setrans.fc 2016-07-28 20:33:39.971961928 +1000
+++ ./policy/modules/system/setrans.fc 2016-08-03 15:58:36.593020353 +1000
@@ -1,5 +1,6 @@
/etc/rc\.d/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_initrc_exec_t,s0)
/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
+/usr/lib/systemd/system/mcstrans.*\.service -- gen_context(system_u:object_r:setrans_unit_t,s0)
/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
On 08/03/16 02:05, Russell Coker wrote:
> This patch adds unit files labels for many daemons. Of all those daemons all
> apart from consolekit.fc and selinuxutil.fc have *_initrc_exec_t types.
>
> Another possibility is to use a template so that we don't have special code
> in every daemon module for both *_initrc_exec_t and *_unit_t.
Yes, it seems like something to explore. It matches up with the
init_startstop_service() that was created a while ago.
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apache.fc ./policy/modules/contrib/apache.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/apache.fc 2016-07-30 08:14:41.069649126 +1000
> +++ ./policy/modules/contrib/apache.fc 2016-08-03 15:58:36.561019479 +1000
> @@ -28,6 +28,9 @@
> /etc/WebCalendar(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
> /etc/zabbix/web(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
>
> +/usr/lib/systemd/system/httpd.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
> +/usr/lib/systemd/system/jetty.*\.service -- gen_context(system_u:object_r:httpd_unit_t,s0)
> +
> /opt/.*\.cgi -- gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
> /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apache.te ./policy/modules/contrib/apache.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/apache.te 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/apache.te 2016-08-03 15:58:36.565019587 +1000
> @@ -289,6 +289,8 @@
> type httpd_keytab_t;
> files_type(httpd_keytab_t)
>
> +type httpd_unit_t;
> +init_unit_file(httpd_unit_t)
> type httpd_lock_t;
> files_lock_file(httpd_lock_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.fc ./policy/modules/contrib/apcupsd.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.fc 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/apcupsd.fc 2016-08-03 15:58:36.565019587 +1000
> @@ -1,5 +1,7 @@
> /etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
>
> +/usr/lib/systemd/system/apcupsd.*\.service -- gen_context(system_u:object_r:apcupsd_unit_t,s0)
> +
> /sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
>
> /usr/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.te ./policy/modules/contrib/apcupsd.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.te 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/apcupsd.te 2016-08-03 15:58:36.565019587 +1000
> @@ -24,6 +24,9 @@
> type apcupsd_var_run_t;
> files_pid_file(apcupsd_var_run_t)
>
> +type apcupsd_unit_t;
> +init_unit_file(apcupsd_unit_t)
> +
> ########################################
> #
> # Local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apm.fc ./policy/modules/contrib/apm.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/apm.fc 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/apm.fc 2016-08-03 15:58:36.565019587 +1000
> @@ -17,3 +17,5 @@
> /var/run/powersave_socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
>
> /var/lib/acpi(/.*)? gen_context(system_u:object_r:apmd_var_lib_t,s0)
> +
> +/usr/lib/systemd/system/apmd.*\.service -- gen_context(system_u:object_r:apmd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apm.te ./policy/modules/contrib/apm.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/apm.te 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/apm.te 2016-08-03 15:58:36.565019587 +1000
> @@ -35,6 +35,9 @@
> type apmd_var_run_t;
> files_pid_file(apmd_var_run_t)
>
> +type apmd_unit_t;
> +init_unit_file(apmd_unit_t)
> +
> ########################################
> #
> # Client local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.fc ./policy/modules/contrib/arpwatch.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.fc 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/arpwatch.fc 2016-08-03 15:58:36.569019697 +1000
> @@ -7,3 +7,5 @@
> /var/lib/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0)
>
> /var/run/arpwatch.*\.pid -- gen_context(system_u:object_r:arpwatch_var_run_t,s0)
> +
> +/usr/lib/systemd/system/arpwatch.*\.service -- gen_context(system_u:object_r:arpwatch_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.te ./policy/modules/contrib/arpwatch.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.te 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/arpwatch.te 2016-08-03 15:58:36.569019697 +1000
> @@ -21,6 +21,9 @@
> type arpwatch_var_run_t;
> files_pid_file(arpwatch_var_run_t)
>
> +type arpwatch_unit_t;
> +init_unit_file(arpwatch_unit_t)
> +
> ########################################
> #
> # Local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/automount.fc ./policy/modules/contrib/automount.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/automount.fc 2016-07-30 08:14:41.073649232 +1000
> +++ ./policy/modules/contrib/automount.fc 2016-08-03 15:58:36.569019697 +1000
> @@ -6,3 +6,5 @@
> /var/lock/subsys/autofs -- gen_context(system_u:object_r:automount_lock_t,s0)
>
> /var/run/autofs.* gen_context(system_u:object_r:automount_var_run_t,s0)
> +
> +/usr/lib/systemd/system/autofs.*\.service -- gen_context(system_u:object_r:automount_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/automount.te ./policy/modules/contrib/automount.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/automount.te 2016-07-30 08:14:41.077649338 +1000
> +++ ./policy/modules/contrib/automount.te 2016-08-03 15:58:36.569019697 +1000
> @@ -25,6 +25,9 @@
> type automount_var_run_t;
> files_pid_file(automount_var_run_t)
>
> +type automount_unit_t;
> +init_unit_file(automount_unit_t)
> +
> ########################################
> #
> # Local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/avahi.fc ./policy/modules/contrib/avahi.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/avahi.fc 2016-07-30 08:14:41.077649338 +1000
> +++ ./policy/modules/contrib/avahi.fc 2016-08-03 15:58:36.569019697 +1000
> @@ -7,3 +7,5 @@
> /var/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0)
>
> /var/lib/avahi-autoipd(/.*)? gen_context(system_u:object_r:avahi_var_lib_t,s0)
> +
> +/usr/lib/systemd/system/avahi.*\.service -- gen_context(system_u:object_r:avahi_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/avahi.te ./policy/modules/contrib/avahi.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/avahi.te 2016-07-30 08:14:41.077649338 +1000
> +++ ./policy/modules/contrib/avahi.te 2016-08-03 15:58:36.569019697 +1000
> @@ -19,6 +19,9 @@
> type avahi_var_run_t;
> files_pid_file(avahi_var_run_t)
>
> +type avahi_unit_t;
> +init_unit_file(avahi_unit_t)
> +
> ########################################
> #
> # Local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/bind.fc ./policy/modules/contrib/bind.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/bind.fc 2016-07-30 08:14:41.077649338 +1000
> +++ ./policy/modules/contrib/bind.fc 2016-08-03 15:58:36.573019806 +1000
