From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 705D01381F3 for ; Wed, 25 Sep 2013 17:50:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 14B4EE0E7D; Wed, 25 Sep 2013 17:50:18 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 859B6E0E7D for ; Wed, 25 Sep 2013 17:50:17 +0000 (UTC) Received: from hornbill.gentoo.org (hornbill.gentoo.org [94.100.119.163]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 5F8B233BDD3 for ; Wed, 25 Sep 2013 17:50:16 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by hornbill.gentoo.org (Postfix) with ESMTP id 18DAAE5309 for ; Wed, 25 Sep 2013 17:50:15 +0000 (UTC) From: "Sven Vermeulen" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sven Vermeulen" Message-ID: <1380131386.e26d881593866de2d16eebdb7b5330dc90912492.swift@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/aide.fc policy/modules/contrib/amtu.fc policy/modules/contrib/apt.fc policy/modules/contrib/cron.fc policy/modules/contrib/dbskk.fc policy/modules/contrib/dhcp.fc policy/modules/contrib/entropyd.fc policy/modules/contrib/finger.fc policy/modules/contrib/firewallgui.fc policy/modules/contrib/hal.fc policy/modules/contrib/inetd.fc policy/modules/contrib/ircd.fc policy/modules/contrib/mailman.fc policy/modules/contrib/mandb.fc policy/modules/contrib/minidlna.fc policy/modules/contrib/nagios.fc policy/modules/contrib/networkmanager.fc policy/modules/contrib/puppet.fc policy/modules/contrib/radius.fc policy/modules/contrib/smoltclient.fc policy/modules/contrib/smstools.fc policy/modules/contrib/snmp.fc policy/modules/contrib/snort.fc policy/modules/contrib/tcsd.fc policy/modules/contrib/tftp.fc policy/modules/contrib/tmpreaper.fc policy/modules/contrib/tor.fc policy/modules/contrib/tuned.fc policy/modules/contrib/uwimap.fc policy/modules/contrib/virt.fc policy/modules/contrib/w3c.fc policy/modules/contrib/zabbix.fc X-VCS-Directories: policy/modules/contrib/ X-VCS-Committer: swift X-VCS-Committer-Name: Sven Vermeulen X-VCS-Revision: e26d881593866de2d16eebdb7b5330dc90912492 X-VCS-Branch: master Date: Wed, 25 Sep 2013 17:50:15 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 7e1af13c-8778-4cb9-a3a0-a1cf3069b6a5 X-Archives-Hash: ef24a9a1f4a4849a60b1f1133642b3d1 commit: e26d881593866de2d16eebdb7b5330dc90912492 Author: Dominick Grift gmail com> AuthorDate: Wed Sep 25 11:49:18 2013 +0000 Commit: Sven Vermeulen gentoo org> CommitDate: Wed Sep 25 17:49:46 2013 +0000 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e26d8815 Cleanups of various modules with regard to regular expressions and white space Signed-off-by: Dominick Grift gmail.com> --- policy/modules/contrib/aide.fc | 3 +- policy/modules/contrib/amtu.fc | 4 +-- policy/modules/contrib/apt.fc | 4 +-- policy/modules/contrib/cron.fc | 61 ++++++++++++++++---------------- policy/modules/contrib/dbskk.fc | 1 - policy/modules/contrib/dhcp.fc | 8 ++--- policy/modules/contrib/entropyd.fc | 2 +- policy/modules/contrib/finger.fc | 4 +-- policy/modules/contrib/firewallgui.fc | 2 +- policy/modules/contrib/hal.fc | 6 ++-- policy/modules/contrib/inetd.fc | 7 ++-- policy/modules/contrib/ircd.fc | 4 +-- policy/modules/contrib/mailman.fc | 3 +- policy/modules/contrib/mandb.fc | 3 +- policy/modules/contrib/minidlna.fc | 6 ++-- policy/modules/contrib/nagios.fc | 7 ++-- policy/modules/contrib/networkmanager.fc | 14 +++----- policy/modules/contrib/puppet.fc | 10 ++---- policy/modules/contrib/radius.fc | 2 +- policy/modules/contrib/smoltclient.fc | 2 +- policy/modules/contrib/smstools.fc | 2 +- policy/modules/contrib/snmp.fc | 2 +- policy/modules/contrib/snort.fc | 4 +-- policy/modules/contrib/tcsd.fc | 3 +- policy/modules/contrib/tftp.fc | 2 +- policy/modules/contrib/tmpreaper.fc | 4 +-- policy/modules/contrib/tor.fc | 4 +-- policy/modules/contrib/tuned.fc | 2 +- policy/modules/contrib/uwimap.fc | 2 +- policy/modules/contrib/virt.fc | 5 ++- policy/modules/contrib/w3c.fc | 2 +- policy/modules/contrib/zabbix.fc | 15 ++++---- 32 files changed, 85 insertions(+), 115 deletions(-) diff --git a/policy/modules/contrib/aide.fc b/policy/modules/contrib/aide.fc index b2f47de..15eb282 100644 --- a/policy/modules/contrib/aide.fc +++ b/policy/modules/contrib/aide.fc @@ -1,5 +1,4 @@ -/usr/bin/aide -- gen_context(system_u:object_r:aide_exec_t,mls_systemhigh) -/usr/sbin/aide -- gen_context(system_u:object_r:aide_exec_t,mls_systemhigh) +/usr/s?bin/aide -- gen_context(system_u:object_r:aide_exec_t,mls_systemhigh) /var/lib/aide(/.*)? gen_context(system_u:object_r:aide_db_t,mls_systemhigh) diff --git a/policy/modules/contrib/amtu.fc b/policy/modules/contrib/amtu.fc index 67e5f70..6392306 100644 --- a/policy/modules/contrib/amtu.fc +++ b/policy/modules/contrib/amtu.fc @@ -1,5 +1,3 @@ /etc/rc\.d/init\.d/amtu -- gen_context(system_u:object_r:amtu_initrc_exec_t,s0) -/usr/bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0) - -/usr/sbin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0) +/usr/s?bin/amtu -- gen_context(system_u:object_r:amtu_exec_t,s0) diff --git a/policy/modules/contrib/apt.fc b/policy/modules/contrib/apt.fc index 19418b5..edb4fd4 100644 --- a/policy/modules/contrib/apt.fc +++ b/policy/modules/contrib/apt.fc @@ -1,12 +1,10 @@ /etc/cron\.daily/apt -- gen_context(system_u:object_r:apt_exec_t,s0) +ifndef(`distro_redhat',` /usr/bin/apt-get -- gen_context(system_u:object_r:apt_exec_t,s0) /usr/bin/apt-shell -- gen_context(system_u:object_r:apt_exec_t,s0) /usr/bin/aptitude -- gen_context(system_u:object_r:apt_exec_t,s0) - /usr/sbin/synaptic -- gen_context(system_u:object_r:apt_exec_t,s0) - -ifndef(`distro_redhat',` /usr/lib/packagekit/packagekitd -- gen_context(system_u:object_r:apt_exec_t,s0) /var/cache/PackageKit(/.*)? gen_context(system_u:object_r:apt_var_cache_t,s0) /var/lib/PackageKit(/.*)? gen_context(system_u:object_r:apt_var_lib_t,s0) diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc index 0e0c1f4..d41ecce 100644 --- a/policy/modules/contrib/cron.fc +++ b/policy/modules/contrib/cron.fc @@ -1,61 +1,62 @@ -/etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) -/etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0) - /etc/rc\.d/init\.d/anacron -- gen_context(system_u:object_r:crond_initrc_exec_t,s0) -/usr/bin/(f)?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0) +/etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) +/etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0) + + +/usr/bin/f?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0) -/usr/libexec/fcron -- gen_context(system_u:object_r:crond_exec_t,s0) +/usr/libexec/fcron -- gen_context(system_u:object_r:crond_exec_t,s0) /usr/libexec/fcronsighup -- gen_context(system_u:object_r:crontab_exec_t,s0) -/usr/sbin/anacron -- gen_context(system_u:object_r:anacron_exec_t,s0) -/usr/sbin/cron(d)? -- gen_context(system_u:object_r:crond_exec_t,s0) -/usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0) -/usr/sbin/fcronsighup -- gen_context(system_u:object_r:crontab_exec_t,s0) +/usr/sbin/anacron -- gen_context(system_u:object_r:anacron_exec_t,s0) +/usr/sbin/cron(d)? -- gen_context(system_u:object_r:crond_exec_t,s0) +/usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0) +/usr/sbin/fcronsighup -- gen_context(system_u:object_r:crontab_exec_t,s0) -/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0) +/var/lib/glpi/files(/.*)? gen_context(system_u:object_r:cron_var_lib_t,s0) -/var/log/cron.* gen_context(system_u:object_r:cron_log_t,s0) -/var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0) +/var/log/cron.* gen_context(system_u:object_r:cron_log_t,s0) +/var/log/rpmpkgs.* -- gen_context(system_u:object_r:cron_log_t,s0) -/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/crond?