From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-801857-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id 33D23138CD3
for <garchives@archives.gentoo.org>; Fri, 22 May 2015 19:32:40 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id E334CE0903;
Fri, 22 May 2015 19:32:39 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 2AAC3E091B
for <gentoo-commits@lists.gentoo.org>; Fri, 22 May 2015 19:32:34 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by smtp.gentoo.org (Postfix) with ESMTPS id 562EB340BFA
for <gentoo-commits@lists.gentoo.org>; Fri, 22 May 2015 19:32:28 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
by oystercatcher.gentoo.org (Postfix) with ESMTP id 72297A04
for <gentoo-commits@lists.gentoo.org>; Fri, 22 May 2015 19:32:24 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1432322363.0b86dd6784975e36e51eec9b37a18c731adb0bd3.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/nagios.if policy/modules/contrib/nessus.if policy/modules/contrib/networkmanager.if policy/modules/contrib/nis.if policy/modules/contrib/nscd.if policy/modules/contrib/nsd.if policy/modules/contrib/nslcd.if policy/modules/contrib/ntop.if policy/modules/contrib/ntp.if policy/modules/contrib/numad.if policy/modules/contrib/nut.if policy/modules/contrib/oident.if policy/modules/contrib/openct.if policy/modules/contrib/openhpi.if policy/modules/contrib/openvpn.if policy/modules/contrib/openvswitch.if policy/modules/contrib/pacemaker.if policy/modules/contrib/pads.if policy/modules/contrib/pcscd.if policy/modules/contrib/pegasus.if policy/modules/contrib/perdition.if policy/modules/contrib/pingd.if policy/modules/contrib/pkcs.if policy/modules/contrib/polipo.if policy/modules/contrib/portmap.if policy/modules/contrib/portreserve.if policy/modules/contrib/postfix.if policy/modules/contrib/postfixpolicyd.if policy/modules/contrib/postgrey.if policy/module
s/contrib/ppp.if policy/modules/contrib/prelude.if policy/modules/contrib/privoxy.if policy/modules/contrib/psad.if policy/modules/contrib/puppet.if policy/modules/contrib/pxe.if policy/modules/contrib/pyicqt.if policy/modules/contrib/pyzor.if policy/modules/contrib/qpid.if policy/modules/contrib/quantum.if policy/modules/contrib/quota.if policy/modules/contrib/rabbitmq.if policy/modules/contrib/radius.if policy/modules/contrib/radvd.if policy/modules/contrib/raid.if policy/modules/contrib/redis.if policy/modules/contrib/resmgr.if policy/modules/contrib/rgmanager.if policy/modules/contrib/rhcs.if policy/modules/contrib/rhsmcertd.if policy/modules/contrib/ricci.if policy/modules/contrib/rngd.if policy/modules/contrib/roundup.if policy/modules/contrib/rpc.if policy/modules/contrib/rpcbind.if policy/modules/contrib/rpm.if policy/modules/contrib/rtkit.if policy/modules/contrib/rwho.if policy/modules/contrib/samba.if policy/modules/contrib/samhain.if policy/modules/contrib/sanlock.if pol
icy/modules/contrib/sasl.if policy/modules/contrib/sblim.if policy/modules/contrib/sendmail.if policy/modules/contrib/sensord.if policy/modules/contrib/shorewall.if policy/modules/contrib/slpd.if policy/modules/contrib/smartmon.if policy/modules/contrib/smokeping.if policy/modules/contrib/smstools.if policy/modules/contrib/snmp.if policy/modules/contrib/snort.if policy/modules/contrib/soundserver.if policy/modules/contrib/spamassassin.if policy/modules/contrib/squid.if policy/modules/contrib/sssd.if policy/modules/contrib/svnserve.if policy/modules/contrib/sysstat.if policy/modules/contrib/systemtap.if policy/modules/contrib/tcsd.if policy/modules/contrib/tgtd.if policy/modules/contrib/tor.if policy/modules/contrib/transproxy.if policy/modules/contrib/tuned.if policy/modules/contrib/ulogd.if policy/modules/contrib/uptime.if policy/modules/contrib/uucp.if policy/modules/contrib/uuidd.if policy/modules/contrib/varnishd.if policy/modules/contrib/vdagent.if policy/modules/contrib/vhostm
d.if policy/modules/contrib/virt.if policy/modules/contrib/vnstatd.if policy/modules/contrib/watchdog.if policy/modules/contrib/wdmd.if policy/modules/contrib/xfs.if policy/modules/contrib/zabbix.if policy/modules/contrib/zarafa.if policy/modules/contrib/zebra.if
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 0b86dd6784975e36e51eec9b37a18c731adb0bd3
X-VCS-Branch: master
Date: Fri, 22 May 2015 19:32:24 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 62d0a997-b116-49a1-a902-e1890cc60a23
X-Archives-Hash: 690573a7eaad5eacaea034b7a028f499
commit: 0b86dd6784975e36e51eec9b37a18c731adb0bd3
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri May 22 14:08:43 2015 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Fri May 22 19:19:23 2015 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0b86dd67
Use init_startstop_service in admin interfaces N-Z
Most foo_admin interfaces have transitions on the
foo_initrc_exec_t to system_r. These are only applicable
for RedHat <6. This replaces them with the interface
init_startstop_service which can easily be changed for
other init systems.