> @@ -14,6 +14,9 @@
> /etc/unbound(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
> /etc/unbound/.*\.key -- gen_context(system_u:object_r:dnssec_t,s0)
>
> +/usr/lib/systemd/system/unbound.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
> +/usr/lib/systemd/system/named.*\.service -- gen_context(system_u:object_r:named_unit_t,s0)
> +
> /usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
> /usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0)
> /usr/sbin/named-checkconf -- gen_context(system_u:object_r:named_checkconf_exec_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/bind.te ./policy/modules/contrib/bind.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/bind.te 2016-07-30 08:14:41.077649338 +1000
> +++ ./policy/modules/contrib/bind.te 2016-08-03 15:58:36.573019806 +1000
> @@ -47,6 +47,9 @@
> type named_keytab_t;
> files_type(named_keytab_t)
>
> +type named_unit_t;
> +init_unit_file(named_unit_t)
> +
> type named_log_t;
> logging_log_file(named_log_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/clamav.fc ./policy/modules/contrib/clamav.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/clamav.fc 2016-07-30 08:14:41.085649549 +1000
> +++ ./policy/modules/contrib/clamav.fc 2016-08-03 15:58:36.573019806 +1000
> @@ -24,3 +24,5 @@
> /var/run/clamd.* gen_context(system_u:object_r:clamd_var_run_t,s0)
>
> /var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
> +
> +/usr/lib/systemd/system/clamd.*\.service -- gen_context(system_u:object_r:clamd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/clamav.te ./policy/modules/contrib/clamav.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/clamav.te 2016-07-30 08:14:41.085649549 +1000
> +++ ./policy/modules/contrib/clamav.te 2016-08-03 15:58:36.573019806 +1000
> @@ -38,6 +38,9 @@
> type clamd_initrc_exec_t;
> init_script_file(clamd_initrc_exec_t)
>
> +type clamd_unit_t;
> +init_unit_file(clamd_unit_t)
> +
> type clamd_tmp_t;
> files_tmp_file(clamd_tmp_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/consolekit.fc ./policy/modules/contrib/consolekit.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/consolekit.fc 2016-07-30 08:14:41.085649549 +1000
> +++ ./policy/modules/contrib/consolekit.fc 2016-08-03 15:58:36.573019806 +1000
> @@ -1,3 +1,5 @@
> +/usr/lib/systemd/system/console-kit.*\.service -- gen_context(system_u:object_r:consolekit_unit_t,s0)
> +
> /usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
>
> /var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/consolekit.te ./policy/modules/contrib/consolekit.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/consolekit.te 2016-07-30 08:14:41.085649549 +1000
> +++ ./policy/modules/contrib/consolekit.te 2016-08-03 15:58:36.577019915 +1000
> @@ -19,6 +19,9 @@
> files_pid_file(consolekit_var_run_t)
> init_daemon_pid_file(consolekit_var_run_t, dir, "ConsoleKit")
>
> +type consolekit_unit_t;
> +init_unit_file(consolekit_unit_t)
> +
> ########################################
> #
> # Local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cron.fc ./policy/modules/contrib/cron.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/cron.fc 2016-07-30 08:14:41.089649654 +1000
> +++ ./policy/modules/contrib/cron.fc 2016-08-03 15:58:36.577019915 +1000
> @@ -64,3 +64,6 @@
> /var/spool/cron/lastrun/[^/]* -- <<none>>
> /var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0)
> ')
> +
> +/usr/lib/systemd/system/atd.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
> +/usr/lib/systemd/system/crond.*\.service -- gen_context(system_u:object_r:crond_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cron.te ./policy/modules/contrib/cron.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/cron.te 2016-07-30 08:14:41.089649654 +1000
> +++ ./policy/modules/contrib/cron.te 2016-08-03 15:58:36.577019915 +1000
> @@ -71,6 +71,9 @@
> type crond_initrc_exec_t;
> init_script_file(crond_initrc_exec_t)
>
> +type crond_unit_t;
> +init_unit_file(crond_unit_t)
> +
> type crond_tmp_t;
> files_tmp_file(crond_tmp_t)
> files_poly_parent(crond_tmp_t)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cups.fc ./policy/modules/contrib/cups.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/cups.fc 2016-07-30 08:14:41.089649654 +1000
> +++ ./policy/modules/contrib/cups.fc 2016-08-03 15:58:36.577019915 +1000
> @@ -75,3 +75,5 @@
> /var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
> /var/run/udev-configure-printer(/.*)? gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
> /var/turboprint(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
> +
> +/usr/lib/systemd/system/cups.*\.service -- gen_context(system_u:object_r:cupsd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cups.te ./policy/modules/contrib/cups.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/cups.te 2016-07-30 08:14:41.089649654 +1000
> +++ ./policy/modules/contrib/cups.te 2016-08-03 15:58:36.577019915 +1000
> @@ -63,6 +63,9 @@
> init_daemon_pid_file(cupsd_var_run_t, dir, "cups")
> mls_trusted_object(cupsd_var_run_t)
>
> +type cupsd_unit_t;
> +init_unit_file(cupsd_unit_t)
> +
> type hplip_t;
> type hplip_exec_t;
> init_daemon_domain(hplip_t, hplip_exec_t)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/dhcp.fc ./policy/modules/contrib/dhcp.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/dhcp.fc 2016-07-30 08:14:41.093649760 +1000
> +++ ./policy/modules/contrib/dhcp.fc 2016-08-03 15:58:36.577019915 +1000
> @@ -6,3 +6,4 @@
> /var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
>
> /var/run/dhcpd(6)?\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0)
> +/usr/lib/systemd/system/dhcpcd.*\.service -- gen_context(system_u:object_r:dhcpd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/dhcp.te ./policy/modules/contrib/dhcp.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/dhcp.te 2016-07-30 08:14:41.093649760 +1000
> +++ ./policy/modules/contrib/dhcp.te 2016-08-03 15:58:36.581020025 +1000
> @@ -20,6 +20,9 @@
> type dhcpd_initrc_exec_t;
> init_script_file(dhcpd_initrc_exec_t)
>
> +type dhcpd_unit_t;
> +init_unit_file(dhcpd_unit_t)
> +
> type dhcpd_state_t;
> files_type(dhcpd_state_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ftp.fc ./policy/modules/contrib/ftp.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/ftp.fc 2016-07-30 08:14:41.101649971 +1000
> +++ ./policy/modules/contrib/ftp.fc 2016-08-03 15:58:36.593020353 +1000
> @@ -26,3 +26,6 @@
> /var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
> /var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
> /var/log/xferreport.* -- gen_context(system_u:object_r:xferlog_t,s0)
> +
> +/usr/lib/systemd/system/vsftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
> +/usr/lib/systemd/system/proftpd.*\.service -- gen_context(system_u:object_r:ftpd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ftp.te ./policy/modules/contrib/ftp.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/ftp.te 2016-07-30 08:14:41.101649971 +1000
> +++ ./policy/modules/contrib/ftp.te 2016-08-03 15:58:36.581020025 +1000
> @@ -127,6 +127,9 @@
> type ftpd_keytab_t;
> files_type(ftpd_keytab_t)
>
> +type ftpd_unit_t;
> +init_unit_file(ftpd_unit_t)
> +
> type ftpd_lock_t;
> files_lock_file(ftpd_lock_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/kdump.fc ./policy/modules/contrib/kdump.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/kdump.fc 2016-07-30 08:14:41.109650183 +1000
> +++ ./policy/modules/contrib/kdump.fc 2016-08-03 15:58:36.581020025 +1000
> @@ -11,3 +11,5 @@
>
> /usr/sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0)
> /usr/sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0)
> +
> +/usr/lib/systemd/system/kdump.*\.service -- gen_context(system_u:object_r:kdump_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ldap.fc ./policy/modules/contrib/ldap.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/ldap.fc 2016-07-30 08:14:41.113650288 +1000
> +++ ./policy/modules/contrib/ldap.fc 2016-08-03 15:58:36.581020025 +1000
> @@ -27,3 +27,5 @@
> /var/run/slapd.* -s gen_context(system_u:object_r:slapd_var_run_t,s0)
> /var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
> /var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
> +
> +/usr/lib/systemd/system/slapd.*\.service -- gen_context(system_u:object_r:slapd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ldap.te ./policy/modules/contrib/ldap.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/ldap.te 2016-07-30 08:14:41.113650288 +1000
> +++ ./policy/modules/contrib/ldap.te 2016-08-03 15:58:36.581020025 +1000
> @@ -24,6 +24,9 @@
> type slapd_keytab_t;
> files_type(slapd_keytab_t)
>
> +type slapd_unit_t;
> +init_unit_file(slapd_unit_t)
> +
> type slapd_lock_t;
> files_lock_file(slapd_lock_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/mysql.fc ./policy/modules/contrib/mysql.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/mysql.fc 2016-07-30 08:14:41.121650499 +1000
> +++ ./policy/modules/contrib/mysql.fc 2016-08-03 15:58:36.581020025 +1000
> @@ -25,3 +25,5 @@
> /var/run/mysqld.* gen_context(system_u:object_r:mysqld_var_run_t,s0)
> /var/run/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
> /var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
> +
> +/usr/lib/systemd/system/mysqld.*\.service -- gen_context(system_u:object_r:mysqld_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/mysql.te ./policy/modules/contrib/mysql.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/mysql.te 2016-07-30 08:14:41.121650499 +1000
> +++ ./policy/modules/contrib/mysql.te 2016-08-03 15:58:36.581020025 +1000
> @@ -38,6 +38,9 @@
> type mysqld_home_t;
> userdom_user_home_content(mysqld_home_t)
>
> +type mysqld_unit_t;
> +init_unit_file(mysqld_unit_t)
> +
> type mysqld_initrc_exec_t;
> init_script_file(mysqld_initrc_exec_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nis.fc ./policy/modules/contrib/nis.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/nis.fc 2016-07-30 08:14:41.125650605 +1000
> +++ ./policy/modules/contrib/nis.fc 2016-08-03 15:58:36.585020134 +1000
> @@ -20,3 +20,8 @@
> /var/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0)
> /var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
> /var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
> +
> +/usr/lib/systemd/system/ypbind.*\.service -- gen_context(system_u:object_r:ypbind_unit_t,s0)
> +/usr/lib/systemd/system/ypserv.*\.service -- gen_context(system_u:object_r:nis_unit_t,s0)
> +/usr/lib/systemd/system/yppasswdd.*\.service -- gen_context(system_u:object_r:nis_unit_t,s0)
> +/usr/lib/systemd/system/ypxfrd.*\.service -- gen_context(system_u:object_r:nis_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nis.te ./policy/modules/contrib/nis.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/nis.te 2016-07-30 08:14:41.125650605 +1000
> +++ ./policy/modules/contrib/nis.te 2016-08-03 15:58:36.585020134 +1000
> @@ -27,6 +27,9 @@
> type ypbind_var_run_t;
> files_pid_file(ypbind_var_run_t)
>
> +type ypbind_unit_t;
> +init_unit_file(ypbind_unit_t)
> +
> type yppasswdd_t;
> type yppasswdd_exec_t;
> init_daemon_domain(yppasswdd_t, yppasswdd_exec_t)
> @@ -55,6 +58,9 @@
> type ypxfr_var_run_t;
> files_pid_file(ypxfr_var_run_t)
>
> +type nis_unit_t;
> +init_unit_file(nis_unit_t)
> +
> ########################################
> #
> # ypbind local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nscd.te ./policy/modules/contrib/nscd.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/nscd.te 2016-07-30 08:14:41.125650605 +1000
> +++ ./policy/modules/contrib/nscd.te 2016-08-03 15:58:36.585020134 +1000
> @@ -31,6 +31,9 @@
> type nscd_initrc_exec_t;
> init_script_file(nscd_initrc_exec_t)
>
> +type nscd_unit_t;
> +init_unit_file(nscd_unit_t)
> +
> type nscd_log_t;
> logging_log_file(nscd_log_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ntp.fc ./policy/modules/contrib/ntp.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/ntp.fc 2016-07-30 08:14:41.125650605 +1000
> +++ ./policy/modules/contrib/ntp.fc 2016-08-03 15:58:36.585020134 +1000
> @@ -27,3 +27,7 @@
> /var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
>
> /var/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0)
> +
> +/usr/lib/systemd/system/ntpd.*\.service -- gen_context(system_u:object_r:ntpd_unit_t,s0)
> +
> +/usr/usr/lib/systemd/system/ntpd.*\.service -- gen_context(system_u:object_r:ntpd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ppp.fc ./policy/modules/contrib/ppp.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/ppp.fc 2016-07-30 08:14:41.133650816 +1000
> +++ ./policy/modules/contrib/ppp.fc 2016-08-03 15:58:36.585020134 +1000
> @@ -28,3 +28,5 @@
> /var/run/pppd[0-9]*\.tdb -- gen_context(system_u:object_r:pppd_var_run_t,s0)
> /var/run/ppp(/.*)? gen_context(system_u:object_r:pppd_var_run_t,s0)
> /var/run/pptp(/.*)? gen_context(system_u:object_r:pptp_var_run_t,s0)
> +
> +/usr/lib/systemd/system/ppp.*\.service -- gen_context(system_u:object_r:pppd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ppp.te ./policy/modules/contrib/ppp.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/ppp.te 2016-07-30 08:14:41.133650816 +1000
> +++ ./policy/modules/contrib/ppp.te 2016-08-03 15:58:36.585020134 +1000
> @@ -41,6 +41,9 @@
> type pppd_initrc_exec_t alias pppd_script_exec_t;
> init_script_file(pppd_initrc_exec_t)
>
> +type pppd_unit_t;
> +init_unit_file(pppd_unit_t)
> +
> type pppd_secret_t;
> files_type(pppd_secret_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/rpc.fc ./policy/modules/contrib/rpc.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/rpc.fc 2016-07-30 08:14:41.141651028 +1000
> +++ ./policy/modules/contrib/rpc.fc 2016-08-03 15:58:36.589020244 +1000
> @@ -20,3 +20,6 @@
>
> /var/run/rpc\.statd(/.*)? gen_context(system_u:object_r:rpcd_var_run_t,s0)
> /var/run/rpc\.statd\.pid -- gen_context(system_u:object_r:rpcd_var_run_t,s0)
> +
> +/usr/lib/systemd/system/nfs.*\.service -- gen_context(system_u:object_r:nfsd_unit_t,s0)
> +/usr/lib/systemd/system/rpc.*\.service -- gen_context(system_u:object_r:rpcd_unit_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/rpc.te ./policy/modules/contrib/rpc.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/rpc.te 2016-07-30 08:14:41.145651133 +1000
> +++ ./policy/modules/contrib/rpc.te 2016-08-03 15:58:36.589020244 +1000
> @@ -52,11 +52,17 @@
> type rpcd_initrc_exec_t;
> init_script_file(rpcd_initrc_exec_t)
>
> +type rpcd_unit_t;
> +init_unit_file(rpcd_unit_t)
> +
> rpc_domain_template(nfsd)
>
> type nfsd_initrc_exec_t;
> init_script_file(nfsd_initrc_exec_t)
>
> +type nfsd_unit_t;
> +init_unit_file(nfsd_unit_t)
> +
> type nfsd_rw_t;
> files_type(nfsd_rw_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/samba.fc ./policy/modules/contrib/samba.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/samba.fc 2016-07-30 08:14:41.145651133 +1000
> +++ ./policy/modules/contrib/samba.fc 2016-08-03 15:58:36.589020244 +1000
> @@ -8,6 +8,8 @@
> /etc/samba/smbpasswd -- gen_context(system_u:object_r:samba_secrets_t,s0)
> /etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0)
>
> +/usr/lib/systemd/system/smb.*\.service -- gen_context(system_u:object_r:samba_unit_t,s0)
> +
> /usr/bin/net -- gen_context(system_u:object_r:samba_net_exec_t,s0)
> /usr/bin/ntlm_auth -- gen_context(system_u:object_r:winbind_helper_exec_t,s0)
> /usr/bin/smbcontrol -- gen_context(system_u:object_r:smbcontrol_exec_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/samba.te ./policy/modules/contrib/samba.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/samba.te 2016-07-30 08:14:41.145651133 +1000
> +++ ./policy/modules/contrib/samba.te 2016-08-03 15:58:36.589020244 +1000
> @@ -113,6 +113,9 @@
> type samba_initrc_exec_t;
> init_script_file(samba_initrc_exec_t)
>
> +type samba_unit_t;
> +init_unit_file(samba_unit_t)
> +
> type samba_log_t;
> logging_log_file(samba_log_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/tor.fc ./policy/modules/contrib/tor.fc
> --- /home/rjc/src/pol-git/policy/modules/contrib/tor.fc 2016-07-30 08:14:41.153651345 +1000
> +++ ./policy/modules/contrib/tor.fc 2016-08-03 15:58:36.589020244 +1000
> @@ -5,6 +5,8 @@
> /usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
> /usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
>
> +/usr/lib/systemd/system/tor.*\.service -- gen_context(system_u:object_r:tor_unit_t,s0)
> +
> /var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
> /var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/tor.te ./policy/modules/contrib/tor.te
> --- /home/rjc/src/pol-git/policy/modules/contrib/tor.te 2016-07-30 08:14:41.153651345 +1000
> +++ ./policy/modules/contrib/tor.te 2016-08-03 15:58:36.589020244 +1000
> @@ -33,6 +33,9 @@
> files_pid_file(tor_var_run_t)
> init_daemon_pid_file(tor_var_run_t, dir, "tor")
>
> +type tor_unit_t;
> +init_unit_file(tor_unit_t)
> +
> ########################################
> #
> # Local policy
> diff -ru /home/rjc/src/pol-git/policy/modules/system/init.te ./policy/modules/system/init.te
> --- /home/rjc/src/pol-git/policy/modules/system/init.te 2016-07-28 20:33:39.967961825 +1000
> +++ ./policy/modules/system/init.te 2016-08-03 15:45:01.782699499 +1000
> @@ -568,6 +568,9 @@
> userdom_use_user_terminals(initrc_t)
>
> ifdef(`distro_debian',`
> + kernel_getattr_core_if(initrc_t)
> +
> + dev_getattr_generic_blk_files(initrc_t)
> dev_setattr_generic_dirs(initrc_t)
>
> fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)
> diff -ru /home/rjc/src/pol-git/policy/modules/system/logging.fc ./policy/modules/system/logging.fc
> --- /home/rjc/src/pol-git/policy/modules/system/logging.fc 2016-07-28 20:33:39.967961825 +1000
> +++ ./policy/modules/system/logging.fc 2016-08-03 15:58:36.589020244 +1000
> @@ -27,6 +27,7 @@
> /usr/sbin/rsyslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
> /usr/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
> /usr/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
> +/usr/lib/systemd/system/rsyslog.*\.service -- gen_context(system_u:object_r:syslogd_unit_t,s0)
>
> /var/lib/misc/syslog-ng.persist-? -- gen_context(system_u:object_r:syslogd_var_lib_t,s0)
> /var/lib/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/system/selinuxutil.fc ./policy/modules/system/selinuxutil.fc
> --- /home/rjc/src/pol-git/policy/modules/system/selinuxutil.fc 2016-07-28 20:33:39.971961928 +1000
> +++ ./policy/modules/system/selinuxutil.fc 2016-08-03 15:58:36.593020353 +1000
> @@ -36,6 +36,7 @@
>
> /usr/sbin/load_policy -- gen_context(system_u:object_r:load_policy_exec_t,s0)
> /usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
> +/usr/lib/systemd/system/restorecond.*\.service -- gen_context(system_u:object_r:restorecond_unit_t,s0)
> /usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
> /usr/sbin/setfiles.* -- gen_context(system_u:object_r:setfiles_exec_t,s0)
> /usr/sbin/setsebool -- gen_context(system_u:object_r:semanage_exec_t,s0)
> diff -ru /home/rjc/src/pol-git/policy/modules/system/selinuxutil.te ./policy/modules/system/selinuxutil.te
> --- /home/rjc/src/pol-git/policy/modules/system/selinuxutil.te 2016-07-28 20:33:39.971961928 +1000
> +++ ./policy/modules/system/selinuxutil.te 2016-08-03 15:58:36.593020353 +1000
> @@ -85,6 +85,9 @@
> domain_obj_id_change_exemption(restorecond_t)
> role system_r types restorecond_t;
>
> +type restorecond_unit_t;
> +init_unit_file(restorecond_unit_t)
> +
> type restorecond_var_run_t;
> files_pid_file(restorecond_var_run_t)
>
> diff -ru /home/rjc/src/pol-git/policy/modules/system/setrans.fc ./policy/modules/system/setrans.fc
> --- /home/rjc/src/pol-git/policy/modules/system/setrans.fc 2016-07-28 20:33:39.971961928 +1000
> +++ ./policy/modules/system/setrans.fc 2016-08-03 15:58:36.593020353 +1000
> @@ -1,5 +1,6 @@
> /etc/rc\.d/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_initrc_exec_t,s0)
>
> /sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
> +/usr/lib/systemd/system/mcstrans.*\.service -- gen_context(system_u:object_r:setrans_unit_t,s0)
>
> /var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
--
Chris PeBenito
On 08/06/16 16:45, Chris PeBenito wrote:
> On 08/03/16 02:05, Russell Coker wrote:
>> This patch adds unit files labels for many daemons. Of all those
>> daemons all
>> apart from consolekit.fc and selinuxutil.fc have *_initrc_exec_t types.
>>
>> Another possibility is to use a template so that we don't have special
>> code
>> in every daemon module for both *_initrc_exec_t and *_unit_t.
>
> Yes, it seems like something to explore. It matches up with the
> init_startstop_service() that was created a while ago.
In the mean time, I've merged this patch, though I moved around a few lines.
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apache.fc
>> ./policy/modules/contrib/apache.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/apache.fc
>> 2016-07-30 08:14:41.069649126 +1000
>> +++ ./policy/modules/contrib/apache.fc 2016-08-03
>> 15:58:36.561019479 +1000
>> @@ -28,6 +28,9 @@
>> /etc/WebCalendar(/.*)?
>> gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
>> /etc/zabbix/web(/.*)?
>> gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
>>
>> +/usr/lib/systemd/system/httpd.*\.service --
>> gen_context(system_u:object_r:httpd_unit_t,s0)
>> +/usr/lib/systemd/system/jetty.*\.service --
>> gen_context(system_u:object_r:httpd_unit_t,s0)
>> +
>> /opt/.*\.cgi --
>> gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
>> /opt/dirsrv/var/run/dirsrv/dsgw/cookies(/.*)?