\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/run/.*cron.* -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/crond?\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0) +/var/run/.*cron.* -- gen_context(system_u:object_r:crond_var_run_t,s0) -/var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) +/var/spool/anacron(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0) -/var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0) -#/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0) -/var/spool/cron/[^/]* -- <> +/var/spool/cron -d gen_context(system_u:object_r:cron_spool_t,s0) +#/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0) +/var/spool/cron/[^/]* -- <> /var/spool/cron/crontabs -d gen_context(system_u:object_r:cron_spool_t,s0) /var/spool/cron/crontabs/.* -- <> #/var/spool/cron/crontabs/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0) -/var/spool/fcron -d gen_context(system_u:object_r:cron_spool_t,s0) -/var/spool/fcron/.* <> +/var/spool/fcron -d gen_context(system_u:object_r:cron_spool_t,s0) +/var/spool/fcron/.* <> /var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0) -/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) +/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) /var/spool/fcron/systab\.tmp -- gen_context(system_u:object_r:system_cron_spool_t,s0) /var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) /var/spool/fcron/rm\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0) ifdef(`distro_debian',` -/var/spool/cron/atjobs -d gen_context(system_u:object_r:cron_spool_t,s0) +/var/spool/cron/atjobs -d gen_context(system_u:object_r:cron_spool_t,s0) /var/spool/cron/atjobs/[^/]* -- <> -/var/spool/cron/atspool -d gen_context(system_u:object_r:cron_spool_t,s0) +/var/spool/cron/atspool -d gen_context(system_u:object_r:cron_spool_t,s0) ') ifdef(`distro_gentoo',` -/var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) +/var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) /var/spool/cron/lastrun/[^/]* -- <> ') ifdef(`distro_suse',` -/var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) +/var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) /var/spool/cron/lastrun/[^/]* -- <> -/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0) +/var/spool/cron/tabs -d gen_context(system_u:object_r:cron_spool_t,s0) ') diff --git a/policy/modules/contrib/dbskk.fc b/policy/modules/contrib/dbskk.fc index 7af2590..6fb8fea 100644 --- a/policy/modules/contrib/dbskk.fc +++ b/policy/modules/contrib/dbskk.fc @@ -1,2 +1 @@ - /usr/sbin/dbskkd-cdb -- gen_context(system_u:object_r:dbskkd_exec_t,s0) diff --git a/policy/modules/contrib/dhcp.fc b/policy/modules/contrib/dhcp.fc index 7956248..8182c48 100644 --- a/policy/modules/contrib/dhcp.fc +++ b/policy/modules/contrib/dhcp.fc @@ -1,8 +1,8 @@ /etc/rc\.d/init\.d/dhcpd(6)? -- gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0) -/usr/sbin/dhcpd.* -- gen_context(system_u:object_r:dhcpd_exec_t,s0) +/usr/sbin/dhcpd.* -- gen_context(system_u:object_r:dhcpd_exec_t,s0) -/var/lib/dhcpd(/.*)? gen_context(system_u:object_r:dhcpd_state_t,s0) -/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0) +/var/lib/dhcpd(/.*)? gen_context(system_u:object_r:dhcpd_state_t,s0) +/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0) -/var/run/dhcpd(6)?\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0) +/var/run/dhcpd(6)?\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0) diff --git a/policy/modules/contrib/entropyd.fc b/policy/modules/contrib/entropyd.fc index c698711..ee38542 100644 --- a/policy/modules/contrib/entropyd.fc +++ b/policy/modules/contrib/entropyd.fc @@ -4,4 +4,4 @@ /usr/sbin/haveged -- gen_context(system_u:object_r:entropyd_exec_t,s0) /var/run/audio-entropyd\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) -/var/run/haveged\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) +/var/run/haveged\.pid -- gen_context(system_u:object_r:entropyd_var_run_t,s0) diff --git a/policy/modules/contrib/finger.fc b/policy/modules/contrib/finger.fc index 843940b..5df3720 100644 --- a/policy/modules/contrib/finger.fc +++ b/policy/modules/contrib/finger.fc @@ -1,8 +1,8 @@ /etc/cfingerd(/.