From: sven.vermeulen@siphos.be (Sven Vermeulen) Date: Thu, 9 Aug 2012 19:44:59 +0200 Subject: [refpolicy] [PATCH v2 1/2] Use substititions for /usr/local/lib and /etc/init.d In-Reply-To: <20120809174351.GA32628@siphos.be> References: <20120809174351.GA32628@siphos.be> Message-ID: <20120809174458.GB32628@siphos.be> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Introduce the substitutions for the /usr/local/lib* locations (towards /usr/lib) and /etc/init.d (towards /etc/rc.d/init.d). Update the file contexts of the translated locations. Signed-off-by: Sven Vermeulen --- config/file_contexts.subs_dist | 4 ++++ policy/modules/kernel/corecommands.fc | 3 --- policy/modules/kernel/files.fc | 2 +- policy/modules/services/xserver.fc | 4 ++-- policy/modules/system/init.fc | 2 -- policy/modules/system/ipsec.fc | 5 ----- policy/modules/system/libraries.fc | 1 - 7 files changed, 7 insertions(+), 14 deletions(-) diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist index 32b87a4..5c93bb4 100644 --- a/config/file_contexts.subs_dist +++ b/config/file_contexts.subs_dist @@ -1,7 +1,11 @@ +/etc/init.d /etc/rc.d/init.d /lib32 /lib /lib64 /lib /run /var/run /run/lock /var/lock /usr/lib32 /usr/lib /usr/lib64 /usr/lib +/usr/local/lib32 /usr/lib +/usr/local/lib64 /usr/lib +/usr/local/lib/ /usr/lib/ /var/run/lock /var/lock diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 16b3f1b..9020aa1 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -66,8 +66,6 @@ ifdef(`distro_redhat',` /etc/hotplug/hotplug\.functions -- gen_context(system_u:object_r:bin_t,s0) /etc/hotplug\.d/default/default.* gen_context(system_u:object_r:bin_t,s0) -/etc/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0) - /etc/kde/env(/.*)? gen_context(system_u:object_r:bin_t,s0) /etc/kde/shutdown(/.*)? gen_context(system_u:object_r:bin_t,s0) @@ -257,7 +255,6 @@ ifdef(`distro_gentoo',` /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) -/usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0) /usr/local/Brother(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/local/Printer(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc index 8796ca3..1975fc4 100644 --- a/policy/modules/kernel/files.fc +++ b/policy/modules/kernel/files.fc @@ -84,7 +84,7 @@ ifdef(`distro_redhat',` ifdef(`distro_suse',` /etc/defkeymap\.map -- gen_context(system_u:object_r:etc_runtime_t,s0) -/etc/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/rc\.d/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0) ') # diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc index fc86b7c..be8f670 100644 --- a/policy/modules/services/xserver.fc +++ b/policy/modules/services/xserver.fc @@ -22,13 +22,13 @@ HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:xauth_home_t,s0) /etc/gdm/PreSession/.* -- gen_context(system_u:object_r:xsession_exec_t,s0) /etc/gdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) -/etc/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0) - /etc/kde[34]?/kdm/Xstartup -- gen_context(system_u:object_r:xsession_exec_t,s0) /etc/kde[34]?/kdm/Xreset -- gen_context(system_u:object_r:xsession_exec_t,s0) /etc/kde[34]?/kdm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) /etc/kde[34]?/kdm/backgroundrc gen_context(system_u:object_r:xdm_var_run_t,s0) +/etc/rc\.d/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0) + /etc/X11/[wx]dm/Xreset.* -- gen_context(system_u:object_r:xsession_exec_t,s0) /etc/X11/[wxg]dm/Xsession -- gen_context(system_u:object_r:xsession_exec_t,s0) /etc/X11/wdm(/.*)? gen_context(system_u:object_r:xdm_rw_etc_t,s0) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index d2e40b8..03e27db 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -1,8 +1,6 @@ # # /etc # -/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) - /etc/rc\.d/rc -- gen_context(system_u:object_r:initrc_exec_t,s0) /etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0) diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc index ec85acb..662e79b 100644 --- a/policy/modules/system/ipsec.fc +++ b/policy/modules/system/ipsec.fc @@ -27,11 +27,6 @@ /usr/libexec/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0) /usr/libexec/nm-openswan-service -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0) -/usr/local/lib(64)?/ipsec/eroute -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/usr/local/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0) -/usr/local/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0) - /usr/sbin/ipsec -- gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0) /usr/sbin/racoon -- gen_context(system_u:object_r:racoon_exec_t,s0) /usr/sbin/setkey -- gen_context(system_u:object_r:setkey_exec_t,s0) diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc index ef8bbaf..f302477 100644 --- a/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc @@ -242,7 +242,6 @@ HOME_DIR/.*/plugins/nppdf\.so.* -- gen_context(system_u:object_r:textrel_shlib_ /usr/lib.*/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/local(/.*)?/libmpg123\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/local/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) HOME_DIR/.*/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) HOME_DIR/.mozilla/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -- 1.7.8.6