make validate passes for all combinations of distros,
standard/mcs/mls, monolithic y/n and direct_initrc y/n
This patch is for files starting with N-Z.
policy/modules/contrib/nagios.if | 5 +----
policy/modules/contrib/nessus.if | 5 +----
policy/modules/contrib/networkmanager.if | 5 +----
policy/modules/contrib/nis.if | 7 ++-----
policy/modules/contrib/nscd.if | 5 +----
policy/modules/contrib/nsd.if | 5 +----
policy/modules/contrib/nslcd.if | 5 +----
policy/modules/contrib/ntop.if | 5 +----
policy/modules/contrib/ntp.if | 5 +----
policy/modules/contrib/numad.if | 5 +----
policy/modules/contrib/nut.if | 5 +----
policy/modules/contrib/oident.if | 5 +----
policy/modules/contrib/openct.if | 5 +----
policy/modules/contrib/openhpi.if | 5 +----
policy/modules/contrib/openvpn.if | 5 +----
policy/modules/contrib/openvswitch.if | 5 +----
policy/modules/contrib/pacemaker.if | 5 +----
policy/modules/contrib/pads.if | 5 +----
policy/modules/contrib/pcscd.if | 5 +----
policy/modules/contrib/pegasus.if | 5 +----
policy/modules/contrib/perdition.if | 5 +----
policy/modules/contrib/pingd.if | 5 +----
policy/modules/contrib/pkcs.if | 5 +----
policy/modules/contrib/polipo.if | 5 +----
policy/modules/contrib/portmap.if | 5 +----
policy/modules/contrib/portreserve.if | 5 +----
policy/modules/contrib/postfix.if | 5 +----
policy/modules/contrib/postfixpolicyd.if | 5 +----
policy/modules/contrib/postgrey.if | 5 +----
policy/modules/contrib/ppp.if | 5 +----
policy/modules/contrib/prelude.if | 5 +----
policy/modules/contrib/privoxy.if | 5 +----
policy/modules/contrib/psad.if | 5 +----
policy/modules/contrib/puppet.if | 6 ++----
policy/modules/contrib/pxe.if | 5 +----
policy/modules/contrib/pyicqt.if | 5 +----
policy/modules/contrib/pyzor.if | 5 +----
policy/modules/contrib/qpid.if | 5 +----
policy/modules/contrib/quantum.if | 5 +----
policy/modules/contrib/quota.if | 5 +----
policy/modules/contrib/rabbitmq.if | 5 +----
policy/modules/contrib/radius.if | 5 +----
policy/modules/contrib/radvd.if | 5 +----
policy/modules/contrib/raid.if | 5 +----
policy/modules/contrib/redis.if | 5 +----
policy/modules/contrib/resmgr.if | 5 +----
policy/modules/contrib/rgmanager.if | 5 +----
policy/modules/contrib/rhcs.if | 7 +++----
policy/modules/contrib/rhsmcertd.if | 5 +----
policy/modules/contrib/ricci.if | 5 +----
policy/modules/contrib/rngd.if | 5 +----
policy/modules/contrib/roundup.if | 5 +----
policy/modules/contrib/rpc.if | 7 +++----
policy/modules/contrib/rpcbind.if | 5 +----
policy/modules/contrib/rpm.if | 5 +----
policy/modules/contrib/rtkit.if | 5 +----
policy/modules/contrib/rwho.if | 5 +----
policy/modules/contrib/samba.if | 5 +----
policy/modules/contrib/samhain.if | 5 +----
policy/modules/contrib/sanlock.if | 5 +----
policy/modules/contrib/sasl.if | 5 +----
policy/modules/contrib/sblim.if | 5 +----
policy/modules/contrib/sendmail.if | 4 +---
policy/modules/contrib/sensord.if | 5 +----
policy/modules/contrib/shorewall.if | 5 +----
policy/modules/contrib/slpd.if | 5 +----
policy/modules/contrib/smartmon.if | 5 +----
policy/modules/contrib/smokeping.if | 5 +----
policy/modules/contrib/smstools.if | 5 +----
policy/modules/contrib/snmp.if | 5 +----
policy/modules/contrib/snort.if | 5 +----
policy/modules/contrib/soundserver.if | 5 +----
policy/modules/contrib/spamassassin.if | 5 +----
policy/modules/contrib/squid.if | 5 +----
policy/modules/contrib/sssd.if | 5 +----
policy/modules/contrib/svnserve.if | 5 +----
policy/modules/contrib/sysstat.if | 5 +----
policy/modules/contrib/systemtap.if | 5 +----
policy/modules/contrib/tcsd.if | 5 +----
policy/modules/contrib/tgtd.if | 5 +----
policy/modules/contrib/tor.if | 5 +----
policy/modules/contrib/transproxy.if | 5 +----
policy/modules/contrib/tuned.if | 5 +----
policy/modules/contrib/ulogd.if | 5 +----
policy/modules/contrib/uptime.if | 5 +----
policy/modules/contrib/uucp.if | 5 +----
policy/modules/contrib/uuidd.if | 5 +----