*)? gen_context(system_u:object_r:fingerd_etc_t,s0) -/etc/cron\.weekly/(c)?fingerd -- gen_context(system_u:object_r:fingerd_exec_t,s0) +/etc/cron\.weekly/c?fingerd -- gen_context(system_u:object_r:fingerd_exec_t,s0) -/usr/sbin/in\.(x)?fingerd -- gen_context(system_u:object_r:fingerd_exec_t,s0) +/usr/sbin/in\.x?fingerd -- gen_context(system_u:object_r:fingerd_exec_t,s0) /usr/sbin/[cef]fingerd -- gen_context(system_u:object_r:fingerd_exec_t,s0) /var/log/cfingerd\.log.* -- gen_context(system_u:object_r:fingerd_log_t,s0) diff --git a/policy/modules/contrib/firewallgui.fc b/policy/modules/contrib/firewallgui.fc index ef1f43d..94ab048 100644 --- a/policy/modules/contrib/firewallgui.fc +++ b/policy/modules/contrib/firewallgui.fc @@ -1 +1 @@ -/usr/share/system-config-firewall/system-config-firewall-mechanism.py -- gen_context(system_u:object_r:firewallgui_exec_t,s0) +/usr/share/system-config-firewall/system-config-firewall-mechanism\.py -- gen_context(system_u:object_r:firewallgui_exec_t,s0) diff --git a/policy/modules/contrib/hal.fc b/policy/modules/contrib/hal.fc index 2899bad..c9f4520 100644 --- a/policy/modules/contrib/hal.fc +++ b/policy/modules/contrib/hal.fc @@ -1,5 +1,5 @@ -/etc/hal/device\.d/printer_remove\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) /etc/hal/capability\.d/printer_update\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) +/etc/hal/device\.d/printer_remove\.hal -- gen_context(system_u:object_r:hald_exec_t,s0) /usr/bin/hal-setup-keymap -- gen_context(system_u:object_r:hald_keymap_exec_t,s0) @@ -9,14 +9,14 @@ /usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0) /usr/libexec/hald-addon-macbookpro-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0) /usr/libexec/hald-addon-macbook-backlight -- gen_context(system_u:object_r:hald_mac_exec_t,s0) -/usr/sbin/radeontool -- gen_context(system_u:object_r:hald_mac_exec_t,s0) /usr/sbin/hald -- gen_context(system_u:object_r:hald_exec_t,s0) +/usr/sbin/radeontool -- gen_context(system_u:object_r:hald_mac_exec_t,s0) /var/cache/hald(/.*)? gen_context(system_u:object_r:hald_cache_t,s0) -/var/lib/hal(/.*)? gen_context(system_u:object_r:hald_var_lib_t,s0) /var/lib/cache/hald(/.*)? gen_context(system_u:object_r:hald_cache_t,s0) +/var/lib/hal(/.*)? gen_context(system_u:object_r:hald_var_lib_t,s0) /var/log/pm(/.*)? gen_context(system_u:object_r:hald_log_t,s0) diff --git a/policy/modules/contrib/inetd.fc b/policy/modules/contrib/inetd.fc index 2a5a686..d00440b 100644 --- a/policy/modules/contrib/inetd.fc +++ b/policy/modules/contrib/inetd.fc @@ -5,10 +5,9 @@ /usr/sbin/identd -- gen_context(system_u:object_r:inetd_child_exec_t,s0) /usr/sbin/in\..*d -- gen_context(system_u:object_r:inetd_child_exec_t,s0) -/usr/sbin/inetd -- gen_context(system_u:object_r:inetd_exec_t,s0) /usr/sbin/rlinetd -- gen_context(system_u:object_r:inetd_exec_t,s0) -/usr/sbin/xinetd -- gen_context(system_u:object_r:inetd_exec_t,s0) +/usr/sbin/x?inetd -- gen_context(system_u:object_r:inetd_exec_t,s0) -/var/log/(x)?inetd\.log.* -- gen_context(system_u:object_r:inetd_log_t,s0) +/var/log/x?inetd\.log.