* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 18:55 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 18:55 UTC (permalink / raw
To: gentoo-commits
commit: b833293ccac6e1bbb679f5ec28c6e321e1cf09d4
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 18:55:15 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 18:55:15 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b833293c
rsync: syntax error in rsync_admin interface
---
policy/modules/contrib/rsync.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rsync.if b/policy/modules/contrib/rsync.if
index 431471b..e916de8 100644
--- a/policy/modules/contrib/rsync.if
+++ b/policy/modules/contrib/rsync.if
@@ -257,7 +257,7 @@ interface(`rsync_etc_filetrans_config',`
interface(`rsync_admin',`
gen_require(`
type rsync_t, rsync_etc_t, rsync_data_t;
- type rsync_log_t, rsync_tmp_t. rsync_var_run_t;
+ type rsync_log_t, rsync_tmp_t, rsync_var_run_t;
')
allow $1 rsync_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 19:24 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 19:24 UTC (permalink / raw
To: gentoo-commits
commit: e30a8c762fd4750dc53a9db1bb5b4730cbe7657d
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:09:30 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:09:30 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e30a8c76
uptime: syntax error in uptime_admin
---
policy/modules/contrib/uptime.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/uptime.if b/policy/modules/contrib/uptime.if
index 01a3234..19f4724 100644
--- a/policy/modules/contrib/uptime.if
+++ b/policy/modules/contrib/uptime.if
@@ -19,7 +19,7 @@
#
interface(`uptime_admin',`
gen_require(`
- type uptimed_t, uptimed_initrc_exec_t. uptimed_etc_t;
+ type uptimed_t, uptimed_initrc_exec_t, uptimed_etc_t;
type uptimed_spool_t, uptimed_var_run_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 19:40 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 19:40 UTC (permalink / raw
To: gentoo-commits
commit: a77c0e7238df249f89bef6d82a14198111a8dee8
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:40:10 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:40:10 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a77c0e72
syntax errors in ccs_admin interface
---
policy/modules/contrib/ccs.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/ccs.if b/policy/modules/contrib/ccs.if
index 5ded72d..bb17e0f 100644
--- a/policy/modules/contrib/ccs.if
+++ b/policy/modules/contrib/ccs.if
@@ -98,8 +98,8 @@ interface(`ccs_manage_config',`
interface(`ccs_admin',`
gen_require(`
type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
- type ccs_var_lib_t_t, ccs_var_log_t;
- type ccs_var_run_t, ccs_tmp_t;
+ type ccs_var_lib_t, ccs_var_log_t;
+ type ccs_var_run_t, ccs_tmp_t, ccs_conf_t;
')
allow $1 ccs_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 19:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 19:49 UTC (permalink / raw
To: gentoo-commits
commit: 35090387bc1524af4521330b61f972f5b840e0fd
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:40:10 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:49:01 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=35090387
ccs: syntax errors in ccs_admin interface
---
policy/modules/contrib/ccs.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/ccs.if b/policy/modules/contrib/ccs.if
index 5ded72d..bb17e0f 100644
--- a/policy/modules/contrib/ccs.if
+++ b/policy/modules/contrib/ccs.if
@@ -98,8 +98,8 @@ interface(`ccs_manage_config',`
interface(`ccs_admin',`
gen_require(`
type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
- type ccs_var_lib_t_t, ccs_var_log_t;
- type ccs_var_run_t, ccs_tmp_t;
+ type ccs_var_lib_t, ccs_var_log_t;
+ type ccs_var_run_t, ccs_tmp_t, ccs_conf_t;
')
allow $1 ccs_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 19:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 19:49 UTC (permalink / raw
To: gentoo-commits
commit: a845481a68abc4bc5391c3b5190a5c9189ee24e1
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 18:55:15 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:49:00 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a845481a
rsync: syntax error in rsync_admin interface
---
policy/modules/contrib/rsync.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rsync.if b/policy/modules/contrib/rsync.if
index 431471b..e916de8 100644
--- a/policy/modules/contrib/rsync.if
+++ b/policy/modules/contrib/rsync.if
@@ -257,7 +257,7 @@ interface(`rsync_etc_filetrans_config',`
interface(`rsync_admin',`
gen_require(`
type rsync_t, rsync_etc_t, rsync_data_t;
- type rsync_log_t, rsync_tmp_t. rsync_var_run_t;
+ type rsync_log_t, rsync_tmp_t, rsync_var_run_t;
')
allow $1 rsync_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 19:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 19:49 UTC (permalink / raw
To: gentoo-commits
commit: b55fb167646606852cc2b65cfee2102e77e0424f
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:09:30 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:49:01 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b55fb167
uptime: syntax error in uptime_admin
---
policy/modules/contrib/uptime.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/uptime.if b/policy/modules/contrib/uptime.if
index 01a3234..19f4724 100644
--- a/policy/modules/contrib/uptime.if
+++ b/policy/modules/contrib/uptime.if
@@ -19,7 +19,7 @@
#
interface(`uptime_admin',`
gen_require(`
- type uptimed_t, uptimed_initrc_exec_t. uptimed_etc_t;
+ type uptimed_t, uptimed_initrc_exec_t, uptimed_etc_t;
type uptimed_spool_t, uptimed_var_run_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 19:55 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 19:55 UTC (permalink / raw
To: gentoo-commits
commit: 27a58a987755c49f761f7ba2094019134c89fe0a
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:55:02 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:55:02 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=27a58a98
condor: fix syntax in condor_admin
---
policy/modules/contrib/condor.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/condor.if b/policy/modules/contrib/condor.if
index 881d92f..c80aaf5 100644
--- a/policy/modules/contrib/condor.if
+++ b/policy/modules/contrib/condor.if
@@ -58,7 +58,7 @@ template(`condor_domain_template',`
interface(`condor_admin',`
gen_require(`
attribute condor_domain;
- type condor_initrc_exec_config_t, condor_log_t;
+ type condor_initrc_exec_t, condor_log_t;
type condor_var_lib_t, condor_var_lock_t, condor_schedd_tmp_t;
type condor_var_run_t, condor_startd_tmp_t, condor_conf_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 19:59 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 19:59 UTC (permalink / raw
To: gentoo-commits
commit: 83c60c386b1a8829bc1fbc7a8374b1026cd6e3ff
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:58:57 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 19:58:57 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=83c60c38
distcc: syntax error in distcc_admin
---
policy/modules/contrib/distcc.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/distcc.if b/policy/modules/contrib/distcc.if
index 24d8c74..473823d 100644
--- a/policy/modules/contrib/distcc.if
+++ b/policy/modules/contrib/distcc.if
@@ -20,7 +20,7 @@
interface(`distcc_admin',`
gen_require(`
type distccd_t, distccd_t, distccd_log_t;
- type disccd_var_run_t, distccd_tmp_t, distccd_initrc_exec_t;
+ type distccd_var_run_t, distccd_tmp_t, distccd_initrc_exec_t;
')
allow $1 distccd_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:09 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:09 UTC (permalink / raw
To: gentoo-commits
commit: f49a5bfa7d2c454247e1dca331b35d702ace25a7
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:09:28 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:09:28 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f49a5bfa
ftp: syntax error in ftp_admin
---
policy/modules/contrib/ftp.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 4498143..65adda9 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -179,7 +179,7 @@ interface(`ftp_admin',`
type ftpd_keytab_t;
')
- allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd }:process { ptrace signal_perms };
+ allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t })
init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:17 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:17 UTC (permalink / raw
To: gentoo-commits
commit: f659d7a06b408e7d6755c83a8bed13580321302e
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:16:59 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:16:59 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f659d7a0
kerberos: syntax error in kerberos_admin
---
policy/modules/contrib/kerberos.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/kerberos.if b/policy/modules/contrib/kerberos.if
index f6c00d8..9d898c9 100644
--- a/policy/modules/contrib/kerberos.if
+++ b/policy/modules/contrib/kerberos.if
@@ -490,7 +490,7 @@ interface(`kerberos_admin',`
type krb5kdc_var_run_t, krb5_host_rcache_t;
')
- allow $1 { kadmind_t krb5kdc_t kpropd }:process { ptrace signal_perms };
+ allow $1 { kadmind_t krb5kdc_t kpropd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd })
init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:24 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:24 UTC (permalink / raw
To: gentoo-commits
commit: 20e30b96e2b4b61f8b8baba4e87be6012c9c865e
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:16:59 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:23:56 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=20e30b96
kerberos: syntax error in kerberos_admin
---
policy/modules/contrib/kerberos.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/kerberos.if b/policy/modules/contrib/kerberos.if
index f6c00d8..77a5c49 100644
--- a/policy/modules/contrib/kerberos.if
+++ b/policy/modules/contrib/kerberos.if
@@ -490,8 +490,8 @@ interface(`kerberos_admin',`
type krb5kdc_var_run_t, krb5_host_rcache_t;
')
- allow $1 { kadmind_t krb5kdc_t kpropd }:process { ptrace signal_perms };
- ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd })
+ allow $1 { kadmind_t krb5kdc_t kpropd_t }:process { ptrace signal_perms };
+ ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd_t })
init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
domain_system_change_exemption($1)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:28 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:28 UTC (permalink / raw
To: gentoo-commits
commit: bbe9d2ea126659ff346ddcc9ac0bedae6557a3ef
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:28:25 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:28:25 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=bbe9d2ea
kismet: syntax error in kismet_admin
---
policy/modules/contrib/kismet.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/kismet.if b/policy/modules/contrib/kismet.if
index aa2a337..f20de6e 100644
--- a/policy/modules/contrib/kismet.if
+++ b/policy/modules/contrib/kismet.if
@@ -283,7 +283,7 @@ interface(`kismet_manage_log',`
interface(`kismet_admin',`
gen_require(`
type kismet_t, kismet_var_lib_t, kismet_var_run_t;
- type kismet_log_t, kismet_tmp_t;
+ type kismet_log_t, kismet_tmp_t, kismet_initrc_exec_t;
')
init_labeled_script_domtrans($1, kismet_initrc_exec_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:32 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:32 UTC (permalink / raw
To: gentoo-commits
commit: 10aa5f14bdf46ec1ce88634a6d6a10cf58827b8a
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:31:52 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:31:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=10aa5f14
nut: syntax error in nut_admin
---
policy/modules/contrib/nut.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/nut.if b/policy/modules/contrib/nut.if
index 57c0161..c606ae6 100644
--- a/policy/modules/contrib/nut.if
+++ b/policy/modules/contrib/nut.if
@@ -24,7 +24,7 @@ interface(`nut_admin',`
')
allow $1 nut_domain:process { ptrace signal_perms };
- ps_process_pattern($1, nut_domain_t)
+ ps_process_pattern($1, nut_domain)
init_labeled_script_domtrans($1, nut_initrc_exec_t)
domain_system_change_exemption($1)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:36 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:36 UTC (permalink / raw
To: gentoo-commits
commit: eb7c115f852535aa0fa8c80d3fc2ec86569a0963
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:35:53 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:35:53 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=eb7c115f
prelude: syntax error in prelude_admin
---
policy/modules/contrib/prelude.if | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/prelude.if b/policy/modules/contrib/prelude.if
index c83a838..db8f510 100644
--- a/policy/modules/contrib/prelude.if
+++ b/policy/modules/contrib/prelude.if
@@ -120,6 +120,7 @@ interface(`prelude_admin',`
type prelude_var_run_t, prelude_var_lib_t, prelude_log_t;
type prelude_audisp_t, prelude_audisp_var_run_t;
type prelude_initrc_exec_t, prelude_lml_t, prelude_lml_tmp_t;
+ type prelude_correlator_t;
')
allow $1 { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t }:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:40 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:40 UTC (permalink / raw
To: gentoo-commits
commit: c3fed11dfdfdde6e2e29330986c226062229e6e4
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:40:36 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:40:36 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c3fed11d
psad: syntax error in psad_admin
---
policy/modules/contrib/psad.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/psad.if b/policy/modules/contrib/psad.if
index d4dcf78..cdc83d2 100644
--- a/policy/modules/contrib/psad.if
+++ b/policy/modules/contrib/psad.if
@@ -236,7 +236,7 @@ interface(`psad_admin',`
gen_require(`
type psad_t, psad_var_run_t, psad_var_log_t;
type psad_initrc_exec_t, psad_var_lib_t;
- type psad_tmp_t;
+ type psad_tmp_t, psad_etc_t;
')
allow $1 psad_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 027f6d5b1edc3ff7ef67a3fb4981863764fc0aa0
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:40:36 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=027f6d5b
psad: syntax error in psad_admin
---
policy/modules/contrib/psad.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/psad.if b/policy/modules/contrib/psad.if
index d4dcf78..cdc83d2 100644
--- a/policy/modules/contrib/psad.if
+++ b/policy/modules/contrib/psad.if
@@ -236,7 +236,7 @@ interface(`psad_admin',`
gen_require(`
type psad_t, psad_var_run_t, psad_var_log_t;
type psad_initrc_exec_t, psad_var_lib_t;
- type psad_tmp_t;
+ type psad_tmp_t, psad_etc_t;
')
allow $1 psad_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 21f81bf6342d022a6882ea495b717652a9df9211
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:28:25 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=21f81bf6
kismet: syntax error in kismet_admin
---
policy/modules/contrib/kismet.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/kismet.if b/policy/modules/contrib/kismet.if
index aa2a337..f20de6e 100644
--- a/policy/modules/contrib/kismet.if
+++ b/policy/modules/contrib/kismet.if
@@ -283,7 +283,7 @@ interface(`kismet_manage_log',`
interface(`kismet_admin',`
gen_require(`
type kismet_t, kismet_var_lib_t, kismet_var_run_t;
- type kismet_log_t, kismet_tmp_t;
+ type kismet_log_t, kismet_tmp_t, kismet_initrc_exec_t;
')
init_labeled_script_domtrans($1, kismet_initrc_exec_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 8d9a34ffb6fd2703925e149218959e57576a344c
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:35:53 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=8d9a34ff
prelude: syntax error in prelude_admin
---
policy/modules/contrib/prelude.if | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/prelude.if b/policy/modules/contrib/prelude.if
index c83a838..db8f510 100644
--- a/policy/modules/contrib/prelude.if
+++ b/policy/modules/contrib/prelude.if
@@ -120,6 +120,7 @@ interface(`prelude_admin',`
type prelude_var_run_t, prelude_var_lib_t, prelude_log_t;
type prelude_audisp_t, prelude_audisp_var_run_t;
type prelude_initrc_exec_t, prelude_lml_t, prelude_lml_tmp_t;
+ type prelude_correlator_t;
')
allow $1 { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t }:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: e5e4aae28e2810b8aa5327e047062ee53601fbab
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:55:02 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=e5e4aae2
condor: fix syntax in condor_admin
---
policy/modules/contrib/condor.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/condor.if b/policy/modules/contrib/condor.if
index 881d92f..c80aaf5 100644
--- a/policy/modules/contrib/condor.if
+++ b/policy/modules/contrib/condor.if
@@ -58,7 +58,7 @@ template(`condor_domain_template',`
interface(`condor_admin',`
gen_require(`
attribute condor_domain;
- type condor_initrc_exec_config_t, condor_log_t;
+ type condor_initrc_exec_t, condor_log_t;
type condor_var_lib_t, condor_var_lock_t, condor_schedd_tmp_t;
type condor_var_run_t, condor_startd_tmp_t, condor_conf_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: b561776384d2605df7b23e28451b95e926791a7b
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:16:59 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b5617763
kerberos: syntax error in kerberos_admin
---
policy/modules/contrib/kerberos.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/kerberos.if b/policy/modules/contrib/kerberos.if
index f6c00d8..77a5c49 100644
--- a/policy/modules/contrib/kerberos.if
+++ b/policy/modules/contrib/kerberos.if
@@ -490,8 +490,8 @@ interface(`kerberos_admin',`
type krb5kdc_var_run_t, krb5_host_rcache_t;
')
- allow $1 { kadmind_t krb5kdc_t kpropd }:process { ptrace signal_perms };
- ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd })
+ allow $1 { kadmind_t krb5kdc_t kpropd_t }:process { ptrace signal_perms };
+ ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd_t })
init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
domain_system_change_exemption($1)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 8ac49205bc253606632ac09766932ec01e8596ca
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:09:30 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=8ac49205
uptime: syntax error in uptime_admin
---
policy/modules/contrib/uptime.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/uptime.if b/policy/modules/contrib/uptime.if
index 01a3234..19f4724 100644
--- a/policy/modules/contrib/uptime.if
+++ b/policy/modules/contrib/uptime.if
@@ -19,7 +19,7 @@
#
interface(`uptime_admin',`
gen_require(`
- type uptimed_t, uptimed_initrc_exec_t. uptimed_etc_t;
+ type uptimed_t, uptimed_initrc_exec_t, uptimed_etc_t;
type uptimed_spool_t, uptimed_var_run_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 9e65ab369352163081c9ea86cac45e4305318b3b
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:40:10 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9e65ab36
ccs: syntax errors in ccs_admin interface
---
policy/modules/contrib/ccs.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/ccs.if b/policy/modules/contrib/ccs.if
index 5ded72d..bb17e0f 100644
--- a/policy/modules/contrib/ccs.if
+++ b/policy/modules/contrib/ccs.if
@@ -98,8 +98,8 @@ interface(`ccs_manage_config',`
interface(`ccs_admin',`
gen_require(`
type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
- type ccs_var_lib_t_t, ccs_var_log_t;
- type ccs_var_run_t, ccs_tmp_t;
+ type ccs_var_lib_t, ccs_var_log_t;
+ type ccs_var_run_t, ccs_tmp_t, ccs_conf_t;
')
allow $1 ccs_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: d2d4a1b280906dd00a21c4887437c44a855d48c5
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:09:28 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d2d4a1b2
ftp: syntax error in ftp_admin
---
policy/modules/contrib/ftp.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 4498143..65adda9 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -179,7 +179,7 @@ interface(`ftp_admin',`
type ftpd_keytab_t;
')
- allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd }:process { ptrace signal_perms };
+ allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t })
init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 862e75c27df537e60b7a41bf607b64ca92346b6e
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:31:52 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=862e75c2
nut: syntax error in nut_admin
---
policy/modules/contrib/nut.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/nut.if b/policy/modules/contrib/nut.if
index 57c0161..c606ae6 100644
--- a/policy/modules/contrib/nut.if
+++ b/policy/modules/contrib/nut.if
@@ -24,7 +24,7 @@ interface(`nut_admin',`
')
allow $1 nut_domain:process { ptrace signal_perms };
- ps_process_pattern($1, nut_domain_t)
+ ps_process_pattern($1, nut_domain)
init_labeled_script_domtrans($1, nut_initrc_exec_t)
domain_system_change_exemption($1)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: d7d421c7a94fd7cb13db97f2c014aaa76ba10471
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 19:58:57 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:52 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d7d421c7
distcc: syntax error in distcc_admin
---
policy/modules/contrib/distcc.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/distcc.if b/policy/modules/contrib/distcc.if
index 24d8c74..473823d 100644
--- a/policy/modules/contrib/distcc.if
+++ b/policy/modules/contrib/distcc.if
@@ -20,7 +20,7 @@
interface(`distcc_admin',`
gen_require(`
type distccd_t, distccd_t, distccd_log_t;
- type disccd_var_run_t, distccd_tmp_t, distccd_initrc_exec_t;
+ type distccd_var_run_t, distccd_tmp_t, distccd_initrc_exec_t;
')
allow $1 distccd_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:49 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:49 UTC (permalink / raw
To: gentoo-commits
commit: 6e4028838250c5dd397cc036f9e26b591b65a5b3
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 18:55:15 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:48:51 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6e402883
rsync: syntax error in rsync_admin interface
---
policy/modules/contrib/rsync.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rsync.if b/policy/modules/contrib/rsync.if
index 431471b..e916de8 100644
--- a/policy/modules/contrib/rsync.if
+++ b/policy/modules/contrib/rsync.if
@@ -257,7 +257,7 @@ interface(`rsync_etc_filetrans_config',`
interface(`rsync_admin',`
gen_require(`
type rsync_t, rsync_etc_t, rsync_data_t;
- type rsync_log_t, rsync_tmp_t. rsync_var_run_t;
+ type rsync_log_t, rsync_tmp_t, rsync_var_run_t;
')
allow $1 rsync_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:53 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:53 UTC (permalink / raw
To: gentoo-commits
commit: fae9e3e65e96422c41c75be98fc76f7815873b5e
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:53:09 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:53:09 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=fae9e3e6
quota: syntax error in quota_admin
---
policy/modules/contrib/quota.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/quota.if b/policy/modules/contrib/quota.if
index da64218..68611e3 100644
--- a/policy/modules/contrib/quota.if
+++ b/policy/modules/contrib/quota.if
@@ -190,7 +190,7 @@ interface(`quota_admin',`
allow $2 system_r;
files_list_all($1)
- admin_pattern($1, { quota_db_t quota_flag quota_nld_var_run_t })
+ admin_pattern($1, { quota_db_t quota_flag_t quota_nld_var_run_t })
quota_run($1, $2)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 20:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 20:56 UTC (permalink / raw
To: gentoo-commits
commit: 756f05ce025be70d1034b088b2136c6c34d9e805
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 20:56:20 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 20:56:20 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=756f05ce
rpcbind: syntax error in rpcbind_admin
---
policy/modules/contrib/rpcbind.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rpcbind.if b/policy/modules/contrib/rpcbind.if
index 3b5e9ee..1a1cb99 100644
--- a/policy/modules/contrib/rpcbind.if
+++ b/policy/modules/contrib/rpcbind.if
@@ -160,7 +160,7 @@ interface(`rpcbind_admin',`
allow $1 rpcbind_t:process { ptrace signal_perms };
ps_process_pattern($1, rpcbind_t)
- init_labeled_script_domtrans($1, rbcbind_initrc_exec_t)
+ init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 rpcbind_initrc_exec_t system_r;
allow $2 system_r;
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 21:01 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 21:01 UTC (permalink / raw
To: gentoo-commits
commit: 9b748095c0d218b29da1436cf3c30f758a241f32
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 21:00:39 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 21:00:39 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9b748095
rpm: syntax error in rpm_admin
---
policy/modules/contrib/rpm.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rpm.if b/policy/modules/contrib/rpm.if
index ef3b225..5f6c499 100644
--- a/policy/modules/contrib/rpm.if
+++ b/policy/modules/contrib/rpm.if
@@ -626,7 +626,7 @@ interface(`rpm_pid_filetrans_rpm_pid',`
interface(`rpm_admin',`
gen_require(`
type rpm_t, rpm_script_t, rpm_initrc_exec_t;
- type rpm_var_cache_t, rpm_var_lib_t, rpm_lock_t;
+ type rpm_cache_t, rpm_var_lib_t, rpm_lock_t;
type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t;
type rpm_script_tmp_t, rpm_script_tmpfs_t, rpm_file_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 21:03 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 21:03 UTC (permalink / raw
To: gentoo-commits
commit: fd01e13998cd15c42eb2fc021ace1c711b8a8d04
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 21:00:39 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 21:03:06 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=fd01e139
rpm: syntax error in rpm_admin
---
policy/modules/contrib/rpm.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/rpm.if b/policy/modules/contrib/rpm.if
index ef3b225..fc9c8d8 100644
--- a/policy/modules/contrib/rpm.if
+++ b/policy/modules/contrib/rpm.if
@@ -626,8 +626,8 @@ interface(`rpm_pid_filetrans_rpm_pid',`
interface(`rpm_admin',`
gen_require(`
type rpm_t, rpm_script_t, rpm_initrc_exec_t;
- type rpm_var_cache_t, rpm_var_lib_t, rpm_lock_t;
- type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t;
+ type rpm_cache_t, rpm_var_lib_t, rpm_lock_t;
+ type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t, rpm_var_run_t;