>> gen_context(system_u:object_r:httpd_var_run_t,s0)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apache.te
>> ./policy/modules/contrib/apache.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/apache.te
>> 2016-07-30 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/apache.te 2016-08-03
>> 15:58:36.565019587 +1000
>> @@ -289,6 +289,8 @@
>> type httpd_keytab_t;
>> files_type(httpd_keytab_t)
>>
>> +type httpd_unit_t;
>> +init_unit_file(httpd_unit_t)
>> type httpd_lock_t;
>> files_lock_file(httpd_lock_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.fc
>> ./policy/modules/contrib/apcupsd.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.fc
>> 2016-07-30 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/apcupsd.fc 2016-08-03
>> 15:58:36.565019587 +1000
>> @@ -1,5 +1,7 @@
>> /etc/rc\.d/init\.d/apcupsd --
>> gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
>>
>> +/usr/lib/systemd/system/apcupsd.*\.service --
>> gen_context(system_u:object_r:apcupsd_unit_t,s0)
>> +
>> /sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
>>
>> /usr/sbin/apcupsd --
>> gen_context(system_u:object_r:apcupsd_exec_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.te
>> ./policy/modules/contrib/apcupsd.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/apcupsd.te
>> 2016-07-30 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/apcupsd.te 2016-08-03
>> 15:58:36.565019587 +1000
>> @@ -24,6 +24,9 @@
>> type apcupsd_var_run_t;
>> files_pid_file(apcupsd_var_run_t)
>>
>> +type apcupsd_unit_t;
>> +init_unit_file(apcupsd_unit_t)
>> +
>> ########################################
>> #
>> # Local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apm.fc
>> ./policy/modules/contrib/apm.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/apm.fc 2016-07-30
>> 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/apm.fc 2016-08-03 15:58:36.565019587
>> +1000
>> @@ -17,3 +17,5 @@
>> /var/run/powersave_socket -s
>> gen_context(system_u:object_r:apmd_var_run_t,s0)
>>
>> /var/lib/acpi(/.*)? gen_context(system_u:object_r:apmd_var_lib_t,s0)
>> +
>> +/usr/lib/systemd/system/apmd.*\.service --
>> gen_context(system_u:object_r:apmd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/apm.te
>> ./policy/modules/contrib/apm.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/apm.te 2016-07-30
>> 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/apm.te 2016-08-03 15:58:36.565019587
>> +1000
>> @@ -35,6 +35,9 @@
>> type apmd_var_run_t;
>> files_pid_file(apmd_var_run_t)
>>
>> +type apmd_unit_t;
>> +init_unit_file(apmd_unit_t)
>> +
>> ########################################
>> #
>> # Client local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.fc
>> ./policy/modules/contrib/arpwatch.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.fc
>> 2016-07-30 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/arpwatch.fc 2016-08-03
>> 15:58:36.569019697 +1000
>> @@ -7,3 +7,5 @@
>> /var/lib/arpwatch(/.*)?
>> gen_context(system_u:object_r:arpwatch_data_t,s0)
>>
>> /var/run/arpwatch.*\.pid --
>> gen_context(system_u:object_r:arpwatch_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/arpwatch.*\.service --
>> gen_context(system_u:object_r:arpwatch_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.te
>> ./policy/modules/contrib/arpwatch.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/arpwatch.te
>> 2016-07-30 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/arpwatch.te 2016-08-03
>> 15:58:36.569019697 +1000
>> @@ -21,6 +21,9 @@
>> type arpwatch_var_run_t;
>> files_pid_file(arpwatch_var_run_t)
>>
>> +type arpwatch_unit_t;
>> +init_unit_file(arpwatch_unit_t)
>> +
>> ########################################
>> #
>> # Local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/automount.fc
>> ./policy/modules/contrib/automount.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/automount.fc
>> 2016-07-30 08:14:41.073649232 +1000
>> +++ ./policy/modules/contrib/automount.fc 2016-08-03
>> 15:58:36.569019697 +1000
>> @@ -6,3 +6,5 @@
>> /var/lock/subsys/autofs --
>> gen_context(system_u:object_r:automount_lock_t,s0)
>>
>> /var/run/autofs.*
>> gen_context(system_u:object_r:automount_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/autofs.*\.service --
>> gen_context(system_u:object_r:automount_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/automount.te
>> ./policy/modules/contrib/automount.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/automount.te
>> 2016-07-30 08:14:41.077649338 +1000
>> +++ ./policy/modules/contrib/automount.te 2016-08-03
>> 15:58:36.569019697 +1000
>> @@ -25,6 +25,9 @@
>> type automount_var_run_t;
>> files_pid_file(automount_var_run_t)
>>
>> +type automount_unit_t;
>> +init_unit_file(automount_unit_t)
>> +
>> ########################################
>> #
>> # Local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/avahi.fc
>> ./policy/modules/contrib/avahi.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/avahi.fc
>> 2016-07-30 08:14:41.077649338 +1000
>> +++ ./policy/modules/contrib/avahi.fc 2016-08-03 15:58:36.569019697
>> +1000
>> @@ -7,3 +7,5 @@
>> /var/run/avahi-daemon(/.*)?
>> gen_context(system_u:object_r:avahi_var_run_t,s0)
>>
>> /var/lib/avahi-autoipd(/.*)?
>> gen_context(system_u:object_r:avahi_var_lib_t,s0)
>> +
>> +/usr/lib/systemd/system/avahi.*\.service --
>> gen_context(system_u:object_r:avahi_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/avahi.te
>> ./policy/modules/contrib/avahi.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/avahi.te
>> 2016-07-30 08:14:41.077649338 +1000
>> +++ ./policy/modules/contrib/avahi.te 2016-08-03 15:58:36.569019697
>> +1000
>> @@ -19,6 +19,9 @@
>> type avahi_var_run_t;
>> files_pid_file(avahi_var_run_t)
>>
>> +type avahi_unit_t;
>> +init_unit_file(avahi_unit_t)
>> +
>> ########################################
>> #
>> # Local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/bind.fc
>> ./policy/modules/contrib/bind.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/bind.fc 2016-07-30
>> 08:14:41.077649338 +1000
>> +++ ./policy/modules/contrib/bind.fc 2016-08-03 15:58:36.573019806
>> +1000
>> @@ -14,6 +14,9 @@
>> /etc/unbound(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
>> /etc/unbound/.*\.key -- gen_context(system_u:object_r:dnssec_t,s0)
>>
>> +/usr/lib/systemd/system/unbound.*\.service --
>> gen_context(system_u:object_r:named_unit_t,s0)
>> +/usr/lib/systemd/system/named.*\.service --
>> gen_context(system_u:object_r:named_unit_t,s0)
>> +
>> /usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
>> /usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0)
>> /usr/sbin/named-checkconf --
>> gen_context(system_u:object_r:named_checkconf_exec_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/bind.te
>> ./policy/modules/contrib/bind.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/bind.te 2016-07-30
>> 08:14:41.077649338 +1000
>> +++ ./policy/modules/contrib/bind.te 2016-08-03 15:58:36.573019806
>> +1000
>> @@ -47,6 +47,9 @@
>> type named_keytab_t;
>> files_type(named_keytab_t)
>>
>> +type named_unit_t;
>> +init_unit_file(named_unit_t)
>> +
>> type named_log_t;
>> logging_log_file(named_log_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/clamav.fc
>> ./policy/modules/contrib/clamav.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/clamav.fc
>> 2016-07-30 08:14:41.085649549 +1000
>> +++ ./policy/modules/contrib/clamav.fc 2016-08-03
>> 15:58:36.573019806 +1000
>> @@ -24,3 +24,5 @@
>> /var/run/clamd.* gen_context(system_u:object_r:clamd_var_run_t,s0)
>>
>> /var/spool/amavisd/clamd\.sock -s
>> gen_context(system_u:object_r:clamd_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/clamd.*\.service --
>> gen_context(system_u:object_r:clamd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/clamav.te
>> ./policy/modules/contrib/clamav.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/clamav.te
>> 2016-07-30 08:14:41.085649549 +1000
>> +++ ./policy/modules/contrib/clamav.te 2016-08-03
>> 15:58:36.573019806 +1000
>> @@ -38,6 +38,9 @@
>> type clamd_initrc_exec_t;
>> init_script_file(clamd_initrc_exec_t)
>>
>> +type clamd_unit_t;
>> +init_unit_file(clamd_unit_t)
>> +
>> type clamd_tmp_t;
>> files_tmp_file(clamd_tmp_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/consolekit.fc
>> ./policy/modules/contrib/consolekit.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/consolekit.fc
>> 2016-07-30 08:14:41.085649549 +1000
>> +++ ./policy/modules/contrib/consolekit.fc 2016-08-03
>> 15:58:36.573019806 +1000
>> @@ -1,3 +1,5 @@
>> +/usr/lib/systemd/system/console-kit.*\.service --
>> gen_context(system_u:object_r:consolekit_unit_t,s0)
>> +
>> /usr/sbin/console-kit-daemon --
>> gen_context(system_u:object_r:consolekit_exec_t,s0)
>>
>> /var/log/ConsoleKit(/.*)?
>> gen_context(system_u:object_r:consolekit_log_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/consolekit.te
>> ./policy/modules/contrib/consolekit.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/consolekit.te
>> 2016-07-30 08:14:41.085649549 +1000
>> +++ ./policy/modules/contrib/consolekit.te 2016-08-03
>> 15:58:36.577019915 +1000
>> @@ -19,6 +19,9 @@
>> files_pid_file(consolekit_var_run_t)
>> init_daemon_pid_file(consolekit_var_run_t, dir, "ConsoleKit")
>>
>> +type consolekit_unit_t;
>> +init_unit_file(consolekit_unit_t)
>> +
>> ########################################
>> #
>> # Local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cron.fc
>> ./policy/modules/contrib/cron.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/cron.fc 2016-07-30
>> 08:14:41.089649654 +1000
>> +++ ./policy/modules/contrib/cron.fc 2016-08-03 15:58:36.577019915
>> +1000
>> @@ -64,3 +64,6 @@
>> /var/spool/cron/lastrun/[^/]* -- <<none>>
>> /var/spool/cron/tabs -d
>> gen_context(system_u:object_r:cron_spool_t,s0)
>> ')
>> +
>> +/usr/lib/systemd/system/atd.*\.service --
>> gen_context(system_u:object_r:crond_unit_t,s0)
>> +/usr/lib/systemd/system/crond.*\.service --
>> gen_context(system_u:object_r:crond_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cron.te
>> ./policy/modules/contrib/cron.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/cron.te 2016-07-30
>> 08:14:41.089649654 +1000
>> +++ ./policy/modules/contrib/cron.te 2016-08-03 15:58:36.577019915
>> +1000
>> @@ -71,6 +71,9 @@
>> type crond_initrc_exec_t;
>> init_script_file(crond_initrc_exec_t)
>>
>> +type crond_unit_t;
>> +init_unit_file(crond_unit_t)
>> +
>> type crond_tmp_t;
>> files_tmp_file(crond_tmp_t)
>> files_poly_parent(crond_tmp_t)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cups.fc
>> ./policy/modules/contrib/cups.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/cups.fc 2016-07-30
>> 08:14:41.089649654 +1000
>> +++ ./policy/modules/contrib/cups.fc 2016-08-03 15:58:36.577019915
>> +1000
>> @@ -75,3 +75,5 @@
>> /var/run/ptal-mlcd(/.*)?
>> gen_context(system_u:object_r:ptal_var_run_t,s0)
>> /var/run/udev-configure-printer(/.*)?
>> gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
>> /var/turboprint(/.*)?
>> gen_context(system_u:object_r:cupsd_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/cups.*\.service --
>> gen_context(system_u:object_r:cupsd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/cups.te
>> ./policy/modules/contrib/cups.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/cups.te 2016-07-30
>> 08:14:41.089649654 +1000
>> +++ ./policy/modules/contrib/cups.te 2016-08-03 15:58:36.577019915
>> +1000
>> @@ -63,6 +63,9 @@
>> init_daemon_pid_file(cupsd_var_run_t, dir, "cups")
>> mls_trusted_object(cupsd_var_run_t)
>>
>> +type cupsd_unit_t;
>> +init_unit_file(cupsd_unit_t)
>> +
>> type hplip_t;
>> type hplip_exec_t;
>> init_daemon_domain(hplip_t, hplip_exec_t)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/dhcp.fc
>> ./policy/modules/contrib/dhcp.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/dhcp.fc 2016-07-30
>> 08:14:41.093649760 +1000
>> +++ ./policy/modules/contrib/dhcp.fc 2016-08-03 15:58:36.577019915
>> +1000
>> @@ -6,3 +6,4 @@
>> /var/lib/dhcp(3)?/dhcpd\.leases.* --
>> gen_context(system_u:object_r:dhcpd_state_t,s0)
>>
>> /var/run/dhcpd(6)?\.pid --
>> gen_context(system_u:object_r:dhcpd_var_run_t,s0)
>> +/usr/lib/systemd/system/dhcpcd.*\.service --
>> gen_context(system_u:object_r:dhcpd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/dhcp.te
>> ./policy/modules/contrib/dhcp.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/dhcp.te 2016-07-30
>> 08:14:41.093649760 +1000
>> +++ ./policy/modules/contrib/dhcp.te 2016-08-03 15:58:36.581020025
>> +1000
>> @@ -20,6 +20,9 @@
>> type dhcpd_initrc_exec_t;
>> init_script_file(dhcpd_initrc_exec_t)
>>
>> +type dhcpd_unit_t;
>> +init_unit_file(dhcpd_unit_t)
>> +
>> type dhcpd_state_t;
>> files_type(dhcpd_state_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ftp.fc
>> ./policy/modules/contrib/ftp.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/ftp.fc 2016-07-30
>> 08:14:41.101649971 +1000
>> +++ ./policy/modules/contrib/ftp.fc 2016-08-03 15:58:36.593020353
>> +1000
>> @@ -26,3 +26,6 @@
>> /var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
>> /var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
>> /var/log/xferreport.* --
>> gen_context(system_u:object_r:xferlog_t,s0)
>> +
>> +/usr/lib/systemd/system/vsftpd.*\.service --
>> gen_context(system_u:object_r:ftpd_unit_t,s0)
>> +/usr/lib/systemd/system/proftpd.*\.service --
>> gen_context(system_u:object_r:ftpd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ftp.te
>> ./policy/modules/contrib/ftp.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/ftp.te 2016-07-30
>> 08:14:41.101649971 +1000
>> +++ ./policy/modules/contrib/ftp.te 2016-08-03 15:58:36.581020025
>> +1000
>> @@ -127,6 +127,9 @@
>> type ftpd_keytab_t;
>> files_type(ftpd_keytab_t)
>>
>> +type ftpd_unit_t;
>> +init_unit_file(ftpd_unit_t)
>> +
>> type ftpd_lock_t;
>> files_lock_file(ftpd_lock_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/kdump.fc
>> ./policy/modules/contrib/kdump.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/kdump.fc
>> 2016-07-30 08:14:41.109650183 +1000
>> +++ ./policy/modules/contrib/kdump.fc 2016-08-03 15:58:36.581020025
>> +1000
>> @@ -11,3 +11,5 @@
>>
>> /usr/sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0)
>> /usr/sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0)
>> +
>> +/usr/lib/systemd/system/kdump.*\.service --
>> gen_context(system_u:object_r:kdump_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ldap.fc
>> ./policy/modules/contrib/ldap.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/ldap.fc 2016-07-30
>> 08:14:41.113650288 +1000
>> +++ ./policy/modules/contrib/ldap.fc 2016-08-03 15:58:36.581020025
>> +1000
>> @@ -27,3 +27,5 @@
>> /var/run/slapd.* -s
>> gen_context(system_u:object_r:slapd_var_run_t,s0)
>> /var/run/slapd\.args --
>> gen_context(system_u:object_r:slapd_var_run_t,s0)
>> /var/run/slapd\.pid --
>> gen_context(system_u:object_r:slapd_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/slapd.*\.service --
>> gen_context(system_u:object_r:slapd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ldap.te
>> ./policy/modules/contrib/ldap.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/ldap.te 2016-07-30
>> 08:14:41.113650288 +1000
>> +++ ./policy/modules/contrib/ldap.te 2016-08-03 15:58:36.581020025
>> +1000
>> @@ -24,6 +24,9 @@
>> type slapd_keytab_t;
>> files_type(slapd_keytab_t)
>>
>> +type slapd_unit_t;
>> +init_unit_file(slapd_unit_t)
>> +
>> type slapd_lock_t;
>> files_lock_file(slapd_lock_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/mysql.fc
>> ./policy/modules/contrib/mysql.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/mysql.fc
>> 2016-07-30 08:14:41.121650499 +1000
>> +++ ./policy/modules/contrib/mysql.fc 2016-08-03 15:58:36.581020025
>> +1000
>> @@ -25,3 +25,5 @@
>> /var/run/mysqld.* gen_context(system_u:object_r:mysqld_var_run_t,s0)
>> /var/run/mysqlmanager.* --
>> gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
>> /var/run/mysqld/mysqlmanager.* --
>> gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/mysqld.*\.service --
>> gen_context(system_u:object_r:mysqld_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/mysql.te
>> ./policy/modules/contrib/mysql.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/mysql.te
>> 2016-07-30 08:14:41.121650499 +1000
>> +++ ./policy/modules/contrib/mysql.te 2016-08-03 15:58:36.581020025
>> +1000
>> @@ -38,6 +38,9 @@
>> type mysqld_home_t;
>> userdom_user_home_content(mysqld_home_t)
>>
>> +type mysqld_unit_t;
>> +init_unit_file(mysqld_unit_t)
>> +
>> type mysqld_initrc_exec_t;
>> init_script_file(mysqld_initrc_exec_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nis.fc
>> ./policy/modules/contrib/nis.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/nis.fc 2016-07-30
>> 08:14:41.125650605 +1000
>> +++ ./policy/modules/contrib/nis.fc 2016-08-03 15:58:36.585020134
>> +1000
>> @@ -20,3 +20,8 @@
>> /var/run/ypbind.* --
>> gen_context(system_u:object_r:ypbind_var_run_t,s0)
>> /var/run/ypserv.* --
>> gen_context(system_u:object_r:ypserv_var_run_t,s0)
>> /var/run/yppass.* --
>> gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/ypbind.*\.service --
>> gen_context(system_u:object_r:ypbind_unit_t,s0)
>> +/usr/lib/systemd/system/ypserv.*\.service --
>> gen_context(system_u:object_r:nis_unit_t,s0)
>> +/usr/lib/systemd/system/yppasswdd.*\.service --
>> gen_context(system_u:object_r:nis_unit_t,s0)
>> +/usr/lib/systemd/system/ypxfrd.*\.service --
>> gen_context(system_u:object_r:nis_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nis.te
>> ./policy/modules/contrib/nis.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/nis.te 2016-07-30
>> 08:14:41.125650605 +1000
>> +++ ./policy/modules/contrib/nis.te 2016-08-03 15:58:36.585020134
>> +1000
>> @@ -27,6 +27,9 @@
>> type ypbind_var_run_t;
>> files_pid_file(ypbind_var_run_t)
>>
>> +type ypbind_unit_t;
>> +init_unit_file(ypbind_unit_t)
>> +
>> type yppasswdd_t;
>> type yppasswdd_exec_t;
>> init_daemon_domain(yppasswdd_t, yppasswdd_exec_t)
>> @@ -55,6 +58,9 @@
>> type ypxfr_var_run_t;
>> files_pid_file(ypxfr_var_run_t)
>>
>> +type nis_unit_t;
>> +init_unit_file(nis_unit_t)
>> +
>> ########################################
>> #
>> # ypbind local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/nscd.te
>> ./policy/modules/contrib/nscd.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/nscd.te 2016-07-30
>> 08:14:41.125650605 +1000
>> +++ ./policy/modules/contrib/nscd.te 2016-08-03 15:58:36.585020134
>> +1000
>> @@ -31,6 +31,9 @@
>> type nscd_initrc_exec_t;
>> init_script_file(nscd_initrc_exec_t)
>>
>> +type nscd_unit_t;
>> +init_unit_file(nscd_unit_t)
>> +
>> type nscd_log_t;
>> logging_log_file(nscd_log_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ntp.fc
>> ./policy/modules/contrib/ntp.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/ntp.fc 2016-07-30
>> 08:14:41.125650605 +1000
>> +++ ./policy/modules/contrib/ntp.fc 2016-08-03 15:58:36.585020134
>> +1000
>> @@ -27,3 +27,7 @@
>> /var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
>>
>> /var/run/ntpd\.pid --
>> gen_context(system_u:object_r:ntpd_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/ntpd.*\.service --
>> gen_context(system_u:object_r:ntpd_unit_t,s0)
>> +
>> +/usr/usr/lib/systemd/system/ntpd.*\.service --
>> gen_context(system_u:object_r:ntpd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ppp.fc
>> ./policy/modules/contrib/ppp.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/ppp.fc 2016-07-30
>> 08:14:41.133650816 +1000
>> +++ ./policy/modules/contrib/ppp.fc 2016-08-03 15:58:36.585020134
>> +1000
>> @@ -28,3 +28,5 @@
>> /var/run/pppd[0-9]*\.tdb --
>> gen_context(system_u:object_r:pppd_var_run_t,s0)
>> /var/run/ppp(/.*)? gen_context(system_u:object_r:pppd_var_run_t,s0)
>> /var/run/pptp(/.*)? gen_context(system_u:object_r:pptp_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/ppp.*\.service --
>> gen_context(system_u:object_r:pppd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/ppp.te
>> ./policy/modules/contrib/ppp.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/ppp.te 2016-07-30
>> 08:14:41.133650816 +1000
>> +++ ./policy/modules/contrib/ppp.te 2016-08-03 15:58:36.585020134
>> +1000
>> @@ -41,6 +41,9 @@
>> type pppd_initrc_exec_t alias pppd_script_exec_t;
>> init_script_file(pppd_initrc_exec_t)
>>
>> +type pppd_unit_t;
>> +init_unit_file(pppd_unit_t)
>> +
>> type pppd_secret_t;
>> files_type(pppd_secret_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/rpc.fc
>> ./policy/modules/contrib/rpc.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/rpc.fc 2016-07-30
>> 08:14:41.141651028 +1000
>> +++ ./policy/modules/contrib/rpc.fc 2016-08-03 15:58:36.589020244
>> +1000
>> @@ -20,3 +20,6 @@
>>
>> /var/run/rpc\.statd(/.*)?
>> gen_context(system_u:object_r:rpcd_var_run_t,s0)
>> /var/run/rpc\.statd\.pid --
>> gen_context(system_u:object_r:rpcd_var_run_t,s0)
>> +
>> +/usr/lib/systemd/system/nfs.*\.service --
>> gen_context(system_u:object_r:nfsd_unit_t,s0)
>> +/usr/lib/systemd/system/rpc.*\.service --
>> gen_context(system_u:object_r:rpcd_unit_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/rpc.te
>> ./policy/modules/contrib/rpc.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/rpc.te 2016-07-30
>> 08:14:41.145651133 +1000
>> +++ ./policy/modules/contrib/rpc.te 2016-08-03 15:58:36.589020244
>> +1000
>> @@ -52,11 +52,17 @@
>> type rpcd_initrc_exec_t;
>> init_script_file(rpcd_initrc_exec_t)
>>
>> +type rpcd_unit_t;
>> +init_unit_file(rpcd_unit_t)
>> +
>> rpc_domain_template(nfsd)
>>
>> type nfsd_initrc_exec_t;
>> init_script_file(nfsd_initrc_exec_t)
>>
>> +type nfsd_unit_t;
>> +init_unit_file(nfsd_unit_t)
>> +
>> type nfsd_rw_t;
>> files_type(nfsd_rw_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/samba.fc
>> ./policy/modules/contrib/samba.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/samba.fc
>> 2016-07-30 08:14:41.145651133 +1000
>> +++ ./policy/modules/contrib/samba.fc 2016-08-03 15:58:36.589020244
>> +1000
>> @@ -8,6 +8,8 @@
>> /etc/samba/smbpasswd --
>> gen_context(system_u:object_r:samba_secrets_t,s0)
>> /etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0)
>>
>> +/usr/lib/systemd/system/smb.*\.service --
>> gen_context(system_u:object_r:samba_unit_t,s0)
>> +
>> /usr/bin/net -- gen_context(system_u:object_r:samba_net_exec_t,s0)
>> /usr/bin/ntlm_auth --
>> gen_context(system_u:object_r:winbind_helper_exec_t,s0)
>> /usr/bin/smbcontrol --
>> gen_context(system_u:object_r:smbcontrol_exec_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/samba.te
>> ./policy/modules/contrib/samba.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/samba.te
>> 2016-07-30 08:14:41.145651133 +1000
>> +++ ./policy/modules/contrib/samba.te 2016-08-03 15:58:36.589020244
>> +1000
>> @@ -113,6 +113,9 @@
>> type samba_initrc_exec_t;
>> init_script_file(samba_initrc_exec_t)
>>
>> +type samba_unit_t;
>> +init_unit_file(samba_unit_t)
>> +
>> type samba_log_t;
>> logging_log_file(samba_log_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/tor.fc
>> ./policy/modules/contrib/tor.fc
>> --- /home/rjc/src/pol-git/policy/modules/contrib/tor.fc 2016-07-30
>> 08:14:41.153651345 +1000
>> +++ ./policy/modules/contrib/tor.fc 2016-08-03 15:58:36.589020244
>> +1000
>> @@ -5,6 +5,8 @@
>> /usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
>> /usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
>>
>> +/usr/lib/systemd/system/tor.*\.service --
>> gen_context(system_u:object_r:tor_unit_t,s0)
>> +
>> /var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
>> /var/lib/tor-data(/.*)?
>> gen_context(system_u:object_r:tor_var_lib_t,s0)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/contrib/tor.te
>> ./policy/modules/contrib/tor.te
>> --- /home/rjc/src/pol-git/policy/modules/contrib/tor.te 2016-07-30
>> 08:14:41.153651345 +1000
>> +++ ./policy/modules/contrib/tor.te 2016-08-03 15:58:36.589020244
>> +1000
>> @@ -33,6 +33,9 @@
>> files_pid_file(tor_var_run_t)
>> init_daemon_pid_file(tor_var_run_t, dir, "tor")
>>
>> +type tor_unit_t;
>> +init_unit_file(tor_unit_t)
>> +
>> ########################################
>> #
>> # Local policy
>> diff -ru /home/rjc/src/pol-git/policy/modules/system/init.te
>> ./policy/modules/system/init.te
>> --- /home/rjc/src/pol-git/policy/modules/system/init.te 2016-07-28
>> 20:33:39.967961825 +1000
>> +++ ./policy/modules/system/init.te 2016-08-03 15:45:01.782699499
>> +1000
>> @@ -568,6 +568,9 @@
>> userdom_use_user_terminals(initrc_t)
>>
>> ifdef(`distro_debian',`
>> + kernel_getattr_core_if(initrc_t)
>> +
>> + dev_getattr_generic_blk_files(initrc_t)
>> dev_setattr_generic_dirs(initrc_t)
>>
>> fs_tmpfs_filetrans(initrc_t, initrc_var_run_t, dir)
>> diff -ru /home/rjc/src/pol-git/policy/modules/system/logging.fc
>> ./policy/modules/system/logging.fc
>> --- /home/rjc/src/pol-git/policy/modules/system/logging.fc
>> 2016-07-28 20:33:39.967961825 +1000
>> +++ ./policy/modules/system/logging.fc 2016-08-03
>> 15:58:36.589020244 +1000
>> @@ -27,6 +27,7 @@
>> /usr/sbin/rsyslogd --
>> gen_context(system_u:object_r:syslogd_exec_t,s0)
>> /usr/sbin/syslog-ng --
>> gen_context(system_u:object_r:syslogd_exec_t,s0)
>> /usr/sbin/syslogd --
>> gen_context(system_u:object_r:syslogd_exec_t,s0)
>> +/usr/lib/systemd/system/rsyslog.*\.service --
>> gen_context(system_u:object_r:syslogd_unit_t,s0)
>>
>> /var/lib/misc/syslog-ng.persist-? --
>> gen_context(system_u:object_r:syslogd_var_lib_t,s0)
>> /var/lib/syslog-ng(/.*)?
>> gen_context(system_u:object_r:syslogd_var_lib_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/system/selinuxutil.fc
>> ./policy/modules/system/selinuxutil.fc
>> --- /home/rjc/src/pol-git/policy/modules/system/selinuxutil.fc
>> 2016-07-28 20:33:39.971961928 +1000
>> +++ ./policy/modules/system/selinuxutil.fc 2016-08-03
>> 15:58:36.593020353 +1000
>> @@ -36,6 +36,7 @@
>>
>> /usr/sbin/load_policy --
>> gen_context(system_u:object_r:load_policy_exec_t,s0)
>> /usr/sbin/restorecond --
>> gen_context(system_u:object_r:restorecond_exec_t,s0)
>> +/usr/lib/systemd/system/restorecond.*\.service --
>> gen_context(system_u:object_r:restorecond_unit_t,s0)
>> /usr/sbin/run_init --
>> gen_context(system_u:object_r:run_init_exec_t,s0)
>> /usr/sbin/setfiles.* --
>> gen_context(system_u:object_r:setfiles_exec_t,s0)
>> /usr/sbin/setsebool --
>> gen_context(system_u:object_r:semanage_exec_t,s0)
>> diff -ru /home/rjc/src/pol-git/policy/modules/system/selinuxutil.te
>> ./policy/modules/system/selinuxutil.te
>> --- /home/rjc/src/pol-git/policy/modules/system/selinuxutil.te
>> 2016-07-28 20:33:39.971961928 +1000
>> +++ ./policy/modules/system/selinuxutil.te 2016-08-03
>> 15:58:36.593020353 +1000
>> @@ -85,6 +85,9 @@
>> domain_obj_id_change_exemption(restorecond_t)
>> role system_r types restorecond_t;
>>
>> +type restorecond_unit_t;
>> +init_unit_file(restorecond_unit_t)
>> +
>> type restorecond_var_run_t;
>> files_pid_file(restorecond_var_run_t)
>>
>> diff -ru /home/rjc/src/pol-git/policy/modules/system/setrans.fc
>> ./policy/modules/system/setrans.fc
>> --- /home/rjc/src/pol-git/policy/modules/system/setrans.fc
>> 2016-07-28 20:33:39.971961928 +1000
>> +++ ./policy/modules/system/setrans.fc 2016-08-03
>> 15:58:36.593020353 +1000
>> @@ -1,5 +1,6 @@
>> /etc/rc\.d/init\.d/mcstrans --
>> gen_context(system_u:object_r:setrans_initrc_exec_t,s0)
>>
>> /sbin/mcstransd --
>> gen_context(system_u:object_r:setrans_exec_t,s0)
>> +/usr/lib/systemd/system/mcstrans.*\.service --
>> gen_context(system_u:object_r:setrans_unit_t,s0)
>>
>> /var/run/setrans(/.*)?
>> gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
>
>
>
--
Chris PeBenito