* -- gen_context(system_u:object_r:inetd_log_t,s0) -/var/run/(x)?inetd\.pid -- gen_context(system_u:object_r:inetd_var_run_t,s0) +/var/run/x?inetd\.pid -- gen_context(system_u:object_r:inetd_var_run_t,s0) diff --git a/policy/modules/contrib/ircd.fc b/policy/modules/contrib/ircd.fc index f37eed8..0f0e648 100644 --- a/policy/modules/contrib/ircd.fc +++ b/policy/modules/contrib/ircd.fc @@ -5,10 +5,8 @@ /etc/rc\.d/init\.d/((ircd)|(ngircd)|(dancer-ircd)) -- gen_context(system_u:object_r:ircd_initrc_exec_t,s0) -/usr/bin/ircd -- gen_context(system_u:object_r:ircd_exec_t,s0) - /usr/sbin/dancer-ircd -- gen_context(system_u:object_r:ircd_exec_t,s0) -/usr/sbin/ircd -- gen_context(system_u:object_r:ircd_exec_t,s0) +/usr/s?bin/ircd -- gen_context(system_u:object_r:ircd_exec_t,s0) /usr/sbin/ngircd -- gen_context(system_u:object_r:ircd_exec_t,s0) /var/lib/dancer-ircd(/.*)? gen_context(system_u:object_r:ircd_var_lib_t,s0) diff --git a/policy/modules/contrib/mailman.fc b/policy/modules/contrib/mailman.fc index 7fa381b..995d0a5 100644 --- a/policy/modules/contrib/mailman.fc +++ b/policy/modules/contrib/mailman.fc @@ -1,5 +1,4 @@ -/etc/cron\.daily/mailman -- gen_context(system_u:object_r:mailman_queue_exec_t,s0) -/etc/cron\.monthly/mailman -- gen_context(system_u:object_r:mailman_queue_exec_t,s0) +/etc/cron\.(daily|monthly)/mailman -- gen_context(system_u:object_r:mailman_queue_exec_t,s0) /etc/mailman.* gen_context(system_u:object_r:mailman_data_t,s0) diff --git a/policy/modules/contrib/mandb.fc b/policy/modules/contrib/mandb.fc index 7f47aca..8ae78b5 100644 --- a/policy/modules/contrib/mandb.fc +++ b/policy/modules/contrib/mandb.fc @@ -1,2 +1 @@ -/etc/cron\.daily/man-db.* -- gen_context(system_u:object_r:mandb_exec_t,s0) -/etc/cron\.weekly/man-db.* -- gen_context(system_u:object_r:mandb_exec_t,s0) +/etc/cron\.(daily|weekly)/man-db.* -- gen_context(system_u:object_r:mandb_exec_t,s0) diff --git a/policy/modules/contrib/minidlna.fc b/policy/modules/contrib/minidlna.fc index 9d4cd52..02c1b50 100644 --- a/policy/modules/contrib/minidlna.fc +++ b/policy/modules/contrib/minidlna.fc @@ -6,9 +6,9 @@ /var/cache/minidlna(/.*)? gen_context(system_u:object_r:minidlna_db_t,s0) -/var/lib/minidlna(/.*)? gen_context(system_u:object_r:minidlna_db_t,s0) +/var/lib/minidlna(/.*)? gen_context(system_u:object_r:minidlna_db_t,s0) -/var/log/minidlna(/.*)? gen_context(system_u:object_r:minidlna_log_t,s0) +/var/log/minidlna(/.*)? gen_context(system_u:object_r:minidlna_log_t,s0) /var/log/minidlna\.log.* -- gen_context(system_u:object_r:minidlna_log_t,s0) -/var/run/minidlna(/.*)? gen_context(system_u:object_r:minidlna_var_run_t,s0) +/var/run/minidlna(/.*)? gen_context(system_u:object_r:minidlna_var_run_t,s0) diff --git a/policy/modules/contrib/nagios.fc b/policy/modules/contrib/nagios.fc index d78dfc3..431ce38 100644 --- a/policy/modules/contrib/nagios.fc +++ b/policy/modules/contrib/nagios.fc @@ -4,11 +4,8 @@ /etc/rc\.d/init\.d/nagios -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) /etc/rc\.d/init\.d/nrpe -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) -/usr/bin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0) -/usr/bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0) - -/usr/sbin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0) -/usr/sbin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0) +/usr/s?bin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0) +/usr/s?bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0) /usr/lib/cgi-bin/nagios(/.*)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0) /usr/lib/cgi-bin/netsaint(/.*)? gen_context(system_u:object_r:httpd_nagios_script_exec_t,s0) diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc index 7b80c1e..4751a7b 100644 --- a/policy/modules/contrib/networkmanager.fc +++ b/policy/modules/contrib/networkmanager.fc @@ -16,19 +16,15 @@ /usr/lib/NetworkManager/nm-dispatcher\.action -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) /usr/libexec/nm-dispatcher\.action -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) -/sbin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0) -/sbin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) +/s?bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0) +/s?bin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) -/usr/bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) -/usr/bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0) -/usr/bin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) - -/usr/sbin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) +/usr/s?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) /usr/sbin/NetworkManagerDispatcher -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) /usr/sbin/nm-system-settings -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) /usr/sbin/wicd -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) -/usr/sbin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0) -/usr/sbin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) +/usr/s?bin/wpa_cli -- gen_context(system_u:object_r:wpa_cli_exec_t,s0) +/usr/s?bin/wpa_supplicant -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) /var/lib/wicd(/.*)? gen_context(system_u:object_r:NetworkManager_var_lib_t,s0) /var/lib/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_lib_t,s0) diff --git a/policy/modules/contrib/puppet.fc b/policy/modules/contrib/puppet.fc index d68e26d..9468048 100644 --- a/policy/modules/contrib/puppet.fc +++ b/policy/modules/contrib/puppet.fc @@ -3,13 +3,9 @@ /etc/rc\.d/init\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0) /etc/rc\.d/init\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0) -/usr/bin/puppetca -- gen_context(system_u:object_r:puppetca_exec_t,s0) -/usr/bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0) -/usr/bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0) - -/usr/sbin/puppetca -- gen_context(system_u:object_r:puppetca_exec_t,s0) -/usr/sbin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0) -/usr/sbin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0) +/usr/s?bin/puppetca -- gen_context(system_u:object_r:puppetca_exec_t,s0) +/usr/s?bin/puppetd -- gen_context(system_u:object_r:puppet_exec_t,s0) +/usr/s?bin/puppetmasterd -- gen_context(system_u:object_r:puppetmaster_exec_t,s0) /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0) diff --git a/policy/modules/contrib/radius.fc b/policy/modules/contrib/radius.fc index c84b7ae..d447e85 100644 --- a/policy/modules/contrib/radius.fc +++ b/policy/modules/contrib/radius.fc @@ -1,5 +1,5 @@ /etc/cron\.(daily|monthly)/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0) -/etc/cron\.(daily|weekly|monthly)/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0) +/etc/cron\.((daily)|(weekly)|(monthly))/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0) /etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0) diff --git a/policy/modules/contrib/smoltclient.fc b/policy/modules/contrib/smoltclient.fc index 27ddf8d..1ff2958 100644 --- a/policy/modules/contrib/smoltclient.fc +++ b/policy/modules/contrib/smoltclient.fc @@ -1 +1 @@ -/usr/share/smolt/client/sendProfile.py -- gen_context(system_u:object_r:smoltclient_exec_t,s0) +/usr/share/smolt/client/sendProfile\.py -- gen_context(system_u:object_r:smoltclient_exec_t,s0) diff --git a/policy/modules/contrib/smstools.fc b/policy/modules/contrib/smstools.fc index 8e7d825..4afc690 100644 --- a/policy/modules/contrib/smstools.fc +++ b/policy/modules/contrib/smstools.fc @@ -1,6 +1,6 @@ /etc/smsd\.conf -- gen_context(system_u:object_r:smsd_conf_t,s0) -/etc/rc\.d/init\.d/((smsd)|(smstools)) -- gen_context(system_u:object_r:smsd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/(smsd|smstools) -- gen_context(system_u:object_r:smsd_initrc_exec_t,s0) /usr/sbin/smsd -- gen_context(system_u:object_r:smsd_exec_t,s0) diff --git a/policy/modules/contrib/snmp.fc b/policy/modules/contrib/snmp.fc index c73fa24..2f0a2f2 100644 --- a/policy/modules/contrib/snmp.fc +++ b/policy/modules/contrib/snmp.fc @@ -1,4 +1,4 @@ -/etc/rc\.d/init\.d/((snmpd)|(snmptrapd)) -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/(snmpd|snmptrapd) -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) /usr/sbin/snmptrap -- gen_context(system_u:object_r:snmpd_exec_t,s0) /usr/sbin/snmptrapd -- gen_context(system_u:object_r:snmpd_exec_t,s0) diff --git a/policy/modules/contrib/snort.fc b/policy/modules/contrib/snort.fc index 24a8e1b..f85247b 100644 --- a/policy/modules/contrib/snort.fc +++ b/policy/modules/contrib/snort.fc @@ -2,9 +2,7 @@ /etc/snort(/.*)? gen_context(system_u:object_r:snort_etc_t,s0) -/usr/bin/snort -- gen_context(system_u:object_r:snort_exec_t,s0) - -/usr/sbin/snort -- gen_context(system_u:object_r:snort_exec_t,s0) +/usr/s?bin/snort -- gen_context(system_u:object_r:snort_exec_t,s0) /usr/sbin/snort-plain -- gen_context(system_u:object_r:snort_exec_t,s0) /var/log/snort(/.*)? gen_context(system_u:object_r:snort_log_t,s0) diff --git a/policy/modules/contrib/tcsd.fc b/policy/modules/contrib/tcsd.fc index a38b954..c2c2636 100644 --- a/policy/modules/contrib/tcsd.fc +++ b/policy/modules/contrib/tcsd.fc @@ -1,5 +1,4 @@ -/etc/rc\.d/init\.d/tcsd -- gen_context(system_u:object_r:tcsd_initrc_exec_t,s0) -/etc/rc\.d/init\.d/trousers -- gen_context(system_u:object_r:tcsd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/(tcsd|trousers) -- gen_context(system_u:object_r:tcsd_initrc_exec_t,s0) /usr/sbin/tcsd -- gen_context(system_u:object_r:tcsd_exec_t,s0) diff --git a/policy/modules/contrib/tftp.fc b/policy/modules/contrib/tftp.fc index 93a5bf4..cd569af 100644 --- a/policy/modules/contrib/tftp.fc +++ b/policy/modules/contrib/tftp.fc @@ -1,4 +1,4 @@ -/etc/xinetd\.d/tftp -- gen_context(system_u:object_r:tftpd_conf_t,s0) +/etc/x?inetd\.d/tftp -- gen_context(system_u:object_r:tftpd_conf_t,s0) /usr/sbin/atftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0) /usr/sbin/in\.tftpd -- gen_context(system_u:object_r:tftpd_exec_t,s0) diff --git a/policy/modules/contrib/tmpreaper.fc b/policy/modules/contrib/tmpreaper.fc index ed08c94..d19a6cf 100644 --- a/policy/modules/contrib/tmpreaper.fc +++ b/policy/modules/contrib/tmpreaper.fc @@ -1,5 +1,5 @@ -/etc/rc\.d/init\.d/mountall-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) -/etc/rc\.d/init\.d/mountnfs-bootclean.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) +/etc/rc\.d/init\.d/mountall-bootclean\.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) +/etc/rc\.d/init\.d/mountnfs-bootclean\.sh -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) /usr/sbin/tmpreaper -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) /usr/sbin/tmpwatch -- gen_context(system_u:object_r:tmpreaper_exec_t,s0) diff --git a/policy/modules/contrib/tor.fc b/policy/modules/contrib/tor.fc index 6b9d449..420a5ee 100644 --- a/policy/modules/contrib/tor.fc +++ b/policy/modules/contrib/tor.fc @@ -2,9 +2,7 @@ /etc/rc\.d/init\.d/tor -- gen_context(system_u:object_r:tor_initrc_exec_t,s0) -/usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0) - -/usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0) +/usr/s?bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0) /var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0) /var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0) diff --git a/policy/modules/contrib/tuned.fc b/policy/modules/contrib/tuned.fc index 23ba272..956587a 100644 --- a/policy/modules/contrib/tuned.fc +++ b/policy/modules/contrib/tuned.fc @@ -1,6 +1,6 @@ /etc/rc\.d/init\.d/tuned -- gen_context(system_u:object_r:tuned_initrc_exec_t,s0) -/etc/tuned(/.)? gen_context(system_u:object_r:tuned_etc_t,s0) +/etc/tuned(/.*)? gen_context(system_u:object_r:tuned_etc_t,s0) /etc/tuned/active_profile -- gen_context(system_u:object_r:tuned_rw_etc_t,s0) /usr/sbin/tuned -- gen_context(system_u:object_r:tuned_exec_t,s0) diff --git a/policy/modules/contrib/uwimap.fc b/policy/modules/contrib/uwimap.fc index 3c504c6..e85c4ae 100644 --- a/policy/modules/contrib/uwimap.fc +++ b/policy/modules/contrib/uwimap.fc @@ -1,3 +1,3 @@ -/usr/sbin/imapd -- gen_context(system_u:object_r:imapd_exec_t,s0) +/usr/sbin/imapd -- gen_context(system_u:object_r:imapd_exec_t,s0) /var/run/imapd\.pid -- gen_context(system_u:object_r:imapd_var_run_t,s0) diff --git a/policy/modules/contrib/virt.fc b/policy/modules/contrib/virt.fc index c30da4c..a4f20bc 100644 --- a/policy/modules/contrib/virt.fc +++ b/policy/modules/contrib/virt.fc @@ -9,8 +9,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t /etc/libvirt/[^/]* -d gen_context(system_u:object_r:virt_etc_rw_t,s0) /etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0) -/etc/rc\.d/init\.d/libvirt-bin -- gen_context(system_u:object_r:virtd_initrc_exec_t,s0) -/etc/rc\.d/init\.d/libvirtd -- gen_context(system_u:object_r:virtd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/(libvirt-bin|libvirtd) -- gen_context(system_u:object_r:virtd_initrc_exec_t,s0) /etc/xen -d gen_context(system_u:object_r:virt_etc_t,s0) /etc/xen/[^/]* -- gen_context(system_u:object_r:virt_etc_t,s0) @@ -44,7 +43,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t /var/run/libguestfs(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0) /var/run/libvirtd\.pid -- gen_context(system_u:object_r:virt_var_run_t,s0) -/var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0) +/var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0) /var/run/libvirt/lxc(/.*)? gen_context(system_u:object_r:virtd_lxc_var_run_t,s0) /var/run/libvirt-sandbox(/.*)? gen_context(system_u:object_r:virtd_lxc_var_run_t,s0) /var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0-mls_systemhigh) diff --git a/policy/modules/contrib/w3c.fc b/policy/modules/contrib/w3c.fc index 4834796..463c799 100644 --- a/policy/modules/contrib/w3c.fc +++ b/policy/modules/contrib/w3c.fc @@ -1,4 +1,4 @@ -/usr/lib/cgi-bin/check gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) +/usr/lib/cgi-bin/check -- gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) /usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0) /usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0) diff --git a/policy/modules/contrib/zabbix.fc b/policy/modules/contrib/zabbix.fc index ce10cb1..f83008c 100644 --- a/policy/modules/contrib/zabbix.fc +++ b/policy/modules/contrib/zabbix.fc @@ -1,14 +1,11 @@ -/etc/rc\.d/init\.d/((zabbix)|(zabbix-server)) -- gen_context(system_u:object_r:zabbix_initrc_exec_t,s0) +/etc/rc\.d/init\.d/(zabbix|zabbix-server) -- gen_context(system_u:object_r:zabbix_initrc_exec_t,s0) /etc/rc\.d/init\.d/zabbix-agentd -- gen_context(system_u:object_r:zabbix_agent_initrc_exec_t,s0) -/usr/bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0) -/usr/bin/zabbix_agentd -- gen_context(system_u:object_r:zabbix_agent_exec_t,s0) - -/usr/sbin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0) -/usr/sbin/zabbix_agentd -- gen_context(system_u:object_r:zabbix_agent_exec_t,s0) -/usr/sbin/zabbix_server_mysql -- gen_context(system_u:object_r:zabbix_exec_t,s0) -/usr/sbin/zabbix_server_pgsql -- gen_context(system_u:object_r:zabbix_exec_t,s0) -/usr/sbin/zabbix_server_sqlite3 -- gen_context(system_u:object_r:zabbix_exec_t,s0) +/usr/s?bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0) +/usr/s?bin/zabbix_agentd -- gen_context(system_u:object_r:zabbix_agent_exec_t,s0) +/usr/s?bin/zabbix_server_mysql -- gen_context(system_u:object_r:zabbix_exec_t,s0) +/usr/s?bin/zabbix_server_pgsql -- gen_context(system_u:object_r:zabbix_exec_t,s0) +/usr/s?bin/zabbix_server_sqlite3 -- gen_context(system_u:object_r:zabbix_exec_t,s0) /var/log/zabbix(/.*)? gen_context(system_u:object_r:zabbix_log_t,s0)