type rpm_script_tmp_t, rpm_script_tmpfs_t, rpm_file_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 21:08 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 21:08 UTC (permalink / raw
To: gentoo-commits
commit: 5ab4b8ce6a835fc34165892e19ec1e8748bac5ea
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 21:07:53 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 21:07:53 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5ab4b8ce
remove spamassassin_role from spamassassin_admin
---
policy/modules/contrib/spamassassin.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/spamassassin.if b/policy/modules/contrib/spamassassin.if
index 1499b0b..ed5c827 100644
--- a/policy/modules/contrib/spamassassin.if
+++ b/policy/modules/contrib/spamassassin.if
@@ -404,5 +404,5 @@ interface(`spamassassin_admin',`
files_list_pids($1)
admin_pattern($1, spamd_var_run_t)
- spamassassin_role($2, $1)
+ #spamassassin_role($2, $1)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 21:11 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 21:11 UTC (permalink / raw
To: gentoo-commits
commit: cefd5e37d13bd652c0275088978b9fd47520a203
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 21:11:34 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 21:11:34 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=cefd5e37
systemtap: syntax error in stapserver_admin
---
policy/modules/contrib/systemtap.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/systemtap.if b/policy/modules/contrib/systemtap.if
index c755e2d..d60a21e 100644
--- a/policy/modules/contrib/systemtap.if
+++ b/policy/modules/contrib/systemtap.if
@@ -20,7 +20,7 @@
interface(`stapserver_admin',`
gen_require(`
type stapserver_t, stapserver_conf_t, stapserver_log_t;
- type stap_server_var_run_t, stapserver_initrc_exec_t, stapserver_var_lib_t;
+ type stapserver_var_run_t, stapserver_initrc_exec_t, stapserver_var_lib_t;
')
allow $1 stapserver_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 21:18 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 21:18 UTC (permalink / raw
To: gentoo-commits
commit: d3cc51cb79883e69e1e75343a253f2f69cd5ed06
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 21:17:51 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 21:17:51 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=d3cc51cb
svnserve: syntax error in svnserve_admin
---
policy/modules/contrib/svnserve.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/svnserve.if b/policy/modules/contrib/svnserve.if
index 2ac91b6..5cd46e9 100644
--- a/policy/modules/contrib/svnserve.if
+++ b/policy/modules/contrib/svnserve.if
@@ -31,5 +31,5 @@ interface(`svnserve_admin',`
allow $2 system_r;
files_search_pids($1)
- admin_pattern($1, httpd_var_run_t)
+ admin_pattern($1, svnserve_var_run_t)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 21:23 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 21:23 UTC (permalink / raw
To: gentoo-commits
commit: 279c33e1da588f06248aea7b40321a8cfa8d50f7
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 21:23:05 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 21:23:05 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=279c33e1
zabbix: syntax error in zabbix_admin
---
policy/modules/contrib/zabbix.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/zabbix.if b/policy/modules/contrib/zabbix.if
index dd63de0..2c55b97 100644
--- a/policy/modules/contrib/zabbix.if
+++ b/policy/modules/contrib/zabbix.if
@@ -138,7 +138,7 @@ interface(`zabbix_agent_tcp_connect',`
#
interface(`zabbix_admin',`
gen_require(`
- type zabbix_t, zabbix_log_t, zabbix_var_run_t;
+ type zabbix_t, zabbix_agent_t, zabbix_log_t, zabbix_var_run_t;
type zabbix_initrc_exec_t, zabbit_agent_initrc_exec_t, zabbix_tmp_t;
type zabbit_tmpfs_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-11-25 21:29 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-11-25 21:29 UTC (permalink / raw
To: gentoo-commits
commit: 88ca8170d5289454399fd107bd170e8392663f61
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Nov 25 21:23:05 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Nov 25 21:25:59 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=88ca8170
zabbix: syntax error in zabbix_admin
---
policy/modules/contrib/zabbix.if | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/policy/modules/contrib/zabbix.if b/policy/modules/contrib/zabbix.if
index dd63de0..29d87d7 100644
--- a/policy/modules/contrib/zabbix.if
+++ b/policy/modules/contrib/zabbix.if
@@ -138,9 +138,9 @@ interface(`zabbix_agent_tcp_connect',`
#
interface(`zabbix_admin',`
gen_require(`
- type zabbix_t, zabbix_log_t, zabbix_var_run_t;
- type zabbix_initrc_exec_t, zabbit_agent_initrc_exec_t, zabbix_tmp_t;
- type zabbit_tmpfs_t;
+ type zabbix_t, zabbix_agent_t, zabbix_log_t, zabbix_var_run_t;
+ type zabbix_initrc_exec_t, zabbix_agent_initrc_exec_t, zabbix_tmp_t;
+ type zabbix_tmpfs_t;
')
allow $1 { zabbix_t zabbix_agent_t }:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: c0443c2bf50696969c5534eab62caf5c3fd2d4cd
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:01 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c0443c2b
distcc: syntax error in distcc_admin
---
policy/modules/contrib/distcc.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/distcc.if b/policy/modules/contrib/distcc.if
index 24d8c74..473823d 100644
--- a/policy/modules/contrib/distcc.if
+++ b/policy/modules/contrib/distcc.if
@@ -20,7 +20,7 @@
interface(`distcc_admin',`
gen_require(`
type distccd_t, distccd_t, distccd_log_t;
- type disccd_var_run_t, distccd_tmp_t, distccd_initrc_exec_t;
+ type distccd_var_run_t, distccd_tmp_t, distccd_initrc_exec_t;
')
allow $1 distccd_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 817c2b06a9056545eb11ff3d6f247c4d52913fdc
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:04 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=817c2b06
kismet: syntax error in kismet_admin
---
policy/modules/contrib/kismet.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/kismet.if b/policy/modules/contrib/kismet.if
index aa2a337..f20de6e 100644
--- a/policy/modules/contrib/kismet.if
+++ b/policy/modules/contrib/kismet.if
@@ -283,7 +283,7 @@ interface(`kismet_manage_log',`
interface(`kismet_admin',`
gen_require(`
type kismet_t, kismet_var_lib_t, kismet_var_run_t;
- type kismet_log_t, kismet_tmp_t;
+ type kismet_log_t, kismet_tmp_t, kismet_initrc_exec_t;
')
init_labeled_script_domtrans($1, kismet_initrc_exec_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 30451cc4ca123da3b5066e7387717e9163b319ad
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:13 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:33 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=30451cc4
uptime: syntax error in uptime_admin
---
policy/modules/contrib/uptime.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/uptime.if b/policy/modules/contrib/uptime.if
index 01a3234..19f4724 100644
--- a/policy/modules/contrib/uptime.if
+++ b/policy/modules/contrib/uptime.if
@@ -19,7 +19,7 @@
#
interface(`uptime_admin',`
gen_require(`
- type uptimed_t, uptimed_initrc_exec_t. uptimed_etc_t;
+ type uptimed_t, uptimed_initrc_exec_t, uptimed_etc_t;
type uptimed_spool_t, uptimed_var_run_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 73ef58b0056f5406b4a8911385b2b8beb35c7f92
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:00 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=73ef58b0
condor: syntax error in condor_admin
---
policy/modules/contrib/condor.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/condor.if b/policy/modules/contrib/condor.if
index 881d92f..c80aaf5 100644
--- a/policy/modules/contrib/condor.if
+++ b/policy/modules/contrib/condor.if
@@ -58,7 +58,7 @@ template(`condor_domain_template',`
interface(`condor_admin',`
gen_require(`
attribute condor_domain;
- type condor_initrc_exec_config_t, condor_log_t;
+ type condor_initrc_exec_t, condor_log_t;
type condor_var_lib_t, condor_var_lock_t, condor_schedd_tmp_t;
type condor_var_run_t, condor_startd_tmp_t, condor_conf_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 3dc49e7336ef420697a7fa36661518c47e4f4356
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:05 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3dc49e73
nut: syntax error in nut_admin
---
policy/modules/contrib/nut.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/nut.if b/policy/modules/contrib/nut.if
index 57c0161..c606ae6 100644
--- a/policy/modules/contrib/nut.if
+++ b/policy/modules/contrib/nut.if
@@ -24,7 +24,7 @@ interface(`nut_admin',`
')
allow $1 nut_domain:process { ptrace signal_perms };
- ps_process_pattern($1, nut_domain_t)
+ ps_process_pattern($1, nut_domain)
init_labeled_script_domtrans($1, nut_initrc_exec_t)
domain_system_change_exemption($1)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: c178e55dd18e808d161bf03084c768a3fe069427
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:10 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:32 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c178e55d
rpm: syntax error in rpm_admin
---
policy/modules/contrib/rpm.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/rpm.if b/policy/modules/contrib/rpm.if
index ef3b225..fc9c8d8 100644
--- a/policy/modules/contrib/rpm.if
+++ b/policy/modules/contrib/rpm.if
@@ -626,8 +626,8 @@ interface(`rpm_pid_filetrans_rpm_pid',`
interface(`rpm_admin',`
gen_require(`
type rpm_t, rpm_script_t, rpm_initrc_exec_t;
- type rpm_var_cache_t, rpm_var_lib_t, rpm_lock_t;
- type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t;
+ type rpm_cache_t, rpm_var_lib_t, rpm_lock_t;
+ type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t, rpm_var_run_t;
type rpm_script_tmp_t, rpm_script_tmpfs_t, rpm_file_t;
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: cf39871364351cf39081d785e73b26131b8221db
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:38:59 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:00 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=cf398713
ccs: syntax errors in ccs_admin interface
---
policy/modules/contrib/ccs.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/ccs.if b/policy/modules/contrib/ccs.if
index 5ded72d..bb17e0f 100644
--- a/policy/modules/contrib/ccs.if
+++ b/policy/modules/contrib/ccs.if
@@ -98,8 +98,8 @@ interface(`ccs_manage_config',`
interface(`ccs_admin',`
gen_require(`
type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
- type ccs_var_lib_t_t, ccs_var_log_t;
- type ccs_var_run_t, ccs_tmp_t;
+ type ccs_var_lib_t, ccs_var_log_t;
+ type ccs_var_run_t, ccs_tmp_t, ccs_conf_t;
')
allow $1 ccs_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: ba2ce29976d91e58d6cf6912552ca6ec0f563f9b
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:06 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=ba2ce299
prelude: syntax error in prelude_admin
---
policy/modules/contrib/prelude.if | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/prelude.if b/policy/modules/contrib/prelude.if
index c83a838..db8f510 100644
--- a/policy/modules/contrib/prelude.if
+++ b/policy/modules/contrib/prelude.if
@@ -120,6 +120,7 @@ interface(`prelude_admin',`
type prelude_var_run_t, prelude_var_lib_t, prelude_log_t;
type prelude_audisp_t, prelude_audisp_var_run_t;
type prelude_initrc_exec_t, prelude_lml_t, prelude_lml_tmp_t;
+ type prelude_correlator_t;
')
allow $1 { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t }:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: c4c6cf58cad3174b2cd02b7a2734a06901f45007
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:07 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c4c6cf58
psad: syntax error in psad_admin
---
policy/modules/contrib/psad.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/psad.if b/policy/modules/contrib/psad.if
index d4dcf78..cdc83d2 100644
--- a/policy/modules/contrib/psad.if
+++ b/policy/modules/contrib/psad.if
@@ -236,7 +236,7 @@ interface(`psad_admin',`
gen_require(`
type psad_t, psad_var_run_t, psad_var_log_t;
type psad_initrc_exec_t, psad_var_lib_t;
- type psad_tmp_t;
+ type psad_tmp_t, psad_etc_t;
')
allow $1 psad_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 830ec3e6758f5d6887a9f681a871caf0b293eabc
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:12 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:32 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=830ec3e6
svnserve: syntax error in svnserve_admin
---
policy/modules/contrib/svnserve.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/svnserve.if b/policy/modules/contrib/svnserve.if
index 2ac91b6..5cd46e9 100644
--- a/policy/modules/contrib/svnserve.if
+++ b/policy/modules/contrib/svnserve.if
@@ -31,5 +31,5 @@ interface(`svnserve_admin',`
allow $2 system_r;
files_search_pids($1)
- admin_pattern($1, httpd_var_run_t)
+ admin_pattern($1, svnserve_var_run_t)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 70d7fd9925e72bb51c0fa62de900238385e28781
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:11 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:32 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=70d7fd99
systemtap: syntax error in stapserver_admin
---
policy/modules/contrib/systemtap.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/systemtap.if b/policy/modules/contrib/systemtap.if
index c755e2d..d60a21e 100644
--- a/policy/modules/contrib/systemtap.if
+++ b/policy/modules/contrib/systemtap.if
@@ -20,7 +20,7 @@
interface(`stapserver_admin',`
gen_require(`
type stapserver_t, stapserver_conf_t, stapserver_log_t;
- type stap_server_var_run_t, stapserver_initrc_exec_t, stapserver_var_lib_t;
+ type stapserver_var_run_t, stapserver_initrc_exec_t, stapserver_var_lib_t;
')
allow $1 stapserver_t:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 5bbf23fc711e26d7c7073567e105313fadcd6c3c
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:02 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5bbf23fc
ftp: syntax error in ftp_admin
---
policy/modules/contrib/ftp.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 4498143..65adda9 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -179,7 +179,7 @@ interface(`ftp_admin',`
type ftpd_keytab_t;
')
- allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd }:process { ptrace signal_perms };
+ allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t })
init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 1a6ba9f4ab6c255289c3a43d6ba130101b1aed4b
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:09 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:32 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=1a6ba9f4
rpcbind: syntax error in rpcbind_admin
---
policy/modules/contrib/rpcbind.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/rpcbind.if b/policy/modules/contrib/rpcbind.if
index 3b5e9ee..1a1cb99 100644
--- a/policy/modules/contrib/rpcbind.if
+++ b/policy/modules/contrib/rpcbind.if
@@ -160,7 +160,7 @@ interface(`rpcbind_admin',`
allow $1 rpcbind_t:process { ptrace signal_perms };
ps_process_pattern($1, rpcbind_t)
- init_labeled_script_domtrans($1, rbcbind_initrc_exec_t)
+ init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
domain_system_change_exemption($1)
role_transition $2 rpcbind_initrc_exec_t system_r;
allow $2 system_r;
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 89e9586e05e56f7e16e58f39e2b8f62dbeae4772
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:08 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:32 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=89e9586e
quota: syntax error in quota_admin
---
policy/modules/contrib/quota.if | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/quota.if b/policy/modules/contrib/quota.if
index da64218..68611e3 100644
--- a/policy/modules/contrib/quota.if
+++ b/policy/modules/contrib/quota.if
@@ -190,7 +190,7 @@ interface(`quota_admin',`
allow $2 system_r;
files_list_all($1)
- admin_pattern($1, { quota_db_t quota_flag quota_nld_var_run_t })
+ admin_pattern($1, { quota_db_t quota_flag_t quota_nld_var_run_t })
quota_run($1, $2)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 7e0d04ce8a6717c305f2811ac84d6f1e0f25fc53
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:03 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:19 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=7e0d04ce
kerberos: syntax error in kerberos_admin
---
policy/modules/contrib/kerberos.if | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/policy/modules/contrib/kerberos.if b/policy/modules/contrib/kerberos.if
index f6c00d8..77a5c49 100644
--- a/policy/modules/contrib/kerberos.if
+++ b/policy/modules/contrib/kerberos.if
@@ -490,8 +490,8 @@ interface(`kerberos_admin',`
type krb5kdc_var_run_t, krb5_host_rcache_t;
')
- allow $1 { kadmind_t krb5kdc_t kpropd }:process { ptrace signal_perms };
- ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd })
+ allow $1 { kadmind_t krb5kdc_t kpropd_t }:process { ptrace signal_perms };
+ ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd_t })
init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
domain_system_change_exemption($1)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2014-12-03 12:56 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 60135df3a91152af95bdab0fb136da7d5a3523e1
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:16 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:33 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=60135df3
remove spamassassin_role() from spamassassin_admin()
spamassassin_role contains some named filetrans's which can not be
applied twice. The roles already contain spamassassin_role which makes
adding spamassassin_admin impossible. This removes the role so they can
both be applied.
---
policy/modules/contrib/spamassassin.if | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/spamassassin.if b/policy/modules/contrib/spamassassin.if
index 1499b0b..7f5a1cc 100644
--- a/policy/modules/contrib/spamassassin.if
+++ b/policy/modules/contrib/spamassassin.if
@@ -404,5 +404,6 @@ interface(`spamassassin_admin',`
files_list_pids($1)
admin_pattern($1, spamd_var_run_t)
- spamassassin_role($2, $1)
+ # This makes it impossible to apply _admin if _role has already been applied
+ #spamassassin_role($2, $1)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 023ffc02b383f6e2a7c1c7a4fb0ecf032bde1014
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:14 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:33 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=023ffc02
zabbix: syntax error in zabbix_admin
---
policy/modules/contrib/zabbix.if | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/policy/modules/contrib/zabbix.if b/policy/modules/contrib/zabbix.if
index dd63de0..29d87d7 100644
--- a/policy/modules/contrib/zabbix.if
+++ b/policy/modules/contrib/zabbix.if
@@ -138,9 +138,9 @@ interface(`zabbix_agent_tcp_connect',`
#
interface(`zabbix_admin',`
gen_require(`
- type zabbix_t, zabbix_log_t, zabbix_var_run_t;
- type zabbix_initrc_exec_t, zabbit_agent_initrc_exec_t, zabbix_tmp_t;
- type zabbit_tmpfs_t;
+ type zabbix_t, zabbix_agent_t, zabbix_log_t, zabbix_var_run_t;
+ type zabbix_initrc_exec_t, zabbix_agent_initrc_exec_t, zabbix_tmp_t;
+ type zabbix_tmpfs_t;
')
allow $1 { zabbix_t zabbix_agent_t }:process { ptrace signal_perms };
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: 46d4ce5719f6e53d1aa290d714581f80753b5a20
Author: Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Dec 2 15:30:48 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:33 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=46d4ce57
Module version bump for _admin fixes from Jason Zaman.
---
policy/modules/contrib/ccs.te | 2 +-
policy/modules/contrib/condor.te | 2 +-
policy/modules/contrib/distcc.te | 2 +-
policy/modules/contrib/ftp.te | 2 +-
policy/modules/contrib/kerberos.te | 2 +-
policy/modules/contrib/kismet.te | 2 +-
policy/modules/contrib/nut.te | 2 +-
policy/modules/contrib/prelude.te | 2 +-
policy/modules/contrib/psad.te | 2 +-
policy/modules/contrib/pyzor.te | 2 +-
policy/modules/contrib/quota.te | 2 +-
policy/modules/contrib/rpcbind.te | 2 +-
policy/modules/contrib/rpm.te | 2 +-
policy/modules/contrib/spamassassin.te | 2 +-
policy/modules/contrib/svnserve.te | 2 +-
policy/modules/contrib/systemtap.te | 2 +-
policy/modules/contrib/uptime.te | 2 +-
policy/modules/contrib/zabbix.te | 2 +-
18 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/policy/modules/contrib/ccs.te b/policy/modules/contrib/ccs.te
index 849873d..b6f7ae6 100644
--- a/policy/modules/contrib/ccs.te
+++ b/policy/modules/contrib/ccs.te
@@ -1,4 +1,4 @@
-policy_module(ccs, 1.7.0)
+policy_module(ccs, 1.7.1)
########################################
#
diff --git a/policy/modules/contrib/condor.te b/policy/modules/contrib/condor.te
index 3787034..81fb9ae 100644
--- a/policy/modules/contrib/condor.te
+++ b/policy/modules/contrib/condor.te
@@ -1,4 +1,4 @@
-policy_module(condor, 1.1.0)
+policy_module(condor, 1.1.1)
########################################
#
diff --git a/policy/modules/contrib/distcc.te b/policy/modules/contrib/distcc.te
index 898b2f4..284b070 100644
--- a/policy/modules/contrib/distcc.te
+++ b/policy/modules/contrib/distcc.te
@@ -1,4 +1,4 @@
-policy_module(distcc, 1.9.0)
+policy_module(distcc, 1.9.1)
########################################
#
diff --git a/policy/modules/contrib/ftp.te b/policy/modules/contrib/ftp.te
index b59e761..7681fec 100644
--- a/policy/modules/contrib/ftp.te
+++ b/policy/modules/contrib/ftp.te
@@ -1,4 +1,4 @@
-policy_module(ftp, 1.16.1)
+policy_module(ftp, 1.16.2)
########################################
#
diff --git a/policy/modules/contrib/kerberos.te b/policy/modules/contrib/kerberos.te
index 8833d59..976a98d 100644
--- a/policy/modules/contrib/kerberos.te
+++ b/policy/modules/contrib/kerberos.te
@@ -1,4 +1,4 @@
-policy_module(kerberos, 1.12.0)
+policy_module(kerberos, 1.12.1)
########################################
#
diff --git a/policy/modules/contrib/kismet.te b/policy/modules/contrib/kismet.te
index 8ad0d4d..d4f318b 100644
--- a/policy/modules/contrib/kismet.te
+++ b/policy/modules/contrib/kismet.te
@@ -1,4 +1,4 @@
-policy_module(kismet, 1.7.0)
+policy_module(kismet, 1.7.1)
########################################
#
diff --git a/policy/modules/contrib/nut.te b/policy/modules/contrib/nut.te
index ab8b8da..78b7eda 100644
--- a/policy/modules/contrib/nut.te
+++ b/policy/modules/contrib/nut.te
@@ -1,4 +1,4 @@
-policy_module(nut, 1.3.1)
+policy_module(nut, 1.3.2)
########################################
#
diff --git a/policy/modules/contrib/prelude.te b/policy/modules/contrib/prelude.te
index 8f44609..e21e13c 100644
--- a/policy/modules/contrib/prelude.te
+++ b/policy/modules/contrib/prelude.te
@@ -1,4 +1,4 @@
-policy_module(prelude, 1.4.0)
+policy_module(prelude, 1.4.1)
########################################
#
diff --git a/policy/modules/contrib/psad.te b/policy/modules/contrib/psad.te
index b5d717b..4124deb 100644
--- a/policy/modules/contrib/psad.te
+++ b/policy/modules/contrib/psad.te
@@ -1,4 +1,4 @@
-policy_module(psad, 1.1.0)
+policy_module(psad, 1.1.1)
########################################
#
diff --git a/policy/modules/contrib/pyzor.te b/policy/modules/contrib/pyzor.te
index 2439d13..464007e 100644
--- a/policy/modules/contrib/pyzor.te
+++ b/policy/modules/contrib/pyzor.te
@@ -1,4 +1,4 @@
-policy_module(pyzor, 2.3.0)
+policy_module(pyzor, 2.3.1)
########################################
#
diff --git a/policy/modules/contrib/quota.te b/policy/modules/contrib/quota.te
index f47c8e8..69c08f8 100644
--- a/policy/modules/contrib/quota.te
+++ b/policy/modules/contrib/quota.te
@@ -1,4 +1,4 @@
-policy_module(quota, 1.6.0)
+policy_module(quota, 1.6.1)
########################################
#
diff --git a/policy/modules/contrib/rpcbind.te b/policy/modules/contrib/rpcbind.te
index eefc5df..86ddde4 100644
--- a/policy/modules/contrib/rpcbind.te
+++ b/policy/modules/contrib/rpcbind.te
@@ -1,4 +1,4 @@
-policy_module(rpcbind, 1.7.1)
+policy_module(rpcbind, 1.7.2)
########################################
#
diff --git a/policy/modules/contrib/rpm.te b/policy/modules/contrib/rpm.te
index 8d44a78..3354cd1 100644
--- a/policy/modules/contrib/rpm.te
+++ b/policy/modules/contrib/rpm.te
@@ -1,4 +1,4 @@
-policy_module(rpm, 1.16.0)
+policy_module(rpm, 1.16.1)
########################################
#
diff --git a/policy/modules/contrib/spamassassin.te b/policy/modules/contrib/spamassassin.te
index 35053ab..e8e2174 100644
--- a/policy/modules/contrib/spamassassin.te
+++ b/policy/modules/contrib/spamassassin.te
@@ -1,4 +1,4 @@
-policy_module(spamassassin, 2.7.0)
+policy_module(spamassassin, 2.7.1)
########################################
#
diff --git a/policy/modules/contrib/svnserve.te b/policy/modules/contrib/svnserve.te
index 49d688d..57c9df5 100644
--- a/policy/modules/contrib/svnserve.te
+++ b/policy/modules/contrib/svnserve.te
@@ -1,4 +1,4 @@
-policy_module(svnserve, 1.1.0)
+policy_module(svnserve, 1.1.1)
########################################
#
diff --git a/policy/modules/contrib/systemtap.te b/policy/modules/contrib/systemtap.te
index ffde368..cdc4e70 100644
--- a/policy/modules/contrib/systemtap.te
+++ b/policy/modules/contrib/systemtap.te
@@ -1,4 +1,4 @@
-policy_module(systemtap, 1.1.0)
+policy_module(systemtap, 1.1.1)
########################################
#
diff --git a/policy/modules/contrib/uptime.te b/policy/modules/contrib/uptime.te
index 58397dc..8d5e69a 100644
--- a/policy/modules/contrib/uptime.te
+++ b/policy/modules/contrib/uptime.te
@@ -1,4 +1,4 @@
-policy_module(uptime, 1.5.0)
+policy_module(uptime, 1.5.1)
########################################
#
diff --git a/policy/modules/contrib/zabbix.te b/policy/modules/contrib/zabbix.te
index 6ea314a..d61d657 100644
--- a/policy/modules/contrib/zabbix.te
+++ b/policy/modules/contrib/zabbix.te
@@ -1,4 +1,4 @@
-policy_module(zabbix, 1.7.0)
+policy_module(zabbix, 1.7.1)
########################################
#
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
@ 2014-12-03 12:56 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2014-12-03 12:56 UTC (permalink / raw
To: gentoo-commits
commit: b6fc3fcdd166ae3851c52e32a1f8f50c4b4d047e
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Wed Nov 26 06:39:15 2014 +0000
Commit: Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Dec 3 08:43:33 2014 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b6fc3fcd
remove pyzor_role() from pyzor_admin()
pyzor_role contains some named filetrans's which can not be applied
twice. The roles already contain pyzor_role which makes adding
pyzor_admin impossible. This removes the role so they can both be
applied.
---
policy/modules/contrib/pyzor.if | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/pyzor.if b/policy/modules/contrib/pyzor.if
index 593c03d..c05a504 100644
--- a/policy/modules/contrib/pyzor.if
+++ b/policy/modules/contrib/pyzor.if
@@ -132,5 +132,6 @@ interface(`pyzor_admin',`
files_search_var_lib($1)
admin_pattern($1, pyzor_var_lib_t)
- pyzor_role($2, $1)
+ # This makes it impossible to apply _admin if _role has already been applied
+ #pyzor_role($2, $1)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2015-02-09 18:35 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-02-09 18:35 UTC (permalink / raw
To: gentoo-commits
commit: 5544629a0aa065819ff40dfefef33f70218b0cab
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Feb 3 13:48:40 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 9 17:17:24 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=5544629a
add fcontext for openntpd drift file
---
policy/modules/contrib/ntp.fc | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index 6105583..c74d996 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -27,4 +27,5 @@
ifdef(`distro_gentoo',`
/usr/bin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
+/var/lib/openntpd/ntpd.drift -- gen_context(system_u:object_r:ntp_drift_t,s0)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
2015-02-09 18:33 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
@ 2015-02-09 18:35 ` Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-02-09 18:35 UTC (permalink / raw
To: gentoo-commits
commit: b649a2b3c92b17613faaf013a03357399095059e
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Mon Feb 9 17:17:40 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb 9 17:17:40 2015 +0000
URL: http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b649a2b3
salt: allow salt to ps all processes
Salt needs to be able to list all processes to check if services
are running
---
policy/modules/contrib/salt.te | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/policy/modules/contrib/salt.te b/policy/modules/contrib/salt.te
index 970b183..4c76ecc 100644
--- a/policy/modules/contrib/salt.te
+++ b/policy/modules/contrib/salt.te
@@ -269,7 +269,7 @@ corenet_tcp_connect_salt_port(salt_minion_t)
dev_read_sysfs(salt_minion_t)
domain_dontaudit_exec_all_entry_files(salt_minion_t)
-domain_dontaudit_search_all_domains_state(salt_minion_t)
+domain_read_all_domains_state(salt_minion_t)
files_manage_all_non_security_file_types(salt_minion_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2015-05-16 11:32 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-05-16 11:32 UTC (permalink / raw
To: gentoo-commits
commit: 105c5c80ee234d6bed09a47fa36746382e3830f7
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri May 15 13:25:06 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 15 13:25:06 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=105c5c80
postmap is a user command
When a postfix admin updates a postfix database, he has to call
"postmap hash:/etc/postfix/databasename" in order to regenerate the
database (in case of a hash database in the example).
To allow postmap to give feedback on errors, grant it access to the user
terminals and private file descriptors of the admin.
policy/modules/contrib/postfix.te | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index afc1fde..1c0a34c 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -500,6 +500,8 @@ corecmd_read_bin_files(postfix_map_t)
corecmd_read_bin_pipes(postfix_map_t)
corecmd_read_bin_sockets(postfix_map_t)
+domain_use_interactive_fds(postfix_map_t)
+
files_list_home(postfix_map_t)
files_read_usr_files(postfix_map_t)
files_read_etc_runtime_files(postfix_map_t)
@@ -511,6 +513,8 @@ logging_send_syslog_msg(postfix_map_t)
miscfiles_read_localization(postfix_map_t)
+userdom_use_user_terminals(postfix_map_t)
+
optional_policy(`
locallogin_dontaudit_use_fds(postfix_map_t)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2015-05-16 11:32 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-05-16 11:32 UTC (permalink / raw
To: gentoo-commits
commit: 7f4df16703908b51f8a290532f1902a5981134ce
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri May 15 13:28:36 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 15 13:28:36 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7f4df167
Move specifics to ifdef distro_gentoo
policy/modules/contrib/postfix.te | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index 1c0a34c..47cfeb0 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -500,8 +500,6 @@ corecmd_read_bin_files(postfix_map_t)
corecmd_read_bin_pipes(postfix_map_t)
corecmd_read_bin_sockets(postfix_map_t)
-domain_use_interactive_fds(postfix_map_t)
-
files_list_home(postfix_map_t)
files_read_usr_files(postfix_map_t)
files_read_etc_runtime_files(postfix_map_t)
@@ -513,8 +511,6 @@ logging_send_syslog_msg(postfix_map_t)
miscfiles_read_localization(postfix_map_t)
-userdom_use_user_terminals(postfix_map_t)
-
optional_policy(`
locallogin_dontaudit_use_fds(postfix_map_t)
')
@@ -815,4 +811,12 @@ ifdef(`distro_gentoo',`
#
rw_sock_files_pattern(postfix_postdrop_t, postfix_public_t, postfix_public_t)
+
+ #####################################
+ #
+ # Local postmap policy
+ #
+
+ domain_use_interactive_fds(postfix_map_t)
+ userdom_use_user_terminals(postfix_map_t)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2015-05-16 11:32 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-05-16 11:32 UTC (permalink / raw
To: gentoo-commits
commit: 115949be334ab475bf97fa29ad8dc2bc88b71c4c
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri May 15 13:46:27 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 15 13:46:27 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=115949be
Add bugfix number to policy change for tracking
policy/modules/contrib/postfix.te | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/postfix.te b/policy/modules/contrib/postfix.te
index 47cfeb0..738ce6f 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -816,7 +816,8 @@ ifdef(`distro_gentoo',`
#
# Local postmap policy
#
-
+
+ # Bug #549566
domain_use_interactive_fds(postfix_map_t)
userdom_use_user_terminals(postfix_map_t)
')
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2015-05-16 11:32 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-05-16 11:32 UTC (permalink / raw
To: gentoo-commits
commit: 4181d381fa9d12a6c7836c6acbc06ccc8b26e6b6
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Fri May 15 13:21:49 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 15 13:21:49 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=4181d381
Remove catch-all for postfix libraries
The postfix libraries in /usr/lib/postfix were by default marked as
postfix_exec_t. This however is a design mistake. Libraries should be
of a library type (of which lib_t is a default) so that applications
that use it have the proper read/execute rights without needing those on
the *real* executable types of an application.
policy/modules/contrib/postfix.fc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/modules/contrib/postfix.fc b/policy/modules/contrib/postfix.fc
index da1791b..b71d844 100644
--- a/policy/modules/contrib/postfix.fc
+++ b/policy/modules/contrib/postfix.fc
@@ -4,7 +4,8 @@
/etc/rc\.d/init\.d/postfix -- gen_context(system_u:object_r:postfix_initrc_exec_t,s0)
-/usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
+# Remove catch-all so that .so files remain lib_t
+#/usr/lib/postfix/.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
/usr/lib/postfix/cleanup -- gen_context(system_u:object_r:postfix_cleanup_exec_t,s0)
/usr/lib/postfix/local -- gen_context(system_u:object_r:postfix_local_exec_t,s0)
/usr/lib/postfix/master -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2015-05-16 11:32 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-05-16 11:32 UTC (permalink / raw
To: gentoo-commits
commit: ed321efa9ab9fe5c813e35546e662e8675916d6f
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri May 15 17:22:44 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat May 16 11:13:01 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ed321efa
use init_manage_service_template in _admin interfaces N-Z
Most foo_admin interfaces have transitions on the
foo_initrc_exec_t to system_r. These are only applicable
for RedHat <6. This replaces them with a template which
can easily be changed for other init systems.
make validate passes for all combinations of distros,
standard/mcs/mls, monolithic y/n and direct_initrc y/n
This patch is for files starting with N-Z.
policy/modules/contrib/nagios.if | 5 +----
policy/modules/contrib/nessus.if | 5 +----
policy/modules/contrib/networkmanager.if | 5 +----
policy/modules/contrib/nis.if | 7 ++-----
policy/modules/contrib/nscd.if | 5 +----
policy/modules/contrib/nsd.if | 5 +----
policy/modules/contrib/nslcd.if | 5 +----
policy/modules/contrib/ntop.if | 5 +----
policy/modules/contrib/ntp.if | 5 +----
policy/modules/contrib/numad.if | 5 +----
policy/modules/contrib/nut.if | 5 +----
policy/modules/contrib/oident.if | 5 +----
policy/modules/contrib/openct.if | 5 +----
policy/modules/contrib/openhpi.if | 5 +----
policy/modules/contrib/openvpn.if | 5 +----
policy/modules/contrib/openvswitch.if | 5 +----
policy/modules/contrib/pacemaker.if | 5 +----
policy/modules/contrib/pads.if | 5 +----
policy/modules/contrib/pcscd.if | 5 +----
policy/modules/contrib/pegasus.if | 5 +----
policy/modules/contrib/perdition.if | 5 +----
policy/modules/contrib/pingd.if | 5 +----
policy/modules/contrib/pkcs.if | 5 +----
policy/modules/contrib/polipo.if | 5 +----
policy/modules/contrib/portmap.if | 5 +----
policy/modules/contrib/portreserve.if | 5 +----
policy/modules/contrib/postfix.if | 5 +----
policy/modules/contrib/postfixpolicyd.if | 5 +----
policy/modules/contrib/postgrey.if | 5 +----
policy/modules/contrib/ppp.if | 5 +----
policy/modules/contrib/prelude.if | 5 +----
policy/modules/contrib/privoxy.if | 5 +----
policy/modules/contrib/psad.if | 5 +----
policy/modules/contrib/puppet.if | 6 ++----
policy/modules/contrib/pxe.if | 5 +----
policy/modules/contrib/pyicqt.if | 5 +----
policy/modules/contrib/pyzor.if | 5 +----
policy/modules/contrib/qpid.if | 5 +----
policy/modules/contrib/quantum.if | 5 +----
policy/modules/contrib/quota.if | 5 +----
policy/modules/contrib/rabbitmq.if | 5 +----
policy/modules/contrib/radius.if | 5 +----
policy/modules/contrib/radvd.if | 5 +----
policy/modules/contrib/raid.if | 5 +----
policy/modules/contrib/redis.if | 5 +----
policy/modules/contrib/resmgr.if | 5 +----
policy/modules/contrib/rgmanager.if | 5 +----
policy/modules/contrib/rhcs.if | 7 +++----
policy/modules/contrib/rhsmcertd.if | 5 +----
policy/modules/contrib/ricci.if | 5 +----
policy/modules/contrib/rngd.if | 5 +----
policy/modules/contrib/roundup.if | 5 +----
policy/modules/contrib/rpc.if | 7 +++----
policy/modules/contrib/rpcbind.if | 5 +----
policy/modules/contrib/rpm.if | 5 +----
policy/modules/contrib/rtkit.if | 5 +----
policy/modules/contrib/rwho.if | 5 +----
policy/modules/contrib/samba.if | 5 +----
policy/modules/contrib/samhain.if | 5 +----
policy/modules/contrib/sanlock.if | 5 +----
policy/modules/contrib/sasl.if | 5 +----
policy/modules/contrib/sblim.if | 5 +----
policy/modules/contrib/sendmail.if | 4 +---
policy/modules/contrib/sensord.if | 5 +----
policy/modules/contrib/shorewall.if | 5 +----
policy/modules/contrib/slpd.if | 5 +----
policy/modules/contrib/smartmon.if | 5 +----
policy/modules/contrib/smokeping.if | 5 +----
policy/modules/contrib/smstools.if | 5 +----
policy/modules/contrib/snmp.if | 5 +----
policy/modules/contrib/snort.if | 5 +----
policy/modules/contrib/soundserver.if | 5 +----
policy/modules/contrib/spamassassin.if | 5 +----
policy/modules/contrib/squid.if | 5 +----
policy/modules/contrib/sssd.if | 5 +----
policy/modules/contrib/svnserve.if | 5 +----
policy/modules/contrib/sysstat.if | 5 +----
policy/modules/contrib/systemtap.if | 5 +----
policy/modules/contrib/tcsd.if | 5 +----
policy/modules/contrib/tgtd.if | 5 +----
policy/modules/contrib/tor.if | 5 +----
policy/modules/contrib/transproxy.if | 5 +----
policy/modules/contrib/tuned.if | 5 +----
policy/modules/contrib/ulogd.if | 5 +----
policy/modules/contrib/uptime.if | 5 +----
policy/modules/contrib/uucp.if | 5 +----
policy/modules/contrib/uuidd.if | 5 +----
policy/modules/contrib/varnishd.if | 10 ++--------
policy/modules/contrib/vdagent.if | 5 +----
policy/modules/contrib/vhostmd.if | 5 +----
policy/modules/contrib/virt.if | 5 +----
policy/modules/contrib/vnstatd.if | 5 +----
policy/modules/contrib/watchdog.if | 5 +----
policy/modules/contrib/wdmd.if | 5 +----
policy/modules/contrib/xfs.if | 5 +----
policy/modules/contrib/zabbix.if | 6 ++----
policy/modules/contrib/zarafa.if | 5 +----
policy/modules/contrib/zebra.if | 5 +----
98 files changed, 106 insertions(+), 396 deletions(-)
diff --git a/policy/modules/contrib/nagios.if b/policy/modules/contrib/nagios.if
index 0641e97..93f07fd 100644
--- a/policy/modules/contrib/nagios.if
+++ b/policy/modules/contrib/nagios.if
@@ -204,10 +204,7 @@ interface(`nagios_admin',`
allow $1 { nagios_t nrpe_t nagios_plugin_domain }:process { ptrace signal_perms };
ps_process_pattern($1, { nagios_t nrpe_t nagios_plugin_domain })
- init_labeled_script_domtrans($1, nagios_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nagios_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, nagios_t, nagios_initrc_exec_t)
files_search_tmp($1)
admin_pattern($1, { nagios_eventhandler_plugin_tmp_t nagios_tmp_t nagios_system_plugin_tmp_t })
diff --git a/policy/modules/contrib/nessus.if b/policy/modules/contrib/nessus.if
index 42e9ed4..b1defe3 100644
--- a/policy/modules/contrib/nessus.if
+++ b/policy/modules/contrib/nessus.if
@@ -40,10 +40,7 @@ interface(`nessus_admin',`
allow $1 nessusd_t:process { ptrace signal_perms };
ps_process_pattern($1, nessusd_t)
- init_labeled_script_domtrans($1, nessusd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nessusd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, nessusd_t, nessusd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, nessusd_log_t)
diff --git a/policy/modules/contrib/networkmanager.if b/policy/modules/contrib/networkmanager.if
index b512ce0..9d63750 100644
--- a/policy/modules/contrib/networkmanager.if
+++ b/policy/modules/contrib/networkmanager.if
@@ -297,10 +297,7 @@ interface(`networkmanager_admin',`
allow $1 { wpa_cli_t NetworkManager_t }:process { ptrace signal_perms };
ps_process_pattern($1, { wpa_cli_t NetworkManager_t })
- init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 NetworkManager_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, NetworkManager_t, NetworkManager_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { NetworkManager_etc_t NetworkManager_etc_rw_t })
diff --git a/policy/modules/contrib/nis.if b/policy/modules/contrib/nis.if
index 46e55c3..f7cb0a6 100644
--- a/policy/modules/contrib/nis.if
+++ b/policy/modules/contrib/nis.if
@@ -381,11 +381,8 @@ interface(`nis_admin',`
allow $1 { ypbind_t yppasswdd_t ypserv_t ypxfr_t }:process { ptrace signal_perms };
ps_process_pattern($1, { ypbind_t yppasswdd_t ypserv_t ypxfr_t })
- nis_initrc_domtrans($1)
- nis_initrc_domtrans_ypbind($1)
- domain_system_change_exemption($1)
- role_transition $2 { nis_initrc_exec_t ypbind_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ypbind_t, ypbind_initrc_exec_t)
+ init_manage_service_template($1, $2, ypserv_t, nis_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, { ypserv_tmp_t ypbind_tmp_t })
diff --git a/policy/modules/contrib/nscd.if b/policy/modules/contrib/nscd.if
index 8f2ab09..e92e2d0 100644
--- a/policy/modules/contrib/nscd.if
+++ b/policy/modules/contrib/nscd.if
@@ -299,10 +299,7 @@ interface(`nscd_admin',`
allow $1 nscd_t:process { ptrace signal_perms };
ps_process_pattern($1, nscd_t)
- init_labeled_script_domtrans($1, nscd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nscd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, nscd_t, nscd_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, nscd_log_t)
diff --git a/policy/modules/contrib/nsd.if b/policy/modules/contrib/nsd.if
index a9c60ff..208cc12 100644
--- a/policy/modules/contrib/nsd.if
+++ b/policy/modules/contrib/nsd.if
@@ -54,10 +54,7 @@ interface(`nsd_admin',`
allow $1 nsd_t:process { ptrace signal_perms };
ps_process_pattern($1, nsd_t)
- init_labeled_script_domtrans($1, nsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, nsd_t, nsd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { nsd_conf_t nsd_db_t })
diff --git a/policy/modules/contrib/nslcd.if b/policy/modules/contrib/nslcd.if
index bbd7cac..86bc919 100644
--- a/policy/modules/contrib/nslcd.if
+++ b/policy/modules/contrib/nslcd.if
@@ -102,10 +102,7 @@ interface(`nslcd_admin',`
allow $1 nslcd_t:process { ptrace signal_perms };
ps_process_pattern($1, nslcd_t)
- nslcd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 nslcd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, nslcd_t, nslcd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, nslcd_conf_t)
diff --git a/policy/modules/contrib/ntop.if b/policy/modules/contrib/ntop.if
index beaee73..4ffb735 100644
--- a/policy/modules/contrib/ntop.if
+++ b/policy/modules/contrib/ntop.if
@@ -26,10 +26,7 @@ interface(`ntop_admin',`
allow $1 ntop_t:process { ptrace signal_perms };
ps_process_pattern($1, ntop_t)
- init_labeled_script_domtrans($1, ntop_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ntop_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ntop_t, ntop_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, ntop_etc_t)
diff --git a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
index 6a83626..f31c689 100644
--- a/policy/modules/contrib/ntp.if
+++ b/policy/modules/contrib/ntp.if
@@ -166,10 +166,7 @@ interface(`ntp_admin',`
allow $1 ntpd_t:process { ptrace signal_perms };
ps_process_pattern($1, ntpd_t)
- init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ntpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ntpd_t, ntpd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { ntpd_key_t ntp_conf_t })
diff --git a/policy/modules/contrib/numad.if b/policy/modules/contrib/numad.if
index 0d3c270..77cd980 100644
--- a/policy/modules/contrib/numad.if
+++ b/policy/modules/contrib/numad.if
@@ -26,10 +26,7 @@ interface(`numad_admin',`
allow $1 numad_t:process { ptrace signal_perms };
ps_process_pattern($1, numad_t)
- init_labeled_script_domtrans($1, numad_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 numad_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, numad_t, numad_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, numad_log_t)
diff --git a/policy/modules/contrib/nut.if b/policy/modules/contrib/nut.if
index c606ae6..7e27efe 100644
--- a/policy/modules/contrib/nut.if
+++ b/policy/modules/contrib/nut.if
@@ -26,10 +26,7 @@ interface(`nut_admin',`
allow $1 nut_domain:process { ptrace signal_perms };
ps_process_pattern($1, nut_domain)
- init_labeled_script_domtrans($1, nut_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nut_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, nut_domain, nut_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, nut_conf_t)
diff --git a/policy/modules/contrib/oident.if b/policy/modules/contrib/oident.if
index 513f452..0bce8c7 100644
--- a/policy/modules/contrib/oident.if
+++ b/policy/modules/contrib/oident.if
@@ -131,10 +131,7 @@ interface(`oident_admin',`
allow $1 oidentd_t:process { ptrace signal_perms };
ps_process_pattern($1, oidentd_t)
- init_labeled_script_domtrans($1, oidentd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 oidentd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, oidentd_t, oidentd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, oidentd_config_t)
diff --git a/policy/modules/contrib/openct.if b/policy/modules/contrib/openct.if
index a55238b..fbb910f 100644
--- a/policy/modules/contrib/openct.if
+++ b/policy/modules/contrib/openct.if
@@ -120,10 +120,7 @@ interface(`openct_admin',`
allow $1 openct_t:process { ptrace signal_perms };
ps_process_pattern($1, openct_t)
- init_labeled_script_domtrans($1, openct_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openct_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, openct_t, openct_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, openct_var_run_t)
diff --git a/policy/modules/contrib/openhpi.if b/policy/modules/contrib/openhpi.if
index 3c86958..a167d25 100644
--- a/policy/modules/contrib/openhpi.if
+++ b/policy/modules/contrib/openhpi.if
@@ -26,10 +26,7 @@ interface(`openhpi_admin',`
allow $1 openhpid_t:process { ptrace signal_perms };
ps_process_pattern($1, openhpid_t)
- init_labeled_script_domtrans($1, openhpid_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openhpid_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, openhpid_t, openhpid_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, openhpid_var_lib_t)
diff --git a/policy/modules/contrib/openvpn.if b/policy/modules/contrib/openvpn.if
index 6837e9a..ca3e2f2 100644
--- a/policy/modules/contrib/openvpn.if
+++ b/policy/modules/contrib/openvpn.if
@@ -150,10 +150,7 @@ interface(`openvpn_admin',`
allow $1 openvpn_t:process { ptrace signal_perms };
ps_process_pattern($1, openvpn_t)
- init_labeled_script_domtrans($1, openvpn_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openvpn_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, openvpn_t, openvpn_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { openvpn_etc_t openvpn_etc_rw_t })
diff --git a/policy/modules/contrib/openvswitch.if b/policy/modules/contrib/openvswitch.if
index 9b15730..cf9e657 100644
--- a/policy/modules/contrib/openvswitch.if
+++ b/policy/modules/contrib/openvswitch.if
@@ -64,10 +64,7 @@ interface(`openvswitch_admin',`
allow $1 openvswitch_t:process { ptrace signal_perms };
ps_process_pattern($1, openvswitch_t)
- init_labeled_script_domtrans($1, openvswitch_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openvswitch_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, openvswitch_t, openvswitch_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, openvswitch_conf_t)
diff --git a/policy/modules/contrib/pacemaker.if b/policy/modules/contrib/pacemaker.if
index 9682d9a..2202234 100644
--- a/policy/modules/contrib/pacemaker.if
+++ b/policy/modules/contrib/pacemaker.if
@@ -26,10 +26,7 @@ interface(`pacemaker_admin',`
allow $1 pacemaker_t:process { ptrace signal_perms };
ps_process_pattern($1, pacemaker_t)
- init_labeled_script_domtrans($1, pacemaker_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pacemaker_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pacemaker_t, pacemaker_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, pacemaker_var_lib_t)
diff --git a/policy/modules/contrib/pads.if b/policy/modules/contrib/pads.if
index 6e097c9..544169e 100644
--- a/policy/modules/contrib/pads.if
+++ b/policy/modules/contrib/pads.if
@@ -26,10 +26,7 @@ interface(`pads_admin', `
allow $1 pads_t:process { ptrace signal_perms };
ps_process_pattern($1, pads_t)
- init_labeled_script_domtrans($1, pads_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pads_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pads_t, pads_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, pads_var_run_t)
diff --git a/policy/modules/contrib/pcscd.if b/policy/modules/contrib/pcscd.if
index 7f77d32..e858008 100644
--- a/policy/modules/contrib/pcscd.if
+++ b/policy/modules/contrib/pcscd.if
@@ -128,10 +128,7 @@ interface(`pcscd_admin',`
allow $1 pcscd_t:process { ptrace signal_perms };
ps_process_pattern($1, pcscd_t)
- init_labeled_script_domtrans($1, pcscd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pcscd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pcscd_t, pcscd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, pcscd_var_run_t)
diff --git a/policy/modules/contrib/pegasus.if b/policy/modules/contrib/pegasus.if
index d2fc677..ed2f077 100644
--- a/policy/modules/contrib/pegasus.if
+++ b/policy/modules/contrib/pegasus.if
@@ -27,10 +27,7 @@ interface(`pegasus_admin',`
allow $1 pegasus_t:process { ptrace signal_perms };
ps_process_pattern($1, pegasus_t)
- init_labeled_script_domtrans($1, pegasus_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pegasus_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pegasus_t, pegasus_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, pegasus_conf_t)
diff --git a/policy/modules/contrib/perdition.if b/policy/modules/contrib/perdition.if
index 47e09e1..debfd38 100644
--- a/policy/modules/contrib/perdition.if
+++ b/policy/modules/contrib/perdition.if
@@ -40,10 +40,7 @@ interface(`perdition_admin',`
allow $1 perdition_t:process { ptrace signal_perms };
ps_process_pattern($1, perdition_t)
- init_labeled_script_domtrans($1, perdition_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 perdition_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, perdition_t, perdition_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, perdition_etc_t)
diff --git a/policy/modules/contrib/pingd.if b/policy/modules/contrib/pingd.if
index 21a6ecb..30d36fe 100644
--- a/policy/modules/contrib/pingd.if
+++ b/policy/modules/contrib/pingd.if
@@ -84,10 +84,7 @@ interface(`pingd_admin',`
allow $1 pingd_t:process { ptrace signal_perms };
ps_process_pattern($1, pingd_t)
- init_labeled_script_domtrans($1, pingd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pingd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pingd_t, pingd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, pingd_etc_t)
diff --git a/policy/modules/contrib/pkcs.if b/policy/modules/contrib/pkcs.if
index 69be2aa..d21ba76 100644
--- a/policy/modules/contrib/pkcs.if
+++ b/policy/modules/contrib/pkcs.if
@@ -26,10 +26,7 @@ interface(`pkcs_admin_slotd',`
allow $1 pkcs_slotd_t:process { ptrace signal_perms };
ps_process_pattern($1, pkcs_slotd_t)
- init_labeled_script_domtrans($1, pkcs_slotd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pkcs_slotd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pkcs_slotd_t, pkcs_slotd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, pkcs_slotd_var_lib_t)
diff --git a/policy/modules/contrib/polipo.if b/policy/modules/contrib/polipo.if
index ae27bb7..b523ccc 100644
--- a/policy/modules/contrib/polipo.if
+++ b/policy/modules/contrib/polipo.if
@@ -125,10 +125,7 @@ interface(`polipo_admin',`
allow $1 polipo_system_t:process { ptrace signal_perms };
ps_process_pattern($1, polipo_system_t)
- polipo_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 polipo_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, polipo_t, polipo_initrc_exec_t)
files_search_var($1)
admin_pattern($1, polipo_cache_t)
diff --git a/policy/modules/contrib/portmap.if b/policy/modules/contrib/portmap.if
index 9f982b5..ee8cd17 100644
--- a/policy/modules/contrib/portmap.if
+++ b/policy/modules/contrib/portmap.if
@@ -114,10 +114,7 @@ interface(`portmap_admin',`
allow $1 { portmap_t portmap_helper_t }:process { ptrace signal_perms };
ps_process_pattern($1, { portmap_t portmap_helper_t })
- init_labeled_script_domtrans($1, portmap_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 portmap_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, portmap_t, portmap_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, portmap_var_run_t)
diff --git a/policy/modules/contrib/portreserve.if b/policy/modules/contrib/portreserve.if
index 5ad5291..0401fd2 100644
--- a/policy/modules/contrib/portreserve.if
+++ b/policy/modules/contrib/portreserve.if
@@ -108,10 +108,7 @@ interface(`portreserve_admin',`
allow $1 portreserve_t:process { ptrace signal_perms };
ps_process_pattern($1, portreserve_t)
- portreserve_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 portreserve_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, portreserve_t, portreserve_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, portreserve_etc_t)
diff --git a/policy/modules/contrib/postfix.if b/policy/modules/contrib/postfix.if
index 8e7d1e7..40e6bf2 100644
--- a/policy/modules/contrib/postfix.if
+++ b/policy/modules/contrib/postfix.if
@@ -720,10 +720,7 @@ interface(`postfix_admin',`
allow $1 postfix_domain:process { ptrace signal_perms };
ps_process_pattern($1, postfix_domain)
- init_labeled_script_domtrans($1, postfix_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 postfix_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, postfix_t, postfix_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { postfix_prng_t postfix_etc_t postfix_exec_t postfix_keytab_t })
diff --git a/policy/modules/contrib/postfixpolicyd.if b/policy/modules/contrib/postfixpolicyd.if
index 5de8173..3d925b7 100644
--- a/policy/modules/contrib/postfixpolicyd.if
+++ b/policy/modules/contrib/postfixpolicyd.if
@@ -26,10 +26,7 @@ interface(`postfixpolicyd_admin',`
allow $1 postfix_policyd_t:process { ptrace signal_perms };
ps_process_pattern($1, postfix_policyd_t)
- init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 postfix_policyd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, postfix_policyd_t, postfix_policyd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, postfix_policyd_conf_t)
diff --git a/policy/modules/contrib/postgrey.if b/policy/modules/contrib/postgrey.if
index b9e71b5..50b620d 100644
--- a/policy/modules/contrib/postgrey.if
+++ b/policy/modules/contrib/postgrey.if
@@ -67,10 +67,7 @@ interface(`postgrey_admin',`
allow $1 postgrey_t:process { ptrace signal_perms };
ps_process_pattern($1, postgrey_t)
- init_labeled_script_domtrans($1, postgrey_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 postgrey_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, postgrey_t, postgrey_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, postgrey_etc_t)
diff --git a/policy/modules/contrib/ppp.if b/policy/modules/contrib/ppp.if
index cd8b8b9..52c2acf 100644
--- a/policy/modules/contrib/ppp.if
+++ b/policy/modules/contrib/ppp.if
@@ -487,10 +487,7 @@ interface(`ppp_admin',`
allow $1 { pptp_t pppd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { pptp_t pppd_t })
- ppp_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 pppd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pppd_t, pppd_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, pppd_tmp_t)
diff --git a/policy/modules/contrib/prelude.if b/policy/modules/contrib/prelude.if
index db8f510..406d8ac 100644
--- a/policy/modules/contrib/prelude.if
+++ b/policy/modules/contrib/prelude.if
@@ -126,10 +126,7 @@ interface(`prelude_admin',`
allow $1 { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t }:process { ptrace signal_perms };
ps_process_pattern($1, { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t })
- init_labeled_script_domtrans($1, prelude_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 prelude_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, prelude_t, prelude_initrc_exec_t)
files_search_spool($1)
admin_pattern($1, prelude_spool_t)
diff --git a/policy/modules/contrib/privoxy.if b/policy/modules/contrib/privoxy.if
index bdcee30..30a6e1f 100644
--- a/policy/modules/contrib/privoxy.if
+++ b/policy/modules/contrib/privoxy.if
@@ -26,10 +26,7 @@ interface(`privoxy_admin',`
allow $1 privoxy_t:process { ptrace signal_perms };
ps_process_pattern($1, privoxy_t)
- init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 privoxy_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, privoxy_t, privoxy_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, privoxy_log_t)
diff --git a/policy/modules/contrib/psad.if b/policy/modules/contrib/psad.if
index cdc83d2..645dca6 100644
--- a/policy/modules/contrib/psad.if
+++ b/policy/modules/contrib/psad.if
@@ -242,10 +242,7 @@ interface(`psad_admin',`
allow $1 psad_t:process { ptrace signal_perms };
ps_process_pattern($1, psad_t)
- init_labeled_script_domtrans($1, psad_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 psad_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, psad_t, psad_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, psad_etc_t)
diff --git a/policy/modules/contrib/puppet.if b/policy/modules/contrib/puppet.if
index 7cb8b1f..79ef096 100644
--- a/policy/modules/contrib/puppet.if
+++ b/policy/modules/contrib/puppet.if
@@ -211,10 +211,8 @@ interface(`puppet_admin',`
allow $1 { puppet_t puppetca_t puppetmaster_t }:process { ptrace signal_perms };
ps_process_pattern($1, { puppet_t puppetca_t puppetmaster_t })
- init_labeled_script_domtrans($1, { puppet_initrc_exec_t puppetmaster_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { puppet_initrc_exec_t puppetmaster_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, puppet_t, puppet_initrc_exec_t)
+ init_manage_service_template($1, $2, puppetmaster_t, puppetmaster_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, puppet_etc_t)
diff --git a/policy/modules/contrib/pxe.if b/policy/modules/contrib/pxe.if
index 7da286f..7924c86 100644
--- a/policy/modules/contrib/pxe.if
+++ b/policy/modules/contrib/pxe.if
@@ -26,10 +26,7 @@ interface(`pxe_admin',`
allow $1 pxe_t:process { ptrace signal_perms };
ps_process_pattern($1, pxe_t)
- init_labeled_script_domtrans($1, pxe_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pxe_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pxe_t, pxe_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, pxe_log_t)
diff --git a/policy/modules/contrib/pyicqt.if b/policy/modules/contrib/pyicqt.if
index 0ccea82..89fcf94 100644
--- a/policy/modules/contrib/pyicqt.if
+++ b/policy/modules/contrib/pyicqt.if
@@ -26,10 +26,7 @@ interface(`pyicqt_admin',`
allow $1 pyicqt_t:process { ptrace signal_perms };
ps_process_pattern($1, pyicqt_t)
- init_labeled_script_domtrans($1, pyicqt_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pyicqt_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pyicqt_t, pyicqt_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, pyicqt_conf_t)
diff --git a/policy/modules/contrib/pyzor.if b/policy/modules/contrib/pyzor.if
index c05a504..127cfb8 100644
--- a/policy/modules/contrib/pyzor.if
+++ b/policy/modules/contrib/pyzor.if
@@ -118,10 +118,7 @@ interface(`pyzor_admin',`
allow $1 pyzord_t:process { ptrace signal_perms };
ps_process_pattern($1, pyzord_t)
- init_labeled_script_domtrans($1, pyzord_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pyzord_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, pyzord_t, pyzord_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, pyzor_etc_t)
diff --git a/policy/modules/contrib/qpid.if b/policy/modules/contrib/qpid.if
index fe2adf8..457b143 100644
--- a/policy/modules/contrib/qpid.if
+++ b/policy/modules/contrib/qpid.if
@@ -177,10 +177,7 @@ interface(`qpidd_admin',`
allow $1 qpidd_t:process { ptrace signal_perms };
ps_process_pattern($1, qpidd_t)
- qpidd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 qpidd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, qpidd_t, qpidd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, qpidd_var_lib_t)
diff --git a/policy/modules/contrib/quantum.if b/policy/modules/contrib/quantum.if
index afc0068..b158c7e 100644
--- a/policy/modules/contrib/quantum.if
+++ b/policy/modules/contrib/quantum.if
@@ -26,10 +26,7 @@ interface(`quantum_admin',`
allow $1 quantum_t:process { ptrace signal_perms };
ps_process_pattern($1, quantum_t)
- init_labeled_script_domtrans($1, quantum_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 quantum_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, quantum_t, quantum_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, quantum_log_t)
diff --git a/policy/modules/contrib/quota.if b/policy/modules/contrib/quota.if
index 68611e3..3fbb18e 100644
--- a/policy/modules/contrib/quota.if
+++ b/policy/modules/contrib/quota.if
@@ -184,10 +184,7 @@ interface(`quota_admin',`
allow $1 { quota_nld_t quota_t }:process { ptrace signal_perms };
ps_process_pattern($1, { quota_nld_t quota_t })
- init_labeled_script_domtrans($1, quota_nld_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 quota_nld_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, quota_nld_t, quota_nld_initrc_exec_t)
files_list_all($1)
admin_pattern($1, { quota_db_t quota_flag_t quota_nld_var_run_t })
diff --git a/policy/modules/contrib/rabbitmq.if b/policy/modules/contrib/rabbitmq.if
index 2c3d338..71f30bb 100644
--- a/policy/modules/contrib/rabbitmq.if
+++ b/policy/modules/contrib/rabbitmq.if
@@ -45,10 +45,7 @@ interface(`rabbitmq_admin',`
allow $1 { rabbitmq_epmd_t rabbitmq_beam_t }:process { ptrace signal_perms };
ps_process_pattern($1, { rabbitmq_epmd_t rabbitmq_beam_t })
- init_labeled_script_domtrans($1, rabbitmq_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rabbitmq_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, { rabbitmq_epmd_t rabbitmq_beam_t }, rabbitmq_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, rabbitmq_var_log_t)
diff --git a/policy/modules/contrib/radius.if b/policy/modules/contrib/radius.if
index 4460582..b0a7db0 100644
--- a/policy/modules/contrib/radius.if
+++ b/policy/modules/contrib/radius.if
@@ -41,10 +41,7 @@ interface(`radius_admin',`
allow $1 radiusd_t:process { ptrace signal_perms };
ps_process_pattern($1, radiusd_t)
- init_labeled_script_domtrans($1, radiusd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 radiusd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, radiusd_t, radiusd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { radiusd_etc_t radiusd_etc_rw_t })
diff --git a/policy/modules/contrib/radvd.if b/policy/modules/contrib/radvd.if
index ac7058d..a9a77f5 100644
--- a/policy/modules/contrib/radvd.if
+++ b/policy/modules/contrib/radvd.if
@@ -26,10 +26,7 @@ interface(`radvd_admin',`
allow $1 radvd_t:process { ptrace signal_perms };
ps_process_pattern($1, radvd_t)
- init_labeled_script_domtrans($1, radvd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 radvd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, radvd_t, radvd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, radvd_etc_t)
diff --git a/policy/modules/contrib/raid.if b/policy/modules/contrib/raid.if
index 951db7f..60198cf 100644
--- a/policy/modules/contrib/raid.if
+++ b/policy/modules/contrib/raid.if
@@ -91,10 +91,7 @@ interface(`raid_admin_mdadm',`
allow $1 mdadm_t:process { ptrace signal_perms };
ps_process_pattern($1, mdadm_t)
- init_labeled_script_domtrans($1, mdadm_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 mdadm_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, mdadm_t, mdadm_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, mdadm_var_run_t)
diff --git a/policy/modules/contrib/redis.if b/policy/modules/contrib/redis.if
index 3969450..0c0d62d 100644
--- a/policy/modules/contrib/redis.if
+++ b/policy/modules/contrib/redis.if
@@ -26,10 +26,7 @@ interface(`redis_admin',`
allow $1 redis_t:process { ptrace signal_perms };
ps_process_pattern($1, redis_t)
- init_labeled_script_domtrans($1, redis_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 redis_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, redis_t, redis_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, redis_log_t)
diff --git a/policy/modules/contrib/resmgr.if b/policy/modules/contrib/resmgr.if
index 0d93db6..30312f5 100644
--- a/policy/modules/contrib/resmgr.if
+++ b/policy/modules/contrib/resmgr.if
@@ -46,10 +46,7 @@ interface(`resmgr_admin',`
allow $1 resmgrd_t:process { ptrace signal_perms };
ps_process_pattern($1, resmgrd_t)
- init_labeled_script_domtrans($1, resmgrd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 resmgrd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, resmgrd_t, resmgrd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, resmgrd_etc_t)
diff --git a/policy/modules/contrib/rgmanager.if b/policy/modules/contrib/rgmanager.if
index 1c2f9aa..a1be103 100644
--- a/policy/modules/contrib/rgmanager.if
+++ b/policy/modules/contrib/rgmanager.if
@@ -105,10 +105,7 @@ interface(`rgmanager_admin',`
allow $1 rgmanager_t:process { ptrace signal_perms };
ps_process_pattern($1, rgmanager_t)
- init_labeled_script_domtrans($1, rgmanager_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rgmanager_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, rgmanager_t, rgmanager_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, rgmanager_tmp_t)
diff --git a/policy/modules/contrib/rhcs.if b/policy/modules/contrib/rhcs.if
index c8bdea2..fa4c5d9 100644
--- a/policy/modules/contrib/rhcs.if
+++ b/policy/modules/contrib/rhcs.if
@@ -467,15 +467,14 @@ interface(`rhcs_admin',`
attribute cluster_log;
type dlm_controld_initrc_exec_t, foghorn_initrc_exec_t, fenced_lock_t;
type fenced_tmp_t, qdiskd_var_lib_t;
+ type dlm_controld_t, foghorn_t;
')
allow $1 cluster_domain:process { ptrace signal_perms };
ps_process_pattern($1, cluster_domain)
- init_labeled_script_domtrans($1, { dlm_controld_initrc_exec_t foghorn_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { dlm_controld_initrc_exec_t foghorn_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dlm_controld_t, dlm_controld_initrc_exec_t)
+ init_manage_service_template($1, $2, foghorn_t, foghorn_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, cluster_pid)
diff --git a/policy/modules/contrib/rhsmcertd.if b/policy/modules/contrib/rhsmcertd.if
index 6dbc905..019f668 100644
--- a/policy/modules/contrib/rhsmcertd.if
+++ b/policy/modules/contrib/rhsmcertd.if
@@ -285,10 +285,7 @@ interface(`rhsmcertd_admin',`
allow $1 rhsmcertd_t:process { ptrace signal_perms };
ps_process_pattern($1, rhsmcertd_t)
- rhsmcertd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 rhsmcertd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, rhsmcertd_t, rhsmcertd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, rhsmcertd_log_t)
diff --git a/policy/modules/contrib/ricci.if b/policy/modules/contrib/ricci.if
index 2ab3ed1..05015c8 100644
--- a/policy/modules/contrib/ricci.if
+++ b/policy/modules/contrib/ricci.if
@@ -203,10 +203,7 @@ interface(`ricci_admin',`
allow $1 ricci_t:process { ptrace signal_perms };
ps_process_pattern($1, ricci_t)
- init_labeled_script_domtrans($1, ricci_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ricci_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ricci_t, ricci_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, ricci_tmp_t)
diff --git a/policy/modules/contrib/rngd.if b/policy/modules/contrib/rngd.if
index 13f788f..51397eb 100644
--- a/policy/modules/contrib/rngd.if
+++ b/policy/modules/contrib/rngd.if
@@ -25,10 +25,7 @@ interface(`rngd_admin',`
allow $1 rngd_t:process { ptrace signal_perms };
ps_process_pattern($1, rngd_t)
- init_labeled_script_domtrans($1, rngd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rngd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, rngd_t, rngd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, rngd_var_run_t)
diff --git a/policy/modules/contrib/roundup.if b/policy/modules/contrib/roundup.if
index 975bb6a..0a351b5 100644
--- a/policy/modules/contrib/roundup.if
+++ b/policy/modules/contrib/roundup.if
@@ -26,10 +26,7 @@ interface(`roundup_admin',`
allow $1 roundup_t:process { ptrace signal_perms };
ps_process_pattern($1, roundup_t)
- init_labeled_script_domtrans($1, roundup_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 roundup_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, roundup_t, roundup_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, roundup_var_lib_t)
diff --git a/policy/modules/contrib/rpc.if b/policy/modules/contrib/rpc.if
index 157afd9..2ac2914 100644
--- a/policy/modules/contrib/rpc.if
+++ b/policy/modules/contrib/rpc.if
@@ -395,15 +395,14 @@ interface(`rpc_admin',`
type nfsd_initrc_exec_t, rpcd_initrc_exec_t, exports_t;
type var_lib_nfs_t, rpcd_var_run_t, gssd_tmp_t;
type nfsd_ro_t, nfsd_rw_t, gssd_keytab_t;
+ type nfsd_t, rpcd_t;
')
allow $1 rpc_domain:process { ptrace signal_perms };
ps_process_pattern($1, rpc_domain)
- init_labeled_script_domtrans($1, { nfsd_initrc_exec_t rpcd_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { nfsd_initrc_exec_t rpcd_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, nfsd_t, nfsd_initrc_exec_t)
+ init_manage_service_template($1, $2, rpcd_t, rpcd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { gssd_keytab_t exports_t })
diff --git a/policy/modules/contrib/rpcbind.if b/policy/modules/contrib/rpcbind.if
index f78fef0..da34256 100644
--- a/policy/modules/contrib/rpcbind.if
+++ b/policy/modules/contrib/rpcbind.if
@@ -160,10 +160,7 @@ interface(`rpcbind_admin',`
allow $1 rpcbind_t:process { ptrace signal_perms };
ps_process_pattern($1, rpcbind_t)
- init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rpcbind_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, rpcbind_t, rpcbind_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, rpcbind_var_run_t)
diff --git a/policy/modules/contrib/rpm.if b/policy/modules/contrib/rpm.if
index fc9c8d8..554536f 100644
--- a/policy/modules/contrib/rpm.if
+++ b/policy/modules/contrib/rpm.if
@@ -634,10 +634,7 @@ interface(`rpm_admin',`
allow $1 { rpm_t rpm_script_t }:process { ptrace signal_perms };
ps_process_pattern($1, { rpm_t rpm_script_t })
- init_labeled_script_domtrans($1, rpm_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rpm_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, rpm_t, rpm_initrc_exec_t)
admin_pattern($1, rpm_file_t)
diff --git a/policy/modules/contrib/rtkit.if b/policy/modules/contrib/rtkit.if
index e904ec4..39e82ad 100644
--- a/policy/modules/contrib/rtkit.if
+++ b/policy/modules/contrib/rtkit.if
@@ -90,8 +90,5 @@ interface(`rtkit_admin',`
allow $1 rtkit_daemon_t:process { ptrace signal_perms };
ps_process_pattern($1, rtkit_daemon_t)
- init_labeled_script_domtrans($1, rtkit_daemon_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rtkit_daemon_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, rtkit_daemon_t, rtkit_daemon_initrc_exec_t)
')
diff --git a/policy/modules/contrib/rwho.if b/policy/modules/contrib/rwho.if
index 0360ff0..b07754b 100644
--- a/policy/modules/contrib/rwho.if
+++ b/policy/modules/contrib/rwho.if
@@ -142,10 +142,7 @@ interface(`rwho_admin',`
allow $1 rwho_t:process { ptrace signal_perms };
ps_process_pattern($1, rwho_t)
- init_labeled_script_domtrans($1, rwho_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rwho_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, rwho_t, rwho_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, rwho_log_t)
diff --git a/policy/modules/contrib/samba.if b/policy/modules/contrib/samba.if
index 50d07fb..a9b0c3a 100644
--- a/policy/modules/contrib/samba.if
+++ b/policy/modules/contrib/samba.if
@@ -695,10 +695,7 @@ interface(`samba_admin',`
allow $1 { nmbd_t smbd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { nmbd_t smbd_t })
- init_labeled_script_domtrans($1, samba_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 samba_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, samba_t, samba_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { samba_etc_t smbd_keytab_t })
diff --git a/policy/modules/contrib/samhain.if b/policy/modules/contrib/samhain.if
index b1ebcee..053e454 100644
--- a/policy/modules/contrib/samhain.if
+++ b/policy/modules/contrib/samhain.if
@@ -221,10 +221,7 @@ interface(`samhain_admin',`
ps_process_pattern($1, samhain_domain)
# duplicate role transition: remove samhain_admin(sysadm_t, sysadm_r) first
- # init_labeled_script_domtrans($1, samhain_initrc_exec_t)
- # domain_system_change_exemption($1)
- # role_transition $2 samhain_initrc_exec_t system_r;
- # allow $2 system_r;
+ # init_manage_service_template($1, $2, samhain_domain, samhain_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, samhain_db_t)
diff --git a/policy/modules/contrib/sanlock.if b/policy/modules/contrib/sanlock.if
index cd6c213..2c4feed 100644
--- a/policy/modules/contrib/sanlock.if
+++ b/policy/modules/contrib/sanlock.if
@@ -104,10 +104,7 @@ interface(`sanlock_admin',`
allow $1 sanlock_t:process { ptrace signal_perms };
ps_process_pattern($1, sanlock_t)
- sanlock_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 sanlock_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, sanlock_t, sanlock_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, sanlock_var_run_t)
diff --git a/policy/modules/contrib/sasl.if b/policy/modules/contrib/sasl.if
index 8c3c151..3bbf29b 100644
--- a/policy/modules/contrib/sasl.if
+++ b/policy/modules/contrib/sasl.if
@@ -45,10 +45,7 @@ interface(`sasl_admin',`
allow $1 saslauthd_t:process { ptrace signal_perms };
ps_process_pattern($1, saslauthd_t)
- init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 saslauthd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, saslauthd_t, saslauthd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, saslauthd_keytab_t)
diff --git a/policy/modules/contrib/sblim.if b/policy/modules/contrib/sblim.if
index 98c9e0a..f3c6717 100644
--- a/policy/modules/contrib/sblim.if
+++ b/policy/modules/contrib/sblim.if
@@ -64,10 +64,7 @@ interface(`sblim_admin',`
allow $1 sblim_domain:process { ptrace signal_perms };
ps_process_pattern($1, sblim_domain)
- init_labeled_script_domtrans($1, sblim_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sblim_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, sblim_domain, sblim_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, sblim_var_run_t)
diff --git a/policy/modules/contrib/sendmail.if b/policy/modules/contrib/sendmail.if
index 35ad2a7..761fd1c 100644
--- a/policy/modules/contrib/sendmail.if
+++ b/policy/modules/contrib/sendmail.if
@@ -360,9 +360,7 @@ interface(`sendmail_admin',`
allow $1 { unconfined_sendmail_t sendmail_t }:process { ptrace signal_perms };
ps_process_pattern($1, { unconfined_sendmail_t sendmail_t })
- init_labeled_script_domtrans($1, sendmail_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sendmail_initrc_exec_t system_r;
+ init_manage_service_template($1, $2, sendmail_t, sendmail_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, sendmail_keytab_t)
diff --git a/policy/modules/contrib/sensord.if b/policy/modules/contrib/sensord.if
index d204752..a1d174b 100644
--- a/policy/modules/contrib/sensord.if
+++ b/policy/modules/contrib/sensord.if
@@ -25,10 +25,7 @@ interface(`sensord_admin',`
allow $1 sensord_t:process { ptrace signal_perms };
ps_process_pattern($1, sensord_t)
- init_labeled_script_domtrans($1, sensord_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sensord_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, sensord_t, sensord_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, sensord_var_run_t)
diff --git a/policy/modules/contrib/shorewall.if b/policy/modules/contrib/shorewall.if
index 1aeef8a..5eaff00 100644
--- a/policy/modules/contrib/shorewall.if
+++ b/policy/modules/contrib/shorewall.if
@@ -179,10 +179,7 @@ interface(`shorewall_admin',`
allow $1 shorewall_t:process { ptrace signal_perms };
ps_process_pattern($1, shorewall_t)
- init_labeled_script_domtrans($1, shorewall_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 shorewall_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, shorewall_t, shorewall_initrc_exec_t)
can_exec($1, shorewall_exec_t)
diff --git a/policy/modules/contrib/slpd.if b/policy/modules/contrib/slpd.if
index ca32e89..25b1386 100644
--- a/policy/modules/contrib/slpd.if
+++ b/policy/modules/contrib/slpd.if
@@ -26,10 +26,7 @@ interface(`slpd_admin',`
allow $1 slpd_t:process { ptrace signal_perms };
ps_process_pattern($1, slpd_t)
- init_labeled_script_domtrans($1, slpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 slpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, slpd_t, slpd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, slpd_log_t)
diff --git a/policy/modules/contrib/smartmon.if b/policy/modules/contrib/smartmon.if
index e0644b5..1b80197 100644
--- a/policy/modules/contrib/smartmon.if
+++ b/policy/modules/contrib/smartmon.if
@@ -45,10 +45,7 @@ interface(`smartmon_admin',`
allow $1 fsdaemon_t:process { ptrace signal_perms };
ps_process_pattern($1, fsdaemon_t)
- init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 fsdaemon_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, fsdaemon_t, fsdaemon_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, fsdaemon_tmp_t)
diff --git a/policy/modules/contrib/smokeping.if b/policy/modules/contrib/smokeping.if
index 1fa51c1..fe1459e 100644
--- a/policy/modules/contrib/smokeping.if
+++ b/policy/modules/contrib/smokeping.if
@@ -161,10 +161,7 @@ interface(`smokeping_admin',`
allow $1 smokeping_t:process { ptrace signal_perms };
ps_process_pattern($1, smokeping_t)
- smokeping_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 smokeping_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, smokeping_t, smokeping_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, smokeping_var_lib_t)
diff --git a/policy/modules/contrib/smstools.if b/policy/modules/contrib/smstools.if
index 81136f0..7253219 100644
--- a/policy/modules/contrib/smstools.if
+++ b/policy/modules/contrib/smstools.if
@@ -27,10 +27,7 @@ interface(`smstools_admin',`
allow $1 smsd_t:process { ptrace signal_perms };
ps_process_pattern($1, smsd_t)
- init_labeled_script_domtrans($1, smsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 smsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, smsd_t, smsd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, smsd_conf_t)
diff --git a/policy/modules/contrib/snmp.if b/policy/modules/contrib/snmp.if
index bf78fa9..1bb9c25 100644
--- a/policy/modules/contrib/snmp.if
+++ b/policy/modules/contrib/snmp.if
@@ -182,10 +182,7 @@ interface(`snmp_admin',`
allow $1 snmpd_t:process { ptrace signal_perms };
ps_process_pattern($1, snmpd_t)
- init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 snmpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, snmpd_t, snmpd_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, snmpd_log_t)
diff --git a/policy/modules/contrib/snort.if b/policy/modules/contrib/snort.if
index 7d86b34..3ac3e94 100644
--- a/policy/modules/contrib/snort.if
+++ b/policy/modules/contrib/snort.if
@@ -45,10 +45,7 @@ interface(`snort_admin',`
allow $1 snort_t:process { ptrace signal_perms };
ps_process_pattern($1, snort_t)
- init_labeled_script_domtrans($1, snort_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 snort_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, snort_t, snort_initrc_exec_t)
admin_pattern($1, snort_etc_t)
files_search_etc($1)
diff --git a/policy/modules/contrib/soundserver.if b/policy/modules/contrib/soundserver.if
index a5abc5a..622083e 100644
--- a/policy/modules/contrib/soundserver.if
+++ b/policy/modules/contrib/soundserver.if
@@ -41,10 +41,7 @@ interface(`soundserver_admin',`
allow $1 soundd_t:process { ptrace signal_perms };
ps_process_pattern($1, soundd_t)
- init_labeled_script_domtrans($1, soundd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 soundd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, soundd_t, soundd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, soundd_etc_t)
diff --git a/policy/modules/contrib/spamassassin.if b/policy/modules/contrib/spamassassin.if
index 7f5a1cc..9505db9 100644
--- a/policy/modules/contrib/spamassassin.if
+++ b/policy/modules/contrib/spamassassin.if
@@ -384,10 +384,7 @@ interface(`spamassassin_admin',`
allow $1 spamd_t:process { ptrace signal_perms };
ps_process_pattern($1, spamd_t)
- init_labeled_script_domtrans($1, spamd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 spamd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, spamd_t, spamd_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, spamd_tmp_t)
diff --git a/policy/modules/contrib/squid.if b/policy/modules/contrib/squid.if
index 5e1f053..22a9cf4 100644
--- a/policy/modules/contrib/squid.if
+++ b/policy/modules/contrib/squid.if
@@ -216,10 +216,7 @@ interface(`squid_admin',`
allow $1 squid_t:process { ptrace signal_perms };
ps_process_pattern($1, squid_t)
- init_labeled_script_domtrans($1, squid_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 squid_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, squid_t, squid_initrc_exec_t)
files_list_var($1)
admin_pattern($1, squid_cache_t)
diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if
index a240455..33a8245 100644
--- a/policy/modules/contrib/sssd.if
+++ b/policy/modules/contrib/sssd.if
@@ -342,10 +342,7 @@ interface(`sssd_admin',`
allow $1 sssd_t:process { ptrace signal_perms };
ps_process_pattern($1, sssd_t)
- sssd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 sssd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, sssd_t, sssd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, sssd_conf_t)
diff --git a/policy/modules/contrib/svnserve.if b/policy/modules/contrib/svnserve.if
index 5cd46e9..c1deaa4 100644
--- a/policy/modules/contrib/svnserve.if
+++ b/policy/modules/contrib/svnserve.if
@@ -25,10 +25,7 @@ interface(`svnserve_admin',`
allow $1 svnserve_t:process { ptrace signal_perms };
ps_process_pattern($1, svnserve_t)
- init_labeled_script_domtrans($1, svnserve_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 svnserve_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, svnserve_t, svnserve_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, svnserve_var_run_t)
diff --git a/policy/modules/contrib/sysstat.if b/policy/modules/contrib/sysstat.if
index 14ae3f2..ab84adf 100644
--- a/policy/modules/contrib/sysstat.if
+++ b/policy/modules/contrib/sysstat.if
@@ -46,10 +46,7 @@ interface(`sysstat_admin',`
allow $1 sysstat_t:process { ptrace signal_perms };
ps_process_pattern($1, sysstat_t)
- init_labeled_script_domtrans($1, sysstat_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sysstat_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, sysstat_t, sysstat_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, sysstat_log_t)
diff --git a/policy/modules/contrib/systemtap.if b/policy/modules/contrib/systemtap.if
index d60a21e..417ab39 100644
--- a/policy/modules/contrib/systemtap.if
+++ b/policy/modules/contrib/systemtap.if
@@ -26,10 +26,7 @@ interface(`stapserver_admin',`
allow $1 stapserver_t:process { ptrace signal_perms };
ps_process_pattern($1, stapserver_t)
- init_labeled_script_domtrans($1, stapserver_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 stapserver_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, stapserver_t, stapserver_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, stapserver_conf_t)
diff --git a/policy/modules/contrib/tcsd.if b/policy/modules/contrib/tcsd.if
index b42ec1d..bbcfe28 100644
--- a/policy/modules/contrib/tcsd.if
+++ b/policy/modules/contrib/tcsd.if
@@ -141,10 +141,7 @@ interface(`tcsd_admin',`
allow $1 tcsd_t:process { ptrace signal_perms };
ps_process_pattern($1, tcsd_t)
- tcsd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 tcsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, tcsd_t, tcsd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, tcsd_var_lib_t)
diff --git a/policy/modules/contrib/tgtd.if b/policy/modules/contrib/tgtd.if
index dc5b46e..348ba3c 100644
--- a/policy/modules/contrib/tgtd.if
+++ b/policy/modules/contrib/tgtd.if
@@ -83,10 +83,7 @@ interface(`tgtd_admin',`
allow $1 tgtd_t:process { ptrace signal_perms };
ps_process_pattern($1, tgtd_t)
- init_labeled_script_domtrans($1, tgtd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 tgtd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, tgtd_t, tgtd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, tgtd_var_lib_t)
diff --git a/policy/modules/contrib/tor.if b/policy/modules/contrib/tor.if
index 61c2e07..0e937e3 100644
--- a/policy/modules/contrib/tor.if
+++ b/policy/modules/contrib/tor.if
@@ -45,10 +45,7 @@ interface(`tor_admin',`
allow $1 tor_t:process { ptrace signal_perms };
ps_process_pattern($1, tor_t)
- init_labeled_script_domtrans($1, tor_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 tor_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, tor_t, tor_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, tor_etc_t)
diff --git a/policy/modules/contrib/transproxy.if b/policy/modules/contrib/transproxy.if
index 81a8351..da66c3e 100644
--- a/policy/modules/contrib/transproxy.if
+++ b/policy/modules/contrib/transproxy.if
@@ -25,10 +25,7 @@ interface(`transproxy_admin',`
allow $1 transproxy_t:process { ptrace signal_perms };
ps_process_pattern($1, transproxy_t)
- init_labeled_script_domtrans($1, transproxy_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 transproxy_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, transproxy_t, transproxy_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, transproxy_var_run_t)
diff --git a/policy/modules/contrib/tuned.if b/policy/modules/contrib/tuned.if
index e29db63..8bff06c 100644
--- a/policy/modules/contrib/tuned.if
+++ b/policy/modules/contrib/tuned.if
@@ -122,10 +122,7 @@ interface(`tuned_admin',`
allow $1 tuned_t:process { ptrace signal_perms };
ps_process_pattern($1, tuned_t)
- tuned_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 tuned_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, tuned_t, tuned_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { tuned_etc_t tuned_rw_etc_t })
diff --git a/policy/modules/contrib/ulogd.if b/policy/modules/contrib/ulogd.if
index 9b95c3e..66f375b 100644
--- a/policy/modules/contrib/ulogd.if
+++ b/policy/modules/contrib/ulogd.if
@@ -126,10 +126,7 @@ interface(`ulogd_admin',`
allow $1 ulogd_t:process { ptrace signal_perms };
ps_process_pattern($1, ulogd_t)
- init_labeled_script_domtrans($1, ulogd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ulogd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ulogd_t, ulogd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, ulogd_etc_t)
diff --git a/policy/modules/contrib/uptime.if b/policy/modules/contrib/uptime.if
index 19f4724..b5afd2a 100644
--- a/policy/modules/contrib/uptime.if
+++ b/policy/modules/contrib/uptime.if
@@ -26,10 +26,7 @@ interface(`uptime_admin',`
allow $1 uptimed_t:process { ptrace signal_perms };
ps_process_pattern($1, uptimed_t)
- init_labeled_script_domtrans($1, uptimed_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 uptimed_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, uptimed_t, uptimed_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, uptimed_etc_t)
diff --git a/policy/modules/contrib/uucp.if b/policy/modules/contrib/uucp.if
index af9acc0..dc16612 100644
--- a/policy/modules/contrib/uucp.if
+++ b/policy/modules/contrib/uucp.if
@@ -104,10 +104,7 @@ interface(`uucp_admin',`
type uucpd_var_run_t, uucpd_initrc_exec_t;
')
- init_labeled_script_domtrans($1, uucpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 uucpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, uucpd_t, uucpd_initrc_exec_t)
allow $1 uucpd_t:process { ptrace signal_perms };
ps_process_pattern($1, uucpd_t)
diff --git a/policy/modules/contrib/uuidd.if b/policy/modules/contrib/uuidd.if
index 6e48653..a576a6e 100644
--- a/policy/modules/contrib/uuidd.if
+++ b/policy/modules/contrib/uuidd.if
@@ -181,10 +181,7 @@ interface(`uuidd_admin',`
allow $1 uuidd_t:process signal_perms;
ps_process_pattern($1, uuidd_t)
- uuidd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 uuidd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, uuidd_t, uuidd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, uuidd_var_lib_t)
diff --git a/policy/modules/contrib/varnishd.if b/policy/modules/contrib/varnishd.if
index 1c35171..fa2ccbf 100644
--- a/policy/modules/contrib/varnishd.if
+++ b/policy/modules/contrib/varnishd.if
@@ -160,10 +160,7 @@ interface(`varnishd_admin_varnishlog',`
allow $1 varnishlog_t:process { ptrace signal_perms };
ps_process_pattern($1, varnishlog_t)
- init_labeled_script_domtrans($1, varnishlog_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 varnishlog_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, varnishlog_t, varnishlog_initrc_exec_t)
files_list_pids($1)
admin_pattern($1, varnishlog_var_run_t)
@@ -199,10 +196,7 @@ interface(`varnishd_admin',`
allow $1 varnishd_t:process { ptrace signal_perms };
ps_process_pattern($1, varnishd_t)
- init_labeled_script_domtrans($1, varnishd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 varnishd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, varnishd_t, varnishd_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, varnishd_var_lib_t)
diff --git a/policy/modules/contrib/vdagent.if b/policy/modules/contrib/vdagent.if
index 31c752e..6957e8a 100644
--- a/policy/modules/contrib/vdagent.if
+++ b/policy/modules/contrib/vdagent.if
@@ -121,10 +121,7 @@ interface(`vdagent_admin',`
allow $1 vdagent_t:process signal_perms;
ps_process_pattern($1, vdagent_t)
- init_labeled_script_domtrans($1, vdagentd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 vdagentd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, vdagentd_t, vdagentd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, vdagent_log_t)
diff --git a/policy/modules/contrib/vhostmd.if b/policy/modules/contrib/vhostmd.if
index 22edd58..d7cff66 100644
--- a/policy/modules/contrib/vhostmd.if
+++ b/policy/modules/contrib/vhostmd.if
@@ -219,10 +219,7 @@ interface(`vhostmd_admin',`
allow $1 vhostmd_t:process { ptrace signal_perms };
ps_process_pattern($1, vhostmd_t)
- vhostmd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 vhostmd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, vhostmd_t, vhostmd_initrc_exec_t)
fs_search_tmpfs($1)
admin_pattern($1, vhostmd_tmpfs_t)
diff --git a/policy/modules/contrib/virt.if b/policy/modules/contrib/virt.if
index 7c97c87..13023a1 100644
--- a/policy/modules/contrib/virt.if
+++ b/policy/modules/contrib/virt.if
@@ -1176,10 +1176,7 @@ interface(`virt_admin',`
ps_process_pattern($1, { virt_domain svirt_lxc_domain virtd_t })
ps_process_pattern($1, { virtd_lxc_t virsh_t virt_bridgehelper_t virt_qmf_t })
- init_labeled_script_domtrans($1, virtd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 virtd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, virtd_t, virtd_initrc_exec_t)
fs_search_tmpfs($1)
admin_pattern($1, virt_tmpfs_type)
diff --git a/policy/modules/contrib/vnstatd.if b/policy/modules/contrib/vnstatd.if
index 137ac44..2a711fa 100644
--- a/policy/modules/contrib/vnstatd.if
+++ b/policy/modules/contrib/vnstatd.if
@@ -168,10 +168,7 @@ interface(`vnstatd_admin',`
allow $1 vnstatd_t:process { ptrace signal_perms };
ps_process_pattern($1, vnstatd_t)
- init_labeled_script_domtrans($1, vnstatd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 vnstatd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, vnstatd_t, vnstatd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, vnstatd_var_run_t)
diff --git a/policy/modules/contrib/watchdog.if b/policy/modules/contrib/watchdog.if
index 6461a77..c2b2dd4 100644
--- a/policy/modules/contrib/watchdog.if
+++ b/policy/modules/contrib/watchdog.if
@@ -26,10 +26,7 @@ interface(`watchdog_admin',`
allow $1 watchdog_t:process { ptrace signal_perms };
ps_process_pattern($1, watchdog_t)
- init_labeled_script_domtrans($1, watchdog_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 watchdog_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, watchdog_t, watchdog_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, watchdog_log_t)
diff --git a/policy/modules/contrib/wdmd.if b/policy/modules/contrib/wdmd.if
index 1e3aec0..f76d6e6 100644
--- a/policy/modules/contrib/wdmd.if
+++ b/policy/modules/contrib/wdmd.if
@@ -45,10 +45,7 @@ interface(`wdmd_admin',`
allow $1 wdmd_t:process { ptrace signal_perms };
ps_process_pattern($1, wdmd_t)
- init_labeled_script_domtrans($1, wdmd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 wdmd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, wdmd_t, wdmd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, wdmd_var_run_t)
diff --git a/policy/modules/contrib/xfs.if b/policy/modules/contrib/xfs.if
index 4570b86..609b464 100644
--- a/policy/modules/contrib/xfs.if
+++ b/policy/modules/contrib/xfs.if
@@ -84,10 +84,7 @@ interface(`xfs_admin',`
allow $1 xfs_t:process { ptrace signal_perms };
ps_process_pattern($1, xfs_t)
- init_labeled_script_domtrans($1, xfs_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 xfs_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, xfs_t, xfs_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, xfs_var_run_t)
diff --git a/policy/modules/contrib/zabbix.if b/policy/modules/contrib/zabbix.if
index 29d87d7..5932ce4 100644
--- a/policy/modules/contrib/zabbix.if
+++ b/policy/modules/contrib/zabbix.if
@@ -146,10 +146,8 @@ interface(`zabbix_admin',`
allow $1 { zabbix_t zabbix_agent_t }:process { ptrace signal_perms };
ps_process_pattern($1, { zabbix_t zabbix_agent_t })
- init_labeled_script_domtrans($1, { zabbix_agent_initrc_exec_t zabbix_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { zabbix_agent_initrc_exec_t zabbix_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, zabbix_t, zabbix_initrc_exec_t)
+ init_manage_service_template($1, $2, zabbix_agent_t, zabbix_agent_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, zabbix_log_t)
diff --git a/policy/modules/contrib/zarafa.if b/policy/modules/contrib/zarafa.if
index 83b4ca5..240d160 100644
--- a/policy/modules/contrib/zarafa.if
+++ b/policy/modules/contrib/zarafa.if
@@ -152,10 +152,7 @@ interface(`zarafa_admin',`
allow $1 zarafa_domain:process { ptrace signal_perms };
ps_process_pattern($1, zarafa_domain)
- init_labeled_script_domtrans($1, zarafa_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 zarafa_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, zarafa_t, zarafa_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, zarafa_etc_t)
diff --git a/policy/modules/contrib/zebra.if b/policy/modules/contrib/zebra.if
index 3416401..a011864 100644
--- a/policy/modules/contrib/zebra.if
+++ b/policy/modules/contrib/zebra.if
@@ -69,10 +69,7 @@ interface(`zebra_admin',`
allow $1 zebra_t:process { ptrace signal_perms };
ps_process_pattern($1, zebra_t)
- init_labeled_script_domtrans($1, zebra_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 zebra_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, zebra_t, zebra_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, zebra_conf_t)
^ permalink raw reply related [flat|nested] 62+ messages in thread
* [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/
@ 2015-05-16 11:32 Jason Zaman
0 siblings, 0 replies; 62+ messages in thread
From: Jason Zaman @ 2015-05-16 11:32 UTC (permalink / raw
To: gentoo-commits
commit: 985425010d0e2cf547ad2f00b1b39d8863ca07b1
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri May 15 17:21:24 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat May 16 11:13:00 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=98542501
use init_manage_service_template in _admin interfaces A-M
Most foo_admin interfaces have transitions on the
foo_initrc_exec_t to system_r. These are only applicable
for RedHat <6. This replaces them with a template which
can easily be changed for other init systems.