policy/modules/contrib/varnishd.if | 10 ++--------
policy/modules/contrib/vdagent.if | 5 +----
policy/modules/contrib/vhostmd.if | 5 +----
policy/modules/contrib/virt.if | 5 +----
policy/modules/contrib/vnstatd.if | 5 +----
policy/modules/contrib/watchdog.if | 5 +----
policy/modules/contrib/wdmd.if | 5 +----
policy/modules/contrib/xfs.if | 5 +----
policy/modules/contrib/zabbix.if | 6 ++----
policy/modules/contrib/zarafa.if | 5 +----
policy/modules/contrib/zebra.if | 5 +----
98 files changed, 106 insertions(+), 396 deletions(-)
diff --git a/policy/modules/contrib/nagios.if b/policy/modules/contrib/nagios.if
index 0641e97..b73a47b 100644
--- a/policy/modules/contrib/nagios.if
+++ b/policy/modules/contrib/nagios.if
@@ -204,10 +204,7 @@ interface(`nagios_admin',`
allow $1 { nagios_t nrpe_t nagios_plugin_domain }:process { ptrace signal_perms };
ps_process_pattern($1, { nagios_t nrpe_t nagios_plugin_domain })
- init_labeled_script_domtrans($1, nagios_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nagios_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, nagios_t, nagios_initrc_exec_t)
files_search_tmp($1)
admin_pattern($1, { nagios_eventhandler_plugin_tmp_t nagios_tmp_t nagios_system_plugin_tmp_t })
diff --git a/policy/modules/contrib/nessus.if b/policy/modules/contrib/nessus.if
index 42e9ed4..f41ec5f 100644
--- a/policy/modules/contrib/nessus.if
+++ b/policy/modules/contrib/nessus.if
@@ -40,10 +40,7 @@ interface(`nessus_admin',`
allow $1 nessusd_t:process { ptrace signal_perms };
ps_process_pattern($1, nessusd_t)
- init_labeled_script_domtrans($1, nessusd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nessusd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, nessusd_t, nessusd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, nessusd_log_t)
diff --git a/policy/modules/contrib/networkmanager.if b/policy/modules/contrib/networkmanager.if
index b512ce0..152dc57 100644
--- a/policy/modules/contrib/networkmanager.if
+++ b/policy/modules/contrib/networkmanager.if
@@ -297,10 +297,7 @@ interface(`networkmanager_admin',`
allow $1 { wpa_cli_t NetworkManager_t }:process { ptrace signal_perms };
ps_process_pattern($1, { wpa_cli_t NetworkManager_t })
- init_labeled_script_domtrans($1, NetworkManager_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 NetworkManager_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, NetworkManager_t, NetworkManager_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { NetworkManager_etc_t NetworkManager_etc_rw_t })
diff --git a/policy/modules/contrib/nis.if b/policy/modules/contrib/nis.if
index 46e55c3..5acf395 100644
--- a/policy/modules/contrib/nis.if
+++ b/policy/modules/contrib/nis.if
@@ -381,11 +381,8 @@ interface(`nis_admin',`
allow $1 { ypbind_t yppasswdd_t ypserv_t ypxfr_t }:process { ptrace signal_perms };
ps_process_pattern($1, { ypbind_t yppasswdd_t ypserv_t ypxfr_t })
- nis_initrc_domtrans($1)
- nis_initrc_domtrans_ypbind($1)
- domain_system_change_exemption($1)
- role_transition $2 { nis_initrc_exec_t ypbind_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, ypbind_t, ypbind_initrc_exec_t)
+ init_startstop_service($1, $2, ypserv_t, nis_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, { ypserv_tmp_t ypbind_tmp_t })
diff --git a/policy/modules/contrib/nscd.if b/policy/modules/contrib/nscd.if
index 8f2ab09..c83635f 100644
--- a/policy/modules/contrib/nscd.if
+++ b/policy/modules/contrib/nscd.if
@@ -299,10 +299,7 @@ interface(`nscd_admin',`
allow $1 nscd_t:process { ptrace signal_perms };
ps_process_pattern($1, nscd_t)
- init_labeled_script_domtrans($1, nscd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nscd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, nscd_t, nscd_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, nscd_log_t)
diff --git a/policy/modules/contrib/nsd.if b/policy/modules/contrib/nsd.if
index a9c60ff..8ec6ec4 100644
--- a/policy/modules/contrib/nsd.if
+++ b/policy/modules/contrib/nsd.if
@@ -54,10 +54,7 @@ interface(`nsd_admin',`
allow $1 nsd_t:process { ptrace signal_perms };
ps_process_pattern($1, nsd_t)
- init_labeled_script_domtrans($1, nsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, nsd_t, nsd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { nsd_conf_t nsd_db_t })
diff --git a/policy/modules/contrib/nslcd.if b/policy/modules/contrib/nslcd.if
index bbd7cac..b3747da 100644
--- a/policy/modules/contrib/nslcd.if
+++ b/policy/modules/contrib/nslcd.if
@@ -102,10 +102,7 @@ interface(`nslcd_admin',`
allow $1 nslcd_t:process { ptrace signal_perms };
ps_process_pattern($1, nslcd_t)
- nslcd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 nslcd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, nslcd_t, nslcd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, nslcd_conf_t)
diff --git a/policy/modules/contrib/ntop.if b/policy/modules/contrib/ntop.if
index beaee73..60c7793 100644
--- a/policy/modules/contrib/ntop.if
+++ b/policy/modules/contrib/ntop.if
@@ -26,10 +26,7 @@ interface(`ntop_admin',`
allow $1 ntop_t:process { ptrace signal_perms };
ps_process_pattern($1, ntop_t)
- init_labeled_script_domtrans($1, ntop_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ntop_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, ntop_t, ntop_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, ntop_etc_t)
diff --git a/policy/modules/contrib/ntp.if b/policy/modules/contrib/ntp.if
index 6a83626..251f669 100644
--- a/policy/modules/contrib/ntp.if
+++ b/policy/modules/contrib/ntp.if
@@ -166,10 +166,7 @@ interface(`ntp_admin',`
allow $1 ntpd_t:process { ptrace signal_perms };
ps_process_pattern($1, ntpd_t)
- init_labeled_script_domtrans($1, ntpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ntpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, ntpd_t, ntpd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { ntpd_key_t ntp_conf_t })
diff --git a/policy/modules/contrib/numad.if b/policy/modules/contrib/numad.if
index 0d3c270..d1c6b8f 100644
--- a/policy/modules/contrib/numad.if
+++ b/policy/modules/contrib/numad.if
@@ -26,10 +26,7 @@ interface(`numad_admin',`
allow $1 numad_t:process { ptrace signal_perms };
ps_process_pattern($1, numad_t)
- init_labeled_script_domtrans($1, numad_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 numad_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, numad_t, numad_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, numad_log_t)
diff --git a/policy/modules/contrib/nut.if b/policy/modules/contrib/nut.if
index c606ae6..462c079 100644
--- a/policy/modules/contrib/nut.if
+++ b/policy/modules/contrib/nut.if
@@ -26,10 +26,7 @@ interface(`nut_admin',`
allow $1 nut_domain:process { ptrace signal_perms };
ps_process_pattern($1, nut_domain)
- init_labeled_script_domtrans($1, nut_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 nut_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, nut_domain, nut_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, nut_conf_t)
diff --git a/policy/modules/contrib/oident.if b/policy/modules/contrib/oident.if
index 513f452..c317a3a 100644
--- a/policy/modules/contrib/oident.if
+++ b/policy/modules/contrib/oident.if
@@ -131,10 +131,7 @@ interface(`oident_admin',`
allow $1 oidentd_t:process { ptrace signal_perms };
ps_process_pattern($1, oidentd_t)
- init_labeled_script_domtrans($1, oidentd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 oidentd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, oidentd_t, oidentd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, oidentd_config_t)
diff --git a/policy/modules/contrib/openct.if b/policy/modules/contrib/openct.if
index a55238b..61c3eb8 100644
--- a/policy/modules/contrib/openct.if
+++ b/policy/modules/contrib/openct.if
@@ -120,10 +120,7 @@ interface(`openct_admin',`
allow $1 openct_t:process { ptrace signal_perms };
ps_process_pattern($1, openct_t)
- init_labeled_script_domtrans($1, openct_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openct_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, openct_t, openct_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, openct_var_run_t)
diff --git a/policy/modules/contrib/openhpi.if b/policy/modules/contrib/openhpi.if
index 3c86958..ca1e226 100644
--- a/policy/modules/contrib/openhpi.if
+++ b/policy/modules/contrib/openhpi.if
@@ -26,10 +26,7 @@ interface(`openhpi_admin',`
allow $1 openhpid_t:process { ptrace signal_perms };
ps_process_pattern($1, openhpid_t)
- init_labeled_script_domtrans($1, openhpid_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openhpid_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, openhpid_t, openhpid_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, openhpid_var_lib_t)
diff --git a/policy/modules/contrib/openvpn.if b/policy/modules/contrib/openvpn.if
index 6837e9a..a03c258 100644
--- a/policy/modules/contrib/openvpn.if
+++ b/policy/modules/contrib/openvpn.if
@@ -150,10 +150,7 @@ interface(`openvpn_admin',`
allow $1 openvpn_t:process { ptrace signal_perms };
ps_process_pattern($1, openvpn_t)
- init_labeled_script_domtrans($1, openvpn_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openvpn_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, openvpn_t, openvpn_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { openvpn_etc_t openvpn_etc_rw_t })
diff --git a/policy/modules/contrib/openvswitch.if b/policy/modules/contrib/openvswitch.if
index 9b15730..f0133ed 100644
--- a/policy/modules/contrib/openvswitch.if
+++ b/policy/modules/contrib/openvswitch.if
@@ -64,10 +64,7 @@ interface(`openvswitch_admin',`
allow $1 openvswitch_t:process { ptrace signal_perms };
ps_process_pattern($1, openvswitch_t)
- init_labeled_script_domtrans($1, openvswitch_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 openvswitch_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, openvswitch_t, openvswitch_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, openvswitch_conf_t)
diff --git a/policy/modules/contrib/pacemaker.if b/policy/modules/contrib/pacemaker.if
index 9682d9a..44d1cf6 100644
--- a/policy/modules/contrib/pacemaker.if
+++ b/policy/modules/contrib/pacemaker.if
@@ -26,10 +26,7 @@ interface(`pacemaker_admin',`
allow $1 pacemaker_t:process { ptrace signal_perms };
ps_process_pattern($1, pacemaker_t)
- init_labeled_script_domtrans($1, pacemaker_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pacemaker_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pacemaker_t, pacemaker_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, pacemaker_var_lib_t)
diff --git a/policy/modules/contrib/pads.if b/policy/modules/contrib/pads.if
index 6e097c9..4dd3574 100644
--- a/policy/modules/contrib/pads.if
+++ b/policy/modules/contrib/pads.if
@@ -26,10 +26,7 @@ interface(`pads_admin', `
allow $1 pads_t:process { ptrace signal_perms };
ps_process_pattern($1, pads_t)
- init_labeled_script_domtrans($1, pads_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pads_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pads_t, pads_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, pads_var_run_t)
diff --git a/policy/modules/contrib/pcscd.if b/policy/modules/contrib/pcscd.if
index 7f77d32..ac7e60c 100644
--- a/policy/modules/contrib/pcscd.if
+++ b/policy/modules/contrib/pcscd.if
@@ -128,10 +128,7 @@ interface(`pcscd_admin',`
allow $1 pcscd_t:process { ptrace signal_perms };
ps_process_pattern($1, pcscd_t)
- init_labeled_script_domtrans($1, pcscd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pcscd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pcscd_t, pcscd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, pcscd_var_run_t)
diff --git a/policy/modules/contrib/pegasus.if b/policy/modules/contrib/pegasus.if
index d2fc677..eadb012 100644
--- a/policy/modules/contrib/pegasus.if
+++ b/policy/modules/contrib/pegasus.if
@@ -27,10 +27,7 @@ interface(`pegasus_admin',`
allