diff options
| author |   Jason Zaman <jason@perfinion.com> | 2017-02-05 23:07:38 +0800 |
|---|---|---|
| committer | Jason Zaman <jason@perfinion.com> | 2017-02-05 23:10:31 +0800 |
| commit | 0daaba932bdff924e1e9bbb75d258b49ab21bb4a (patch) | |
| tree | b7fb6b1d46720734cd3adbe3b4e9640df3b32744 | |
| parent | usrmerge: Add gentoo-specific /usr fcontexts (diff) | |
| download | hardened-refpolicy-0daaba93.tar.gz hardened-refpolicy-0daaba93.tar.bz2 hardened-refpolicy-0daaba93.zip | |
transition gentoo-specific fcontexts to /run
commit c80ffeb4cb306cebeb849844203d53c3a576bcab
Author: cgzones <cgzones@googlemail.com>
Date: Sat Dec 17 04:17:52 2016
transition file contexts to /run
updated the fcontexts for upstream. this commit updates the rest of the
missing fcontexts.
| -rw-r--r-- | policy/modules/contrib/at.fc | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/ceph.fc | 12 | ||||
| -rw-r--r-- | policy/modules/contrib/cgmanager.fc | 6 | ||||
| -rw-r--r-- | policy/modules/contrib/dirsrv.fc | 4 | ||||
| -rw-r--r-- | policy/modules/contrib/networkmanager.fc | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/ntp.fc | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/phpfpm.fc | 4 | ||||
| -rw-r--r-- | policy/modules/contrib/qemu.fc | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/resolvconf.fc | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/salt.fc | 10 | ||||
| -rw-r--r-- | policy/modules/contrib/subsonic.fc | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/uwsgi.fc | 4 | ||||
| -rw-r--r-- | policy/modules/contrib/vde.fc | 2 | ||||
| -rw-r--r-- | policy/modules/system/init.fc | 2 | ||||
| -rw-r--r-- | policy/modules/system/lvm.fc | 2 | ||||
| -rw-r--r-- | policy/modules/system/sysnetwork.fc | 4 | ||||
| -rw-r--r-- | policy/modules/system/tmpfiles.fc | 2 | ||||
| -rw-r--r-- | policy/modules/system/udev.fc | 4 |
18 files changed, 35 insertions, 33 deletions
diff --git a/policy/modules/contrib/at.fc b/policy/modules/contrib/at.fc index ba2e7a13..b3cf1863 100644 --- a/policy/modules/contrib/at.fc +++ b/policy/modules/contrib/at.fc @@ -3,7 +3,7 @@ /usr/bin/at -- gen_context(system_u:object_r:at_exec_t,s0) /usr/sbin/atd -- gen_context(system_u:object_r:atd_exec_t,s0) -/var/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0) +/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0) /var/spool/at(/.*)? gen_context(system_u:object_r:at_spool_t,s0) /var/spool/at/atjobs(/.*)? gen_context(system_u:object_r:at_job_t,s0) diff --git a/policy/modules/contrib/ceph.fc b/policy/modules/contrib/ceph.fc index 1548b1e3..8e2e1799 100644 --- a/policy/modules/contrib/ceph.fc +++ b/policy/modules/contrib/ceph.fc @@ -1,7 +1,7 @@ # # /etc # -/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0) +/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0) /etc/ceph/.*\.secret -- gen_context(system_u:object_r:ceph_key_t,s0) /etc/ceph/.*\.keyring -- gen_context(system_u:object_r:ceph_key_t,s0) /etc/rc\.d/init\.d/ceph.* gen_context(system_u:object_r:ceph_initrc_exec_t,s0) @@ -23,8 +23,8 @@ /var/log/ceph(/.*)? gen_context(system_u:object_r:ceph_log_t,s0) -/var/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0) -/var/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0) -/var/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0) -/var/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0) -/var/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0) +/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0) +/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0) +/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0) +/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0) +/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0) diff --git a/policy/modules/contrib/cgmanager.fc b/policy/modules/contrib/cgmanager.fc index 17c6f882..d53e92f5 100644 --- a/policy/modules/contrib/cgmanager.fc +++ b/policy/modules/contrib/cgmanager.fc @@ -4,6 +4,6 @@ /sys/fs/cgroup/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_cgroup_t,s0) -/var/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0) -/var/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0) -/var/run/cgmanager/fs(/.*)? <<none>> +/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0) +/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0) +/run/cgmanager/fs(/.*)? <<none>> diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc index f7590a03..88b1a6eb 100644 --- a/policy/modules/contrib/dirsrv.fc +++ b/policy/modules/contrib/dirsrv.fc @@ -6,7 +6,7 @@ /var/lock/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lock_t,s0) /var/log/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_log_t,s0) /var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0) -/var/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0) -/var/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) +/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0) +/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) /etc/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_config_t,s0) diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc index d24e9f0c..fe5f8b4c 100644 --- a/policy/modules/contrib/networkmanager.fc +++ b/policy/modules/contrib/networkmanager.fc @@ -44,4 +44,4 @@ /run/nm-dns-dnsmasq\.conf -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0) -/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0) +/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0) diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc index a5a1ac6d..16428bc2 100644 --- a/policy/modules/contrib/ntp.fc +++ b/policy/modules/contrib/ntp.fc @@ -28,7 +28,7 @@ /var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0) /run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0) -/var/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0) +/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0) ifdef(`distro_gentoo',` /usr/bin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0) diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc index 51da02a9..dd00177a 100644 --- a/policy/modules/contrib/phpfpm.fc +++ b/policy/modules/contrib/phpfpm.fc @@ -1,5 +1,5 @@ /usr/lib(64)?/php.*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0) -/var/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0) +/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0) /var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0) -/var/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0) +/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0) diff --git a/policy/modules/contrib/qemu.fc b/policy/modules/contrib/qemu.fc index cfb18ece..db9ff368 100644 --- a/policy/modules/contrib/qemu.fc +++ b/policy/modules/contrib/qemu.fc @@ -13,5 +13,5 @@ ifdef(`distro_gentoo',` /var/log/qemu-ga.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0) /var/log/qemu-ga(/.*)? -- gen_context(system_u:object_r:qemu_ga_log_t,s0) -/var/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) +/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) ') diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc index 7db4cb82..651bbe0a 100644 --- a/policy/modules/contrib/resolvconf.fc +++ b/policy/modules/contrib/resolvconf.fc @@ -4,4 +4,4 @@ /usr/sbin/resolvconf -- gen_context(system_u:object_r:resolvconf_exec_t,s0) -/var/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0) +/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0) diff --git a/policy/modules/contrib/salt.fc b/policy/modules/contrib/salt.fc index 22c2d13e..ccc8028f 100644 --- a/policy/modules/contrib/salt.fc +++ b/policy/modules/contrib/salt.fc @@ -16,11 +16,11 @@ /var/log/salt/master -- gen_context(system_u:object_r:salt_master_log_t,s0) /var/log/salt/minion -- gen_context(system_u:object_r:salt_minion_log_t,s0) -/var/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0) -/var/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0) -/var/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0) -/var/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0) -/var/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0) +/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0) +/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0) +/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0) +/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0) +/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0) /var/cache/salt -d gen_context(system_u:object_r:salt_cache_t,s0) /var/cache/salt/master(/.*)? gen_context(system_u:object_r:salt_master_cache_t,s0) diff --git a/policy/modules/contrib/subsonic.fc b/policy/modules/contrib/subsonic.fc index b1d2550c..df15d39e 100644 --- a/policy/modules/contrib/subsonic.fc +++ b/policy/modules/contrib/subsonic.fc @@ -3,4 +3,4 @@ /var/lib/subsonic(/.*)? gen_context(system_u:object_r:subsonic_var_lib_t,s0) -/var/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0) +/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0) diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc index 7d2210b0..2cf031c1 100644 --- a/policy/modules/contrib/uwsgi.fc +++ b/policy/modules/contrib/uwsgi.fc @@ -2,8 +2,10 @@ /usr/bin/uwsgi.* -- gen_context(system_u:object_r:uwsgi_exec_t,s0) +/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0) + /var/log/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_var_log_t,s0) -/var/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0) + /var/www/wsgi/.*\.so -- gen_context(system_u:object_r:uwsgi_content_exec_t,s0) /var/www/wsgi/.*/bin/.* gen_context(system_u:object_r:uwsgi_content_exec_t,s0) /var/www/wsgi(/.*)? gen_context(system_u:object_r:uwsgi_content_t,s0) diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc index d449e06d..fa0b6b28 100644 --- a/policy/modules/contrib/vde.fc +++ b/policy/modules/contrib/vde.fc @@ -1,5 +1,5 @@ /etc/rc\.d/init\.d/vde -- gen_context(system_u:object_r:vde_initrc_exec_t,s0) /usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0) /usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0) -/var/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0) +/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0) /tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 19a953f9..1fb15ae0 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -94,5 +94,5 @@ ifdef(`distro_gentoo',` # /var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0) -/var/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) +/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) ') diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index 3fc24cc0..e50ce47a 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -101,7 +101,7 @@ ifdef(`distro_gentoo',` ifdef(`distro_gentoo',` # Bug 529430 comment 7 /usr/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0) -/var/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0) +/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0) # Bug 529430 comment 8 /usr/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0) diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc index 2c93c410..a2329a85 100644 --- a/policy/modules/system/sysnetwork.fc +++ b/policy/modules/system/sysnetwork.fc @@ -73,6 +73,6 @@ ifdef(`distro_debian',` ifdef(`distro_gentoo',` /usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:dhcpc_script_exec_t,s0) -/var/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) -/var/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) ') diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc index 3f9b2b88..47fd4b8c 100644 --- a/policy/modules/system/tmpfiles.fc +++ b/policy/modules/system/tmpfiles.fc @@ -1,6 +1,6 @@ /etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0) -/var/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0) +/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0) /usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) /usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc index de646705..709d8330 100644 --- a/policy/modules/system/udev.fc +++ b/policy/modules/system/udev.fc @@ -49,6 +49,6 @@ ifdef(`distro_gentoo',` /usr/lib/ConsoleKit/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0) -/var/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0) -/var/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0) +/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0) +/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0) ') |