make validate passes for all combinations of distros,
standard/mcs/mls, monolithic y/n and direct_initrc y/n
This patch is for files starting with A-M.
policy/modules/contrib/abrt.if | 5 +----
policy/modules/contrib/acct.if | 5 +----
policy/modules/contrib/afs.if | 5 +----
policy/modules/contrib/aiccu.if | 5 +----
policy/modules/contrib/aisexec.if | 5 +----
policy/modules/contrib/amavis.if | 5 +----
policy/modules/contrib/amtu.if | 5 +----
policy/modules/contrib/apache.if | 5 +----
policy/modules/contrib/apcupsd.if | 5 +----
policy/modules/contrib/apm.if | 5 +----
policy/modules/contrib/arpwatch.if | 5 +----
policy/modules/contrib/asterisk.if | 5 +----
policy/modules/contrib/automount.if | 5 +----
policy/modules/contrib/avahi.if | 5 +----
policy/modules/contrib/bacula.if | 5 +----
policy/modules/contrib/bcfg2.if | 5 +----
policy/modules/contrib/bind.if | 5 +----
policy/modules/contrib/bird.if | 5 +----
policy/modules/contrib/bitlbee.if | 5 +----
policy/modules/contrib/bluetooth.if | 5 +----
policy/modules/contrib/boinc.if | 5 +----
policy/modules/contrib/cachefilesd.if | 5 +----
policy/modules/contrib/callweaver.if | 5 +----
policy/modules/contrib/canna.if | 5 +----
policy/modules/contrib/ccs.if | 5 +----
policy/modules/contrib/certmaster.if | 5 +----
policy/modules/contrib/certmonger.if | 5 +----
policy/modules/contrib/cfengine.if | 5 +----
policy/modules/contrib/cgroup.if | 7 ++-----
policy/modules/contrib/chronyd.if | 5 +----
policy/modules/contrib/cipe.if | 5 +----
policy/modules/contrib/clamav.if | 5 +----
policy/modules/contrib/cmirrord.if | 5 +----
policy/modules/contrib/cobbler.if | 5 +----
policy/modules/contrib/collectd.if | 5 +----
policy/modules/contrib/condor.if | 5 +----
policy/modules/contrib/corosync.if | 5 +----
policy/modules/contrib/couchdb.if | 5 +----
policy/modules/contrib/ctdb.if | 5 +----
policy/modules/contrib/cups.if | 5 +----
policy/modules/contrib/cvs.if | 5 +----
policy/modules/contrib/cyphesis.if | 5 +----
policy/modules/contrib/cyrus.if | 5 +----
policy/modules/contrib/dante.if | 5 +----
policy/modules/contrib/ddclient.if | 5 +----
policy/modules/contrib/denyhosts.if | 5 +----
policy/modules/contrib/dhcp.if | 5 +----
policy/modules/contrib/dictd.if | 5 +----
policy/modules/contrib/dirmngr.if | 5 +----
policy/modules/contrib/distcc.if | 5 +----
policy/modules/contrib/dkim.if | 5 +----
policy/modules/contrib/dnsmasq.if | 5 +----
policy/modules/contrib/dnssectrigger.if | 5 +----
policy/modules/contrib/dovecot.if | 5 +----
policy/modules/contrib/drbd.if | 5 +----
policy/modules/contrib/dspam.if | 5 +----
policy/modules/contrib/entropyd.if | 5 +----
policy/modules/contrib/exim.if | 5 +----
policy/modules/contrib/fail2ban.if | 5 +----
policy/modules/contrib/fcoe.if | 5 +----
policy/modules/contrib/fetchmail.if | 5 +----
policy/modules/contrib/firewalld.if | 5 +----
policy/modules/contrib/ftp.if | 5 +----
policy/modules/contrib/gatekeeper.if | 5 +----
policy/modules/contrib/gdomap.if | 5 +----
policy/modules/contrib/glance.if | 6 ++----
policy/modules/contrib/glusterfs.if | 5 +----
policy/modules/contrib/gpm.if | 5 +----
policy/modules/contrib/gpsd.if | 5 +----
policy/modules/contrib/hadoop.if | 5 +----
policy/modules/contrib/hddtemp.if | 5 +----
policy/modules/contrib/howl.if | 5 +----
policy/modules/contrib/hypervkvp.if | 5 +----
policy/modules/contrib/i18n_input.if | 5 +----
policy/modules/contrib/icecast.if | 5 +----
policy/modules/contrib/ifplugd.if | 5 +----
policy/modules/contrib/inn.if | 5 +----
policy/modules/contrib/iodine.if | 5 +----
policy/modules/contrib/ircd.if | 5 +----
policy/modules/contrib/irqbalance.if | 5 +----
policy/modules/contrib/iscsi.if | 5 +----
policy/modules/contrib/isns.if | 5 +----
policy/modules/contrib/jabber.if | 5 +----
policy/modules/contrib/kdump.if | 5 +----
policy/modules/contrib/kerberos.if | 5 +----
policy/modules/contrib/kerneloops.if | 5 +----
policy/modules/contrib/keystone.if | 5 +----
policy/modules/contrib/kismet.if | 5 +----
policy/modules/contrib/ksmtuned.if | 5 +----
policy/modules/contrib/kudzu.if | 5 +----
policy/modules/contrib/l2tp.if | 5 +----
policy/modules/contrib/ldap.if | 5 +----
policy/modules/contrib/likewise.if | 5 +----
policy/modules/contrib/lircd.if | 5 +----
policy/modules/contrib/lldpad.if | 5 +----
policy/modules/contrib/mailscanner.if | 5 +----
policy/modules/contrib/mcelog.if | 5 +----
policy/modules/contrib/memcached.if | 5 +----
policy/modules/contrib/minidlna.if | 5 +----
policy/modules/contrib/minissdpd.if | 5 +----
policy/modules/contrib/mongodb.if | 5 +----
policy/modules/contrib/monop.if | 5 +----
policy/modules/contrib/mpd.if | 5 +----
policy/modules/contrib/mrtg.if | 5 +----
policy/modules/contrib/munin.if | 5 +----
policy/modules/contrib/mysql.if | 6 ++----
106 files changed, 109 insertions(+), 425 deletions(-)
diff --git a/policy/modules/contrib/abrt.if b/policy/modules/contrib/abrt.if
index 058d908..22e4ad7 100644
--- a/policy/modules/contrib/abrt.if
+++ b/policy/modules/contrib/abrt.if
@@ -304,10 +304,7 @@ interface(`abrt_admin',`
allow $1 abrt_domain:process { ptrace signal_perms };
ps_process_pattern($1, abrt_domain)
- init_labeled_script_domtrans($1, abrt_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 abrt_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, abrt_t, abrt_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, abrt_etc_t)
diff --git a/policy/modules/contrib/acct.if b/policy/modules/contrib/acct.if
index 81280d0..d1f8699 100644
--- a/policy/modules/contrib/acct.if
+++ b/policy/modules/contrib/acct.if
@@ -106,10 +106,7 @@ interface(`acct_admin',`
allow $1 acct_t:process { ptrace signal_perms };
ps_process_pattern($1, acct_t)
- init_labeled_script_domtrans($1, acct_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 acct_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, acct_t, acct_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, acct_data_t)
diff --git a/policy/modules/contrib/afs.if b/policy/modules/contrib/afs.if
index 3b41be6..4b243ec 100644
--- a/policy/modules/contrib/afs.if
+++ b/policy/modules/contrib/afs.if
@@ -103,10 +103,7 @@ interface(`afs_admin',`
allow $1 afs_domain:process { ptrace signal_perms };
ps_process_pattern($1, afs_domain)
- afs_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 afs_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, afs_domain, afs_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, afs_config_t)
diff --git a/policy/modules/contrib/aiccu.if b/policy/modules/contrib/aiccu.if
index 3b5dcb9..55238af 100644
--- a/policy/modules/contrib/aiccu.if
+++ b/policy/modules/contrib/aiccu.if
@@ -82,10 +82,7 @@ interface(`aiccu_admin',`
allow $1 aiccu_t:process { ptrace signal_perms };
ps_process_pattern($1, aiccu_t)
- aiccu_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 aiccu_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, aiccu_t, aiccu_initrc_exec_t)
admin_pattern($1, aiccu_etc_t)
files_list_etc($1)
diff --git a/policy/modules/contrib/aisexec.if b/policy/modules/contrib/aisexec.if
index a2997fa..2b168f7 100644
--- a/policy/modules/contrib/aisexec.if
+++ b/policy/modules/contrib/aisexec.if
@@ -86,10 +86,7 @@ interface(`aisexecd_admin',`
allow $1 aisexec_t:process { ptrace signal_perms };
ps_process_pattern($1, aisexec_t)
- init_labeled_script_domtrans($1, aisexec_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 aisexec_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, aisexec_t, aisexec_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, aisexec_var_lib_t)
diff --git a/policy/modules/contrib/amavis.if b/policy/modules/contrib/amavis.if
index 60d4f8c..a7770bc 100644
--- a/policy/modules/contrib/amavis.if
+++ b/policy/modules/contrib/amavis.if
@@ -237,10 +237,7 @@ interface(`amavis_admin',`
allow $1 amavis_t:process { ptrace signal_perms };
ps_process_pattern($1, amavis_t)
- amavis_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 amavis_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, amavis_t, amavis_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, amavis_etc_t)
diff --git a/policy/modules/contrib/amtu.if b/policy/modules/contrib/amtu.if
index 884b23b..903e81e 100644
--- a/policy/modules/contrib/amtu.if
+++ b/policy/modules/contrib/amtu.if
@@ -70,8 +70,5 @@ interface(`amtu_admin',`
allow $1 amtu_t:process { ptrace signal_perms };
ps_process_pattern($1, amtu_t)
- init_labeled_script_domtrans($1, amtu_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 amtu_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, amtu_t, amtu_initrc_exec_t)
')
diff --git a/policy/modules/contrib/apache.if b/policy/modules/contrib/apache.if
index 717c6f7..944cfe8 100644
--- a/policy/modules/contrib/apache.if
+++ b/policy/modules/contrib/apache.if
@@ -1318,10 +1318,7 @@ interface(`apache_admin',`
ps_process_pattern($1, { httpd_script_domains httpd_t httpd_helper_t })
ps_process_pattern($1, { httpd_rotatelogs_t httpd_suexec_t httpd_passwd_t })
- init_labeled_script_domtrans($1, httpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 httpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, httpd_t, httpd_initrc_exec_t)
apache_manage_all_content($1)
miscfiles_manage_public_files($1)
diff --git a/policy/modules/contrib/apcupsd.if b/policy/modules/contrib/apcupsd.if
index f3c0aba..d824aa9 100644
--- a/policy/modules/contrib/apcupsd.if
+++ b/policy/modules/contrib/apcupsd.if
@@ -149,10 +149,7 @@ interface(`apcupsd_admin',`
allow $1 apcupsd_t:process { ptrace signal_perms };
ps_process_pattern($1, apcupsd_t)
- apcupsd_initrc_domtrans($1, apcupsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 apcupsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, apcupsd_t, apcupsd_initrc_exec_t)
files_list_var($1)
admin_pattern($1, apcupsd_lock_t)
diff --git a/policy/modules/contrib/apm.if b/policy/modules/contrib/apm.if
index 1a7a97e..bd802ef 100644
--- a/policy/modules/contrib/apm.if
+++ b/policy/modules/contrib/apm.if
@@ -166,10 +166,7 @@ interface(`apm_admin',`
allow $1 apmd_t:process { ptrace signal_perms };
ps_process_pattern($1, apmd_t)
- init_labeled_script_domtrans($1, apmd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 apmd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, apmd_t, apmd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, apmd_log_t)
diff --git a/policy/modules/contrib/arpwatch.if b/policy/modules/contrib/arpwatch.if
index 50c9b9c..b7e293c 100644
--- a/policy/modules/contrib/arpwatch.if
+++ b/policy/modules/contrib/arpwatch.if
@@ -143,10 +143,7 @@ interface(`arpwatch_admin',`
allow $1 arpwatch_t:process { ptrace signal_perms };
ps_process_pattern($1, arpwatch_t)
- arpwatch_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 arpwatch_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, arpwatch_t, arpwatch_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, arpwatch_tmp_t)
diff --git a/policy/modules/contrib/asterisk.if b/policy/modules/contrib/asterisk.if
index 2077053..6099c72 100644
--- a/policy/modules/contrib/asterisk.if
+++ b/policy/modules/contrib/asterisk.if
@@ -127,10 +127,7 @@ interface(`asterisk_admin',`
allow $1 asterisk_t:process { ptrace signal_perms };
ps_process_pattern($1, asterisk_t)
- init_labeled_script_domtrans($1, asterisk_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 asterisk_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, asterisk_t, asterisk_initrc_exec_t)
asterisk_exec($1)
diff --git a/policy/modules/contrib/automount.if b/policy/modules/contrib/automount.if
index f24e369..d430f2d 100644
--- a/policy/modules/contrib/automount.if
+++ b/policy/modules/contrib/automount.if
@@ -159,10 +159,7 @@ interface(`automount_admin',`
allow $1 automount_t:process { ptrace signal_perms };
ps_process_pattern($1, automount_t)
- init_labeled_script_domtrans($1, automount_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 automount_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, automount_t, automount_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, automount_keytab_t)
diff --git a/policy/modules/contrib/avahi.if b/policy/modules/contrib/avahi.if
index 9078c3d..1fd5f7b 100644
--- a/policy/modules/contrib/avahi.if
+++ b/policy/modules/contrib/avahi.if
@@ -264,10 +264,7 @@ interface(`avahi_admin',`
allow $1 avahi_t:process { ptrace signal_perms };
ps_process_pattern($1, avahi_t)
- avahi_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 avahi_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, avahi_t, avahi_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, avahi_var_run_t)
diff --git a/policy/modules/contrib/bacula.if b/policy/modules/contrib/bacula.if
index dcd774e..eebcc36 100644
--- a/policy/modules/contrib/bacula.if
+++ b/policy/modules/contrib/bacula.if
@@ -74,10 +74,7 @@ interface(`bacula_admin',`
allow $1 bacula_t:process { ptrace signal_perms };
ps_process_pattern($1, bacula_t)
- init_labeled_script_domtrans($1, bacula_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 bacula_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, bacula_t, bacula_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, bacula_etc_t)
diff --git a/policy/modules/contrib/bcfg2.if b/policy/modules/contrib/bcfg2.if
index ec95d36..5dbbbf6 100644
--- a/policy/modules/contrib/bcfg2.if
+++ b/policy/modules/contrib/bcfg2.if
@@ -141,10 +141,7 @@ interface(`bcfg2_admin',`
allow $1 bcfg2_t:process { ptrace signal_perms };
ps_process_pattern($1, bcfg2_t)
- bcfg2_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 bcfg2_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, bcfg2_t, bcfg2_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, bcfg2_var_run_t)
diff --git a/policy/modules/contrib/bind.if b/policy/modules/contrib/bind.if
index 531a8f2..35b6677 100644
--- a/policy/modules/contrib/bind.if
+++ b/policy/modules/contrib/bind.if
@@ -370,10 +370,7 @@ interface(`bind_admin',`
allow $1 { named_t ndc_t }:process { ptrace signal_perms };
ps_process_pattern($1, { named_t ndc_t })
- init_labeled_script_domtrans($1, named_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 named_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, named_t, named_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, named_tmp_t)
diff --git a/policy/modules/contrib/bird.if b/policy/modules/contrib/bird.if
index 85c035f..e67c27c 100644
--- a/policy/modules/contrib/bird.if
+++ b/policy/modules/contrib/bird.if
@@ -26,10 +26,7 @@ interface(`bird_admin',`
allow $1 bird_t:process { ptrace signal_perms };
ps_process_pattern($1, bird_t)
- init_labeled_script_domtrans($1, bird_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 bird_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, bird_t, bird_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, bird_etc_t)
diff --git a/policy/modules/contrib/bitlbee.if b/policy/modules/contrib/bitlbee.if
index e73fb79..fd46d30 100644
--- a/policy/modules/contrib/bitlbee.if
+++ b/policy/modules/contrib/bitlbee.if
@@ -47,10 +47,7 @@ interface(`bitlbee_admin',`
allow $1 bitlbee_t:process { ptrace signal_perms };
ps_process_pattern($1, bitlbee_t)
- init_labeled_script_domtrans($1, bitlbee_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 bitlbee_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, bitlbee_t, bitlbee_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, bitlbee_conf_t)
diff --git a/policy/modules/contrib/bluetooth.if b/policy/modules/contrib/bluetooth.if
index c723a0a..756b596 100644
--- a/policy/modules/contrib/bluetooth.if
+++ b/policy/modules/contrib/bluetooth.if
@@ -216,10 +216,7 @@ interface(`bluetooth_admin',`
allow $1 bluetooth_t:process { ptrace signal_perms };
ps_process_pattern($1, bluetooth_t)
- init_labeled_script_domtrans($1, bluetooth_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 bluetooth_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, bluetooth_t, bluetooth_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, bluetooth_tmp_t)
diff --git a/policy/modules/contrib/boinc.if b/policy/modules/contrib/boinc.if
index 02fefaa..fe241e7 100644
--- a/policy/modules/contrib/boinc.if
+++ b/policy/modules/contrib/boinc.if
@@ -28,10 +28,7 @@ interface(`boinc_admin',`
allow $1 { boinc_t boinc_project_t }:process { ptrace signal_perms };
ps_process_pattern($1, { boinc_t boinc_project_t })
- init_labeled_script_domtrans($1, boinc_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 boinc_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, boinc_t, boinc_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, boinc_log_t)
diff --git a/policy/modules/contrib/cachefilesd.if b/policy/modules/contrib/cachefilesd.if
index 8de2ab9..efe2a89 100644
--- a/policy/modules/contrib/cachefilesd.if
+++ b/policy/modules/contrib/cachefilesd.if
@@ -26,10 +26,7 @@ interface(`cachefilesd_admin',`
allow $1 cachefilesd_t:process { ptrace signal_perms };
ps_process_pattern($1, cachefilesd_t)
- init_labeled_script_domtrans($1, cachefilesd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 cachefilesd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cachefilesd_t, cachefilesd_initrc_exec_t)
files_search_var($1)
admin_pattern($1, cachefilesd_cache_t)
diff --git a/policy/modules/contrib/callweaver.if b/policy/modules/contrib/callweaver.if
index 16f1855..e88350c 100644
--- a/policy/modules/contrib/callweaver.if
+++ b/policy/modules/contrib/callweaver.if
@@ -65,10 +65,7 @@ interface(`callweaver_admin',`
allow $1 callweaver_t:process { ptrace signal_perms };
ps_process_pattern($1, callweaver_t)
- init_labeled_script_domtrans($1, callweaver_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 callweaver_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, callweaver_t, callweaver_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, callweaver_log_t)
diff --git a/policy/modules/contrib/canna.if b/policy/modules/contrib/canna.if
index 400db07..079b09e 100644
--- a/policy/modules/contrib/canna.if
+++ b/policy/modules/contrib/canna.if
@@ -46,10 +46,7 @@ interface(`canna_admin',`
allow $1 canna_t:process { ptrace signal_perms };
ps_process_pattern($1, canna_t)
- init_labeled_script_domtrans($1, canna_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 canna_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, canna_t, canna_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, canna_log_t)
diff --git a/policy/modules/contrib/ccs.if b/policy/modules/contrib/ccs.if
index bb17e0f..834cc04 100644
--- a/policy/modules/contrib/ccs.if
+++ b/policy/modules/contrib/ccs.if
@@ -105,10 +105,7 @@ interface(`ccs_admin',`
allow $1 ccs_t:process { ptrace signal_perms };
ps_process_pattern($1, ccs_t)
- init_labeled_script_domtrans($1, ccs_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ccs_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ccs_t, ccs_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, ccs_conf_t)
diff --git a/policy/modules/contrib/certmaster.if b/policy/modules/contrib/certmaster.if
index 0c53b18..25939b6 100644
--- a/policy/modules/contrib/certmaster.if
+++ b/policy/modules/contrib/certmaster.if
@@ -124,10 +124,7 @@ interface(`certmaster_admin',`
allow $1 certmaster_t:process { ptrace signal_perms };
ps_process_pattern($1, certmaster_t)
- init_labeled_script_domtrans($1, certmaster_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 certmaster_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, certmaster_t, certmaster_initrc_exec_t)
files_list_etc($1)
miscfiles_manage_generic_cert_dirs($1)
diff --git a/policy/modules/contrib/certmonger.if b/policy/modules/contrib/certmonger.if
index 008f8ef..a52667d 100644
--- a/policy/modules/contrib/certmonger.if
+++ b/policy/modules/contrib/certmonger.if
@@ -162,10 +162,7 @@ interface(`certmonger_admin',`
ps_process_pattern($1, certmonger_t)
allow $1 certmonger_t:process { ptrace signal_perms };
- certmonger_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 certmonger_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, certmonger_t, certmonger_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, certmonger_var_lib_t)
diff --git a/policy/modules/contrib/cfengine.if b/policy/modules/contrib/cfengine.if
index a731122..a7e3641 100644
--- a/policy/modules/contrib/cfengine.if
+++ b/policy/modules/contrib/cfengine.if
@@ -97,10 +97,7 @@ interface(`cfengine_admin',`
allow $1 cfengine_domain:process { ptrace signal_perms };
ps_process_pattern($1, cfengine_domain)
- init_labeled_script_domtrans($1, cfengine_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 cfengine_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cfengine_domain, cfengine_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, { cfengine_log_t cfengine_var_lib_t })
diff --git a/policy/modules/contrib/cgroup.if b/policy/modules/contrib/cgroup.if
index 85ca63f..6653c55 100644
--- a/policy/modules/contrib/cgroup.if
+++ b/policy/modules/contrib/cgroup.if
@@ -180,11 +180,8 @@ interface(`cgroup_admin',`
admin_pattern($1, cgred_var_run_t)
files_list_pids($1)
- cgroup_initrc_domtrans_cgconfig($1)
- cgroup_initrc_domtrans_cgred($1)
- domain_system_change_exemption($1)
- role_transition $2 { cgconfig_initrc_exec_t cgred_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cgred_t, cgred_initrc_exec_t)
+ init_manage_service_template($1, $2, cgconfig_t, cgconfig_initrc_exec_t)
cgroup_run_cgclear($1, $2)
')
diff --git a/policy/modules/contrib/chronyd.if b/policy/modules/contrib/chronyd.if
index 32e8265..6a121a3 100644
--- a/policy/modules/contrib/chronyd.if
+++ b/policy/modules/contrib/chronyd.if
@@ -184,10 +184,7 @@ interface(`chronyd_admin',`
allow $1 chronyd_t:process { ptrace signal_perms };
ps_process_pattern($1, chronyd_t)
- chronyd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 chronyd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, chronyd_t, chronyd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, chronyd_keys_t)
diff --git a/policy/modules/contrib/cipe.if b/policy/modules/contrib/cipe.if
index 5fb51b2..c590aa2 100644
--- a/policy/modules/contrib/cipe.if
+++ b/policy/modules/contrib/cipe.if
@@ -25,8 +25,5 @@ interface(`cipe_admin',`
allow $1 ciped_t:process { ptrace signal_perms };
ps_process_pattern($1, ciped_t)
- init_labeled_script_domtrans($1, ciped_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ciped_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ciped_t, ciped_initrc_exec_t)
')
diff --git a/policy/modules/contrib/clamav.if b/policy/modules/contrib/clamav.if
index 4cc4a5c..7dc1af4 100644
--- a/policy/modules/contrib/clamav.if
+++ b/policy/modules/contrib/clamav.if
@@ -205,10 +205,7 @@ interface(`clamav_admin',`
allow $1 { clamd_t clamscan_t freshclam_t }:process { ptrace signal_perms };
ps_process_pattern($1, { clamd_t clamscan_t freshclam_t })
- init_labeled_script_domtrans($1, clamd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 clamd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, clamd_t, clamd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, clamd_etc_t)
diff --git a/policy/modules/contrib/cmirrord.if b/policy/modules/contrib/cmirrord.if
index cc4e7cb..4dc9905 100644
--- a/policy/modules/contrib/cmirrord.if
+++ b/policy/modules/contrib/cmirrord.if
@@ -106,10 +106,7 @@ interface(`cmirrord_admin',`
allow $1 cmirrord_t:process { ptrace signal_perms };
ps_process_pattern($1, cmirrord_t)
- cmirrord_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 cmirrord_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cmirrord_t, cmirrord_initrc_exec_t)
files_list_pids($1)
admin_pattern($1, cmirrord_var_run_t)
diff --git a/policy/modules/contrib/cobbler.if b/policy/modules/contrib/cobbler.if
index c223f81..38bc9cc 100644
--- a/policy/modules/contrib/cobbler.if
+++ b/policy/modules/contrib/cobbler.if
@@ -183,10 +183,7 @@ interface(`cobbler_admin',`
allow $1 cobblerd_t:process { ptrace signal_perms };
ps_process_pattern($1, cobblerd_t)
- cobblerd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 cobblerd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cobblerd_t, cobblerd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, cobbler_etc_t)
diff --git a/policy/modules/contrib/collectd.if b/policy/modules/contrib/collectd.if
index 954309e..c5233c8 100644
--- a/policy/modules/contrib/collectd.if
+++ b/policy/modules/contrib/collectd.if
@@ -26,10 +26,7 @@ interface(`collectd_admin',`
allow $1 collectd_t:process { ptrace signal_perms };
ps_process_pattern($1, collectd_t)
- init_labeled_script_domtrans($1, collectd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 collectd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, collectd_t, collectd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, collectd_var_run_t)
diff --git a/policy/modules/contrib/condor.if b/policy/modules/contrib/condor.if
index c80aaf5..21af45f 100644
--- a/policy/modules/contrib/condor.if
+++ b/policy/modules/contrib/condor.if
@@ -66,10 +66,7 @@ interface(`condor_admin',`
allow $1 condor_domain:process { ptrace signal_perms };
ps_process_pattern($1, condor_domain)
- init_labeled_script_domtrans($1, condor_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 condor_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, condor_domain, condor_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, condor_conf_t)
diff --git a/policy/modules/contrib/corosync.if b/policy/modules/contrib/corosync.if
index 694a037..c2b378a 100644
--- a/policy/modules/contrib/corosync.if
+++ b/policy/modules/contrib/corosync.if
@@ -165,10 +165,7 @@ interface(`corosync_admin',`
allow $1 corosync_t:process { ptrace signal_perms };
ps_process_pattern($1, corosync_t)
- corosync_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 corosync_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, corosync_t, corosync_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, corosync_tmp_t)
diff --git a/policy/modules/contrib/couchdb.if b/policy/modules/contrib/couchdb.if
index 715a826..d53f86a 100644
--- a/policy/modules/contrib/couchdb.if
+++ b/policy/modules/contrib/couchdb.if
@@ -103,10 +103,7 @@ interface(`couchdb_admin',`
allow $1 couchdb_t:process { ptrace signal_perms };
ps_process_pattern($1, couchdb_t)
- init_labeled_script_domtrans($1, couchdb_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 couchdb_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, couchdb_t, couchdb_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, couchdb_conf_t)
diff --git a/policy/modules/contrib/ctdb.if b/policy/modules/contrib/ctdb.if
index b25b01d..83e224b 100644
--- a/policy/modules/contrib/ctdb.if
+++ b/policy/modules/contrib/ctdb.if
@@ -66,10 +66,7 @@ interface(`ctdb_admin',`
allow $1 ctdbd_t:process { ptrace signal_perms };
ps_process_pattern($1, ctdbd_t)
- init_labeled_script_domtrans($1, ctdbd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ctdbd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ctdbd_t, ctdbd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, ctdbd_log_t)
diff --git a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
index 3023be7..6025300 100644
--- a/policy/modules/contrib/cups.if
+++ b/policy/modules/contrib/cups.if
@@ -357,10 +357,7 @@ interface(`cups_admin',`
ps_process_pattern($1, { cupsd_t cupsd_config_t cupsd_lpd_t })
ps_process_pattern($1, { cups_pdf_t hplip_t ptal_t })
- init_labeled_script_domtrans($1, cupsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 cupsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cupsd_t, cupsd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { cupsd_etc_t cupsd_rw_etc_t ptal_etc_t })
diff --git a/policy/modules/contrib/cvs.if b/policy/modules/contrib/cvs.if
index 64775fd..01cce48 100644
--- a/policy/modules/contrib/cvs.if
+++ b/policy/modules/contrib/cvs.if
@@ -65,10 +65,7 @@ interface(`cvs_admin',`
allow $1 cvs_t:process { ptrace signal_perms };
ps_process_pattern($1, cvs_t)
- init_labeled_script_domtrans($1, cvs_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 cvs_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cvs_t, cvs_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, cvs_keytab_t)
diff --git a/policy/modules/contrib/cyphesis.if b/policy/modules/contrib/cyphesis.if
index df8aa4a..d929015 100644
--- a/policy/modules/contrib/cyphesis.if
+++ b/policy/modules/contrib/cyphesis.if
@@ -45,10 +45,7 @@ interface(`cyphesis_admin',`
allow $1 cyphesis_t:process { ptrace signal_perms };
ps_process_pattern($1, cyphesis_t)
- init_labeled_script_domtrans($1, cyphesis_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 cyphesis_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cyphesis_t, cyphesis_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, cyphesis_log_t)
diff --git a/policy/modules/contrib/cyrus.if b/policy/modules/contrib/cyrus.if
index 83bfda6..b85d8be 100644
--- a/policy/modules/contrib/cyrus.if
+++ b/policy/modules/contrib/cyrus.if
@@ -67,10 +67,7 @@ interface(`cyrus_admin',`
allow $1 cyrus_t:process { ptrace signal_perms };
ps_process_pattern($1, cyrus_t)
- init_labeled_script_domtrans($1, cyrus_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 cyrus_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, cyrus_t, cyrus_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, cyrus_keytab_t)
diff --git a/policy/modules/contrib/dante.if b/policy/modules/contrib/dante.if
index e709177..85e12ff 100644
--- a/policy/modules/contrib/dante.if
+++ b/policy/modules/contrib/dante.if
@@ -26,10 +26,7 @@ interface(`dante_admin',`
allow $1 dante_t:process { ptrace signal_perms };
ps_process_pattern($1, dante_t)
- init_labeled_script_domtrans($1, dante_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dante_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dante_t, dante_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, dante_conf_t)
diff --git a/policy/modules/contrib/ddclient.if b/policy/modules/contrib/ddclient.if
index 5606b40..ff557b3 100644
--- a/policy/modules/contrib/ddclient.if
+++ b/policy/modules/contrib/ddclient.if
@@ -73,10 +73,7 @@ interface(`ddclient_admin',`
allow $1 ddclient_t:process { ptrace signal_perms };
ps_process_pattern($1, ddclient_t)
- init_labeled_script_domtrans($1, ddclient_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ddclient_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ddclient_t, ddclient_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, ddclient_etc_t)
diff --git a/policy/modules/contrib/denyhosts.if b/policy/modules/contrib/denyhosts.if
index a7326da..822264f 100644
--- a/policy/modules/contrib/denyhosts.if
+++ b/policy/modules/contrib/denyhosts.if
@@ -63,10 +63,7 @@ interface(`denyhosts_admin',`
allow $1 denyhosts_t:process { ptrace signal_perms };
ps_process_pattern($1, denyhosts_t)
- denyhosts_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 denyhosts_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, denyhosts_t, denyhosts_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, denyhosts_var_lib_t)
diff --git a/policy/modules/contrib/dhcp.if b/policy/modules/contrib/dhcp.if
index c697edb..c6c9861 100644
--- a/policy/modules/contrib/dhcp.if
+++ b/policy/modules/contrib/dhcp.if
@@ -84,10 +84,7 @@ interface(`dhcpd_admin',`
allow $1 dhcpd_t:process { ptrace signal_perms };
ps_process_pattern($1, dhcpd_t)
- init_labeled_script_domtrans($1, dhcpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dhcpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dhcpd_t, dhcpd_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, dhcpd_tmp_t)
diff --git a/policy/modules/contrib/dictd.if b/policy/modules/contrib/dictd.if
index 3cc3494..2b08886 100644
--- a/policy/modules/contrib/dictd.if
+++ b/policy/modules/contrib/dictd.if
@@ -41,10 +41,7 @@ interface(`dictd_admin',`
allow $1 dictd_t:process { ptrace signal_perms };
ps_process_pattern($1, dictd_t)
- init_labeled_script_domtrans($1, dictd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dictd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dictd_t, dictd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, dictd_etc_t)
diff --git a/policy/modules/contrib/dirmngr.if b/policy/modules/contrib/dirmngr.if
index e5f6733..68c8c5d 100644
--- a/policy/modules/contrib/dirmngr.if
+++ b/policy/modules/contrib/dirmngr.if
@@ -26,10 +26,7 @@ interface(`dirmngr_admin',`
allow $1 dirmngr_t:process { ptrace signal_perms };
ps_process_pattern($1, dirmngr_t)
- init_labeled_script_domtrans($1, dirmngr_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dirmngr_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dirmngr_t, dirmngr_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, dirmngr_conf_t)
diff --git a/policy/modules/contrib/distcc.if b/policy/modules/contrib/distcc.if
index 473823d..4490ec0 100644
--- a/policy/modules/contrib/distcc.if
+++ b/policy/modules/contrib/distcc.if
@@ -26,10 +26,7 @@ interface(`distcc_admin',`
allow $1 distccd_t:process { ptrace signal_perms };
ps_process_pattern($1, distccd_t)
- init_labeled_script_domtrans($1, distccd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 distccd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, distccd_t, distccd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, distccd_log_t)
diff --git a/policy/modules/contrib/dkim.if b/policy/modules/contrib/dkim.if
index 386e494..26655cc 100644
--- a/policy/modules/contrib/dkim.if
+++ b/policy/modules/contrib/dkim.if
@@ -26,10 +26,7 @@ interface(`dkim_admin',`
allow $1 dkim_milter_t:process { ptrace signal_perms };
ps_process_pattern($1, dkim_milter_t)
- init_labeled_script_domtrans($1, dkim_milter_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dkim_milter_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dkim_milter_t, dkim_milter_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, dkim_milter_private_key_t)
diff --git a/policy/modules/contrib/dnsmasq.if b/policy/modules/contrib/dnsmasq.if
index 62e4948..10ff51a 100644
--- a/policy/modules/contrib/dnsmasq.if
+++ b/policy/modules/contrib/dnsmasq.if
@@ -273,10 +273,7 @@ interface(`dnsmasq_admin',`
allow $1 dnsmasq_t:process { ptrace signal_perms };
ps_process_pattern($1, dnsmasq_t)
- init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dnsmasq_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dnsmasq_t, dnsmasq_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, dnsmasq_lease_t)
diff --git a/policy/modules/contrib/dnssectrigger.if b/policy/modules/contrib/dnssectrigger.if
index 456da5c..880a3fd 100644
--- a/policy/modules/contrib/dnssectrigger.if
+++ b/policy/modules/contrib/dnssectrigger.if
@@ -26,10 +26,7 @@ interface(`dnssectrigger_admin',`
allow $1 dnssec_triggerd_t:process { ptrace signal_perms };
ps_process_pattern($1, dnssec_triggerd_t)
- init_labeled_script_domtrans($1, dnssec_triggerd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dnssec_triggerd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dnssec_triggerd_t, dnssec_triggerd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, dnssec_trigger_conf_t)
diff --git a/policy/modules/contrib/dovecot.if b/policy/modules/contrib/dovecot.if
index d5badb7..4308ca8 100644
--- a/policy/modules/contrib/dovecot.if
+++ b/policy/modules/contrib/dovecot.if
@@ -149,10 +149,7 @@ interface(`dovecot_admin',`
allow $1 dovecot_t:process { ptrace signal_perms };
ps_process_pattern($1, dovecot_t)
- init_labeled_script_domtrans($1, dovecot_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dovecot_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dovecot_t, dovecot_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { dovecot_keytab_t dovecot_etc_t })
diff --git a/policy/modules/contrib/drbd.if b/policy/modules/contrib/drbd.if
index 9a21639..9084ecf 100644
--- a/policy/modules/contrib/drbd.if
+++ b/policy/modules/contrib/drbd.if
@@ -46,10 +46,7 @@ interface(`drbd_admin',`
allow $1 drbd_t:process { ptrace signal_perms };
ps_process_pattern($1, drbd_t)
- init_labeled_script_domtrans($1, drbd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 drbd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, drbd_t, drbd_initrc_exec_t)
files_search_locks($1)
admin_pattern($1, drbd_lock_t)
diff --git a/policy/modules/contrib/dspam.if b/policy/modules/contrib/dspam.if
index 18f2452..c0e8192 100644
--- a/policy/modules/contrib/dspam.if
+++ b/policy/modules/contrib/dspam.if
@@ -66,10 +66,7 @@ interface(`dspam_admin',`
allow $1 dspam_t:process { ptrace signal_perms };
ps_process_pattern($1, dspam_t)
- init_labeled_script_domtrans($1, dspam_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 dspam_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, dspam_t, dspam_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, dspam_log_t)
diff --git a/policy/modules/contrib/entropyd.if b/policy/modules/contrib/entropyd.if
index 1161fbf..776a5c9 100644
--- a/policy/modules/contrib/entropyd.if
+++ b/policy/modules/contrib/entropyd.if
@@ -25,10 +25,7 @@ interface(`entropyd_admin',`
allow $1 entropyd_t:process { ptrace signal_perms };
ps_process_pattern($1, entropyd_t)
- init_labeled_script_domtrans($1, entropyd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 entropyd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, entropyd_t, entropyd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, entropyd_var_run_t)
diff --git a/policy/modules/contrib/exim.if b/policy/modules/contrib/exim.if
index 9bbc690..7ba1907 100644
--- a/policy/modules/contrib/exim.if
+++ b/policy/modules/contrib/exim.if
@@ -288,10 +288,7 @@ interface(`exim_admin',`
allow $1 exim_t:process { ptrace signal_perms };
ps_process_pattern($1, exim_t)
- init_labeled_script_domtrans($1, exim_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 exim_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, exim_t, exim_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, exim_keytab_t)
diff --git a/policy/modules/contrib/fail2ban.if b/policy/modules/contrib/fail2ban.if
index 50d0084..0571b2a 100644
--- a/policy/modules/contrib/fail2ban.if
+++ b/policy/modules/contrib/fail2ban.if
@@ -266,10 +266,7 @@ interface(`fail2ban_admin',`
allow $1 { fail2ban_t fail2ban_client_t }:process { ptrace signal_perms };
ps_process_pattern($1, { fail2ban_t fail2ban_client_t })
- init_labeled_script_domtrans($1, fail2ban_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 fail2ban_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, fail2ban_t, fail2ban_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, fail2ban_log_t)
diff --git a/policy/modules/contrib/fcoe.if b/policy/modules/contrib/fcoe.if
index c3484a9..f241160 100644
--- a/policy/modules/contrib/fcoe.if
+++ b/policy/modules/contrib/fcoe.if
@@ -44,10 +44,7 @@ interface(`fcoe_admin',`
allow $1 fcoemon_t:process { ptrace signal_perms };
ps_process_pattern($1, fcoemon_t)
- init_labeled_script_domtrans($1, fcoemon_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 fcoemon_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, fcoemon_t, fcoemon_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, fcoemon_var_run_t)
diff --git a/policy/modules/contrib/fetchmail.if b/policy/modules/contrib/fetchmail.if
index c3f7916..06f3ebb 100644
--- a/policy/modules/contrib/fetchmail.if
+++ b/policy/modules/contrib/fetchmail.if
@@ -23,10 +23,7 @@ interface(`fetchmail_admin',`
type fetchmail_var_run_t, fetchmail_initrc_exec_t, fetchmail_log_t;
')
- init_labeled_script_domtrans($1, fetchmail_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 fetchmail_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, fetchmail_t, fetchmail_initrc_exec_t)
allow $1 fetchmail_t:process { ptrace signal_perms };
ps_process_pattern($1, fetchmail_t)
diff --git a/policy/modules/contrib/firewalld.if b/policy/modules/contrib/firewalld.if
index c62c567..70c1229 100644
--- a/policy/modules/contrib/firewalld.if
+++ b/policy/modules/contrib/firewalld.if
@@ -86,10 +86,7 @@ interface(`firewalld_admin',`
allow $1 firewalld_t:process { ptrace signal_perms };
ps_process_pattern($1, firewalld_t)
- init_labeled_script_domtrans($1, firewalld_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 firewalld_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, firewalld_t, firewalld_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, firewalld_var_run_t)
diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 65adda9..12b1b3c 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -182,10 +182,7 @@ interface(`ftp_admin',`
allow $1 { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { ftpd_t ftpdctl_t sftpd_t anon_sftpd_t })
- init_labeled_script_domtrans($1, ftpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ftpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ftpd_t, ftpd_initrc_exec_t)
miscfiles_manage_public_files($1)
diff --git a/policy/modules/contrib/gatekeeper.if b/policy/modules/contrib/gatekeeper.if
index 30926d7..c4bc44c 100644
--- a/policy/modules/contrib/gatekeeper.if
+++ b/policy/modules/contrib/gatekeeper.if
@@ -26,10 +26,7 @@ interface(`gatekeeper_admin',`
allow $1 gatekeeper_t:process { ptrace signal_perms };
ps_process_pattern($1, gatekeeper_t)
- init_labeled_script_domtrans($1, gatekeeper_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 gatekeeper_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, gatekeeper_t, gatekeeper_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, gatekeeper_etc_t)
diff --git a/policy/modules/contrib/gdomap.if b/policy/modules/contrib/gdomap.if
index 7d6b6b7..5ecf51d 100644
--- a/policy/modules/contrib/gdomap.if
+++ b/policy/modules/contrib/gdomap.if
@@ -45,10 +45,7 @@ interface(`gdomap_admin',`
allow $1 gdomap_t:process { ptrace signal_perms };
ps_process_pattern($1, gdomap_t)
- init_labeled_script_domtrans($1, gdomap_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 gdomap_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, gdomap_t, gdomap_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, gdomap_conf_t)
diff --git a/policy/modules/contrib/glance.if b/policy/modules/contrib/glance.if
index 9eacb2c..a7725ea 100644
--- a/policy/modules/contrib/glance.if
+++ b/policy/modules/contrib/glance.if
@@ -245,10 +245,8 @@ interface(`glance_admin',`
allow $1 { glance_api_t glance_registry_t }:process signal_perms;
ps_process_pattern($1, { glance_api_t glance_registry_t })
- init_labeled_script_domtrans($1, { glance_api_initrc_exec_t glance_registry_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { glance_api_initrc_exec_t glance_registry_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, glance_api_t, glance_api_initrc_exec_t)
+ init_manage_service_template($1, $2, glance_registry_t, glance_registry_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, glance_log_t)
diff --git a/policy/modules/contrib/glusterfs.if b/policy/modules/contrib/glusterfs.if
index 05233c8..a3f095d 100644
--- a/policy/modules/contrib/glusterfs.if
+++ b/policy/modules/contrib/glusterfs.if
@@ -46,10 +46,7 @@ interface(`glusterfs_admin',`
type glusterd_var_run_t;
')
- init_labeled_script_domtrans($1, glusterd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 glusterd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, glusterd_t, glusterd_initrc_exec_t)
allow $1 glusterd_t:process { ptrace signal_perms };
ps_process_pattern($1, glusterd_t)
diff --git a/policy/modules/contrib/gpm.if b/policy/modules/contrib/gpm.if
index f1528c9..d7de36a 100644
--- a/policy/modules/contrib/gpm.if
+++ b/policy/modules/contrib/gpm.if
@@ -106,10 +106,7 @@ interface(`gpm_admin',`
allow $1 gpm_t:process { ptrace signal_perms };
ps_process_pattern($1, gpm_t)
- init_labeled_script_domtrans($1, gpm_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 gpm_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, gpm_t, gpm_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, gpm_conf_t)
diff --git a/policy/modules/contrib/gpsd.if b/policy/modules/contrib/gpsd.if
index 92eb564..196e0f6 100644
--- a/policy/modules/contrib/gpsd.if
+++ b/policy/modules/contrib/gpsd.if
@@ -91,10 +91,7 @@ interface(`gpsd_admin',`
allow $1 gpsd_t:process { ptrace signal_perms };
ps_process_pattern($1, gpsd_t)
- init_labeled_script_domtrans($1, gpsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 gpsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, gpsd_t, gpsd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, gpsd_var_run_t)
diff --git a/policy/modules/contrib/hadoop.if b/policy/modules/contrib/hadoop.if
index 2b0d488..5d417b4 100644
--- a/policy/modules/contrib/hadoop.if
+++ b/policy/modules/contrib/hadoop.if
@@ -441,10 +441,7 @@ interface(`hadoop_admin',`
allow $1 { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t }:process { ptrace signal_perms };
ps_process_pattern($1, { hadoop_domain hadoop_initrc_domain hadoop_t zookeeper_t zookeeper_server_t })
- init_labeled_script_domtrans($1, hadoop_init_script_file)
- domain_system_change_exemption($1)
- role_transition $2 hadoop_init_script_file system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, hadoop_domain, hadoop_init_script_file)
files_search_etc($1)
admin_pattern($1, { hadoop_etc_t zookeeper_etc_t })
diff --git a/policy/modules/contrib/hddtemp.if b/policy/modules/contrib/hddtemp.if
index 1728071..99acdc8 100644
--- a/policy/modules/contrib/hddtemp.if
+++ b/policy/modules/contrib/hddtemp.if
@@ -63,10 +63,7 @@ interface(`hddtemp_admin',`
allow $1 hddtemp_t:process { ptrace signal_perms };
ps_process_pattern($1, hddtemp_t)
- init_labeled_script_domtrans($1, hddtemp_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 hddtemp_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, hddtemp_t, hddtemp_initrc_exec_t)
admin_pattern($1, hddtemp_etc_t)
files_search_etc($1)
diff --git a/policy/modules/contrib/howl.if b/policy/modules/contrib/howl.if
index dc609f0..b89f82e 100644
--- a/policy/modules/contrib/howl.if
+++ b/policy/modules/contrib/howl.if
@@ -43,10 +43,7 @@ interface(`howl_admin',`
allow $1 howl_t:process { ptrace signal_perms };
ps_process_pattern($1, howl_t)
- init_labeled_script_domtrans($1, howl_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 howl_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, howl_t, howl_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, howl_var_run_t)
diff --git a/policy/modules/contrib/hypervkvp.if b/policy/modules/contrib/hypervkvp.if
index 6517fad..9775774 100644
--- a/policy/modules/contrib/hypervkvp.if
+++ b/policy/modules/contrib/hypervkvp.if
@@ -25,8 +25,5 @@ interface(`hypervkvp_admin',`
allow $1 hypervkvpd_t:process { ptrace signal_perms };
ps_process_pattern($1, hypervkvpd_t)
- init_labeled_script_domtrans($1, hypervkvpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 hypervkvpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, hypervkvpd_t, hypervkvpd_initrc_exec_t)
')
diff --git a/policy/modules/contrib/i18n_input.if b/policy/modules/contrib/i18n_input.if
index 5eab254..37ff663 100644
--- a/policy/modules/contrib/i18n_input.if
+++ b/policy/modules/contrib/i18n_input.if
@@ -40,10 +40,7 @@ interface(`i18n_input_admin',`
allow $1 i18n_input_t:process { ptrace signal_perms };
ps_process_pattern($1, i18n_input_t)
- init_labeled_script_domtrans($1, i18n_input_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 i18n_input_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, i18n_input_t, i18n_input_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, i18n_input_var_run_t)
diff --git a/policy/modules/contrib/icecast.if b/policy/modules/contrib/icecast.if
index 580b533..2d32ce6 100644
--- a/policy/modules/contrib/icecast.if
+++ b/policy/modules/contrib/icecast.if
@@ -176,10 +176,7 @@ interface(`icecast_admin',`
type icecast_var_run_t;
')
- icecast_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 icecast_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, icecast_t, icecast_initrc_exec_t)
allow $1 icecast_t:process { ptrace signal_perms };
ps_process_pattern($1, icecast_t)
diff --git a/policy/modules/contrib/ifplugd.if b/policy/modules/contrib/ifplugd.if
index 8999899..2aacc4e 100644
--- a/policy/modules/contrib/ifplugd.if
+++ b/policy/modules/contrib/ifplugd.if
@@ -122,10 +122,7 @@ interface(`ifplugd_admin',`
allow $1 ifplugd_t:process { ptrace signal_perms };
ps_process_pattern($1, ifplugd_t)
- init_labeled_script_domtrans($1, ifplugd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ifplugd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ifplugd_t, ifplugd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, ifplugd_etc_t)
diff --git a/policy/modules/contrib/inn.if b/policy/modules/contrib/inn.if
index eb87f23..7eff1ab 100644
--- a/policy/modules/contrib/inn.if
+++ b/policy/modules/contrib/inn.if
@@ -230,10 +230,7 @@ interface(`inn_admin',`
type innd_var_run_t, innd_initrc_exec_t;
')
- init_labeled_script_domtrans($1, innd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 innd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, innd_t, innd_initrc_exec_t)
allow $1 innd_t:process { ptrace signal_perms };
ps_process_pattern($1, innd_t)
diff --git a/policy/modules/contrib/iodine.if b/policy/modules/contrib/iodine.if
index a0bfbd0..e813a57 100644
--- a/policy/modules/contrib/iodine.if
+++ b/policy/modules/contrib/iodine.if
@@ -47,8 +47,5 @@ interface(`iodine_admin',`
allow $1 iodined_t:process { ptrace signal_perms };
ps_process_pattern($1, iodined_t)
- init_labeled_script_domtrans($1, iodined_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 iodined_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, iodined_t, iodined_initrc_exec_t)
')
diff --git a/policy/modules/contrib/ircd.if b/policy/modules/contrib/ircd.if
index 1a88664..3a6c3af 100644
--- a/policy/modules/contrib/ircd.if
+++ b/policy/modules/contrib/ircd.if
@@ -23,10 +23,7 @@ interface(`ircd_admin',`
type ircd_log_t, ircd_var_lib_t, ircd_var_run_t;
')
- init_labeled_script_domtrans($1, ircd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ircd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ircd_t, ircd_initrc_exec_t)
allow $1 ircd_t:process { ptrace signal_perms };
ps_process_pattern($1, ircd_t)
diff --git a/policy/modules/contrib/irqbalance.if b/policy/modules/contrib/irqbalance.if
index d7113e7..19b7b16 100644
--- a/policy/modules/contrib/irqbalance.if
+++ b/policy/modules/contrib/irqbalance.if
@@ -25,10 +25,7 @@ interface(`irqbalance_admin',`
allow $1 irqbalance_t:process { ptrace signal_perms };
ps_process_pattern($1, irqbalance_t)
- init_labeled_script_domtrans($1, irqbalance_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 irqbalance_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, irqbalance_t, irqbalance_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, irqbalance_var_run_t)
diff --git a/policy/modules/contrib/iscsi.if b/policy/modules/contrib/iscsi.if
index 1a35420..ce0df75 100644
--- a/policy/modules/contrib/iscsi.if
+++ b/policy/modules/contrib/iscsi.if
@@ -105,10 +105,7 @@ interface(`iscsi_admin',`
allow $1 iscsid_t:process { ptrace signal_perms };
ps_process_pattern($1, iscsid_t)
- init_labeled_script_domtrans($1, iscsi_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 iscsi_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, iscsi_t, iscsi_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, iscsi_log_t)
diff --git a/policy/modules/contrib/isns.if b/policy/modules/contrib/isns.if
index da7e970..c5b8a34 100644
--- a/policy/modules/contrib/isns.if
+++ b/policy/modules/contrib/isns.if
@@ -26,10 +26,7 @@ interface(`isnsd_admin',`
allow $1 isnsd_t:process { ptrace signal_perms };
ps_process_pattern($1, isnsd_t)
- init_labeled_script_domtrans($1, isnsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 isnsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, isnsd_t, isnsd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, isnsd_var_lib_t)
diff --git a/policy/modules/contrib/jabber.if b/policy/modules/contrib/jabber.if
index 7eb3811..40ae8d2 100644
--- a/policy/modules/contrib/jabber.if
+++ b/policy/modules/contrib/jabber.if
@@ -81,10 +81,7 @@ interface(`jabber_admin',`
allow $1 jabberd_domain:process { ptrace signal_perms };
ps_process_pattern($1, jabberd_domain)
- init_labeled_script_domtrans($1, jabberd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 jabberd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, jabberd_domain, jabberd_initrc_exec_t)
files_search_locks($1)
admin_pattern($1, jabberd_lock_t)
diff --git a/policy/modules/contrib/kdump.if b/policy/modules/contrib/kdump.if
index 3a00b3a..94f78c0 100644
--- a/policy/modules/contrib/kdump.if
+++ b/policy/modules/contrib/kdump.if
@@ -102,10 +102,7 @@ interface(`kdump_admin',`
allow $1 { kdump_t kdumpctl_t }:process { ptrace signal_perms };
ps_process_pattern($1, { kdump_t kdumpctl_t })
- init_labeled_script_domtrans($1, kdump_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 kdump_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, kdump_t, kdump_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, kdump_etc_t)
diff --git a/policy/modules/contrib/kerberos.if b/policy/modules/contrib/kerberos.if
index 77a5c49..97fc16c 100644
--- a/policy/modules/contrib/kerberos.if
+++ b/policy/modules/contrib/kerberos.if
@@ -493,10 +493,7 @@ interface(`kerberos_admin',`
allow $1 { kadmind_t krb5kdc_t kpropd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { kadmind_t krb5kdc_t kpropd_t })
- init_labeled_script_domtrans($1, kerberos_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 kerberos_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, { kadmind_t krb5kdc_t }, kerberos_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, kadmind_log_t)
diff --git a/policy/modules/contrib/kerneloops.if b/policy/modules/contrib/kerneloops.if
index 714448f..5077ce5 100644
--- a/policy/modules/contrib/kerneloops.if
+++ b/policy/modules/contrib/kerneloops.if
@@ -108,10 +108,7 @@ interface(`kerneloops_admin',`
allow $1 kerneloops_t:process { ptrace signal_perms };
ps_process_pattern($1, kerneloops_t)
- init_labeled_script_domtrans($1, kerneloops_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 kerneloops_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, kerneloops_t, kerneloops_initrc_exec_t)
files_search_tmp($1)
admin_pattern($1, kerneloops_tmp_t)
diff --git a/policy/modules/contrib/keystone.if b/policy/modules/contrib/keystone.if
index e88fb16..44aba27 100644
--- a/policy/modules/contrib/keystone.if
+++ b/policy/modules/contrib/keystone.if
@@ -26,10 +26,7 @@ interface(`keystone_admin',`
allow $1 keystone_t:process { ptrace signal_perms };
ps_process_pattern($1, keystone_t)
- init_labeled_script_domtrans($1, keystone_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 keystone_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, keystone_t, keystone_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, keystone_log_t)
diff --git a/policy/modules/contrib/kismet.if b/policy/modules/contrib/kismet.if
index f20de6e..9ef087d 100644
--- a/policy/modules/contrib/kismet.if
+++ b/policy/modules/contrib/kismet.if
@@ -286,10 +286,7 @@ interface(`kismet_admin',`
type kismet_log_t, kismet_tmp_t, kismet_initrc_exec_t;
')
- init_labeled_script_domtrans($1, kismet_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 kismet_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, kismet_t, kismet_initrc_exec_t)
ps_process_pattern($1, kismet_t)
allow $1 kismet_t:process { ptrace signal_perms };
diff --git a/policy/modules/contrib/ksmtuned.if b/policy/modules/contrib/ksmtuned.if
index 93a64bc..cc0227e 100644
--- a/policy/modules/contrib/ksmtuned.if
+++ b/policy/modules/contrib/ksmtuned.if
@@ -61,10 +61,7 @@ interface(`ksmtuned_admin',`
type ksmtuned_initrc_exec_t, ksmtuned_log_t;
')
- ksmtuned_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 ksmtuned_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, ksmtuned_t, ksmtuned_initrc_exec_t)
allow $1 ksmtuned_t:process { ptrace signal_perms };
ps_process_pattern($1, ksmtuned_t)
diff --git a/policy/modules/contrib/kudzu.if b/policy/modules/contrib/kudzu.if
index 5297064..4b9caf4 100644
--- a/policy/modules/contrib/kudzu.if
+++ b/policy/modules/contrib/kudzu.if
@@ -89,10 +89,7 @@ interface(`kudzu_admin',`
allow $1 kudzu_t:process { ptrace signal_perms };
ps_process_pattern($1, kudzu_t)
- init_labeled_script_domtrans($1, kudzu_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 kudzu_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, kudzu_t, kudzu_initrc_exec_t)
files_search_tmp($1)
admin_pattern($1, kudzu_tmp_t)
diff --git a/policy/modules/contrib/l2tp.if b/policy/modules/contrib/l2tp.if
index 73e2803..f981467 100644
--- a/policy/modules/contrib/l2tp.if
+++ b/policy/modules/contrib/l2tp.if
@@ -86,10 +86,7 @@ interface(`l2tp_admin',`
allow $1 l2tpd_t:process { ptrace signal_perms };
ps_process_pattern($1, l2tpd_t)
- init_labeled_script_domtrans($1, l2tpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 l2tpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, l2tpd_t, l2tpd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, l2tp_conf_t)
diff --git a/policy/modules/contrib/ldap.if b/policy/modules/contrib/ldap.if
index 7f09b4a..8738743 100644
--- a/policy/modules/contrib/ldap.if
+++ b/policy/modules/contrib/ldap.if
@@ -122,10 +122,7 @@ interface(`ldap_admin',`
allow $1 slapd_t:process { ptrace signal_perms };
ps_process_pattern($1, slapd_t)
- init_labeled_script_domtrans($1, slapd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 slapd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, slapd_t, slapd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { slapd_etc_t slapd_db_t slapd_cert_t slapd_keytab_t })
diff --git a/policy/modules/contrib/likewise.if b/policy/modules/contrib/likewise.if
index bd20e8c..0dedf0a 100644
--- a/policy/modules/contrib/likewise.if
+++ b/policy/modules/contrib/likewise.if
@@ -110,10 +110,7 @@ interface(`likewise_admin',`
allow $1 likewise_domains:process { ptrace signal_perms };
ps_process_pattern($1, likewise_domains)
- init_labeled_script_domtrans($1, likewise_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 likewise_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, likewise_domains, likewise_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { likewise_etc_t likewise_pstore_lock_t likewise_krb5_ad_t })
diff --git a/policy/modules/contrib/lircd.if b/policy/modules/contrib/lircd.if
index dff21a7..4eda783 100644
--- a/policy/modules/contrib/lircd.if
+++ b/policy/modules/contrib/lircd.if
@@ -84,10 +84,7 @@ interface(`lircd_admin',`
allow $1 lircd_t:process { ptrace signal_perms };
ps_process_pattern($1, lircd_t)
- init_labeled_script_domtrans($1, lircd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 lircd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, lircd_t, lircd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, lircd_etc_t)
diff --git a/policy/modules/contrib/lldpad.if b/policy/modules/contrib/lldpad.if
index d18c960..0e7d6b7 100644
--- a/policy/modules/contrib/lldpad.if
+++ b/policy/modules/contrib/lldpad.if
@@ -45,10 +45,7 @@ interface(`lldpad_admin',`
allow $1 lldpad_t:process { ptrace signal_perms };
ps_process_pattern($1, lldpad_t)
- init_labeled_script_domtrans($1, lldpad_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 lldpad_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, lldpad_t, lldpad_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, lldpad_var_lib_t)
diff --git a/policy/modules/contrib/mailscanner.if b/policy/modules/contrib/mailscanner.if
index 214cb44..05767bd 100644
--- a/policy/modules/contrib/mailscanner.if
+++ b/policy/modules/contrib/mailscanner.if
@@ -47,10 +47,7 @@ interface(`mscan_admin',`
allow $1 mscan_t:process { ptrace signal_perms };
ps_process_pattern($1, mscan_t)
- init_labeled_script_domtrans($1, mscan_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 mscan_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, mscan_t, mscan_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, mscan_etc_t)
diff --git a/policy/modules/contrib/mcelog.if b/policy/modules/contrib/mcelog.if
index f89651e..bdcf3e2 100644
--- a/policy/modules/contrib/mcelog.if
+++ b/policy/modules/contrib/mcelog.if
@@ -45,10 +45,7 @@ interface(`mcelog_admin',`
allow $1 mcelog_t:process { ptrace signal_perms };
ps_process_pattern($1, mcelog_t)
- init_labeled_script_domtrans($1, mcelog_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 mcelog_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, mcelog_t, mcelog_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, mcelog_etc_t)
diff --git a/policy/modules/contrib/memcached.if b/policy/modules/contrib/memcached.if
index 1d4eb19..9449397 100644
--- a/policy/modules/contrib/memcached.if
+++ b/policy/modules/contrib/memcached.if
@@ -124,10 +124,7 @@ interface(`memcached_admin',`
allow $1 memcached_t:process { ptrace signal_perms };
ps_process_pattern($1, memcached_t)
- init_labeled_script_domtrans($1, memcached_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 memcached_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, memcached_t, memcached_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, memcached_var_run_t)
diff --git a/policy/modules/contrib/minidlna.if b/policy/modules/contrib/minidlna.if
index 358917a..cc883c0 100644
--- a/policy/modules/contrib/minidlna.if
+++ b/policy/modules/contrib/minidlna.if
@@ -26,10 +26,7 @@ interface(`minidlna_admin',`
allow $1 minidlna_t:process { ptrace signal_perms };
ps_process_pattern($1, minidlna_t)
- minidlna_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 minidlna_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, minidlna_t, minidlna_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, minidlna_conf_t)
diff --git a/policy/modules/contrib/minissdpd.if b/policy/modules/contrib/minissdpd.if
index f37a116..56d3a93 100644
--- a/policy/modules/contrib/minissdpd.if
+++ b/policy/modules/contrib/minissdpd.if
@@ -45,10 +45,7 @@ interface(`minissdpd_admin',`
allow $1 minissdpd_t:process { ptrace signal_perms };
ps_process_pattern($1, minissdpd_t)
- init_labeled_script_domtrans($1, minissdpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 minissdpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, minissdpd_t, minissdpd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, minissdpd_conf_t)
diff --git a/policy/modules/contrib/mongodb.if b/policy/modules/contrib/mongodb.if
index b247d25..7e28134 100644
--- a/policy/modules/contrib/mongodb.if
+++ b/policy/modules/contrib/mongodb.if
@@ -26,10 +26,7 @@ interface(`mongodb_admin',`
allow $1 mongod_t:process { ptrace signal_perms };
ps_process_pattern($1, mongod_t)
- init_labeled_script_domtrans($1, mongod_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 mongod_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, mongod_t, mongod_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, mongod_log_t)
diff --git a/policy/modules/contrib/monop.if b/policy/modules/contrib/monop.if
index a6ec137..18a9bac 100644
--- a/policy/modules/contrib/monop.if
+++ b/policy/modules/contrib/monop.if
@@ -26,10 +26,7 @@ interface(`monop_admin',`
allow $1 monopd_t:process { ptrace signal_perms };
ps_process_pattern($1, monopd_t)
- init_labeled_script_domtrans($1, monopd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 monopd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, monopd_t, monopd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, monopd_etc_t)
diff --git a/policy/modules/contrib/mpd.if b/policy/modules/contrib/mpd.if
index 5fa77c7..affd9c8 100644
--- a/policy/modules/contrib/mpd.if
+++ b/policy/modules/contrib/mpd.if
@@ -347,10 +347,7 @@ interface(`mpd_admin',`
allow $1 mpd_t:process { ptrace signal_perms };
ps_process_pattern($1, mpd_t)
- mpd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 mpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, mpd_t, mpd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, mpd_etc_t)
diff --git a/policy/modules/contrib/mrtg.if b/policy/modules/contrib/mrtg.if
index c595094..edafa6b 100644
--- a/policy/modules/contrib/mrtg.if
+++ b/policy/modules/contrib/mrtg.if
@@ -47,10 +47,7 @@ interface(`mrtg_admin',`
allow $1 mrtg_t:process { ptrace signal_perms };
ps_process_pattern($1, mrtg_t)
- init_labeled_script_domtrans($1, mrtg_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 mrtg_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, mrtg_t, mrtg_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, mrtg_etc_t)
diff --git a/policy/modules/contrib/munin.if b/policy/modules/contrib/munin.if
index b744fe3..06af328 100644
--- a/policy/modules/contrib/munin.if
+++ b/policy/modules/contrib/munin.if
@@ -173,10 +173,7 @@ interface(`munin_admin',`
allow $1 { munin_plugin_domain munin_t }:process { ptrace signal_perms };
ps_process_pattern($1, { munin_plugin_domain munin_t })
- init_labeled_script_domtrans($1, munin_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 munin_initrc_exec_t system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, munin_t, munin_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, { munin_tmp_t munin_plugin_tmp_content })
diff --git a/policy/modules/contrib/mysql.if b/policy/modules/contrib/mysql.if
index 590748a..f93cbfb 100644
--- a/policy/modules/contrib/mysql.if
+++ b/policy/modules/contrib/mysql.if
@@ -450,10 +450,8 @@ interface(`mysql_admin',`
allow $1 { mysqld_safe_t mysqld_t mysqlmanagerd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { mysqld_safe_t mysqld_t mysqlmanagerd_t })
- init_labeled_script_domtrans($1, { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { mysqlmanagerd_initrc_exec_t mysqld_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_manage_service_template($1, $2, mysqld_t, mysqld_initrc_exec_t)
+ init_manage_service_template($1, $2, mysqlmanagerd_t, mysqlmanagerd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, { mysqlmanagerd_var_run_t mysqld_var_run_t })
^ permalink raw reply related [flat|nested] 62+ messages in thread
end of thread, other threads:[~2015-05-16 11:32 UTC | newest]
Thread overview: 62+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-11-25 20:49 [gentoo-commits] proj/hardened-refpolicy:adminroles commit in: policy/modules/contrib/ Jason Zaman
-- strict thread matches above, loose matches on Subject: below --
2015-05-16 11:32 Jason Zaman
2015-05-16 11:32 Jason Zaman
2015-05-16 11:32 Jason Zaman
2015-05-16 11:32 Jason Zaman
2015-05-16 11:32 Jason Zaman
2015-05-16 11:32 Jason Zaman
2015-02-09 18:35 Jason Zaman
2015-02-09 18:33 [gentoo-commits] proj/hardened-refpolicy:next " Jason Zaman
2015-02-09 18:35 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 Jason Zaman
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:56 [gentoo-commits] proj/hardened-refpolicy:userroles " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-12-03 12:54 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2014-12-03 12:56 ` [gentoo-commits] proj/hardened-refpolicy:adminroles " Jason Zaman
2014-11-25 21:29 Jason Zaman
2014-11-25 21:23 Jason Zaman
2014-11-25 21:18 Jason Zaman
2014-11-25 21:11 Jason Zaman
2014-11-25 21:08 Jason Zaman
2014-11-25 21:03 Jason Zaman
2014-11-25 21:01 Jason Zaman
2014-11-25 20:56 Jason Zaman
2014-11-25 20:53 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:49 Jason Zaman
2014-11-25 20:40 Jason Zaman
2014-11-25 20:36 Jason Zaman
2014-11-25 20:32 Jason Zaman
2014-11-25 20:28 Jason Zaman
2014-11-25 20:24 Jason Zaman
2014-11-25 20:17 Jason Zaman
2014-11-25 20:09 Jason Zaman
2014-11-25 19:59 Jason Zaman
2014-11-25 19:55 Jason Zaman
2014-11-25 19:49 Jason Zaman
2014-11-25 19:49 Jason Zaman
2014-11-25 19:49 Jason Zaman
2014-11-25 19:40 Jason Zaman
2014-11-25 19:24 Jason Zaman
2014-11-25 18:55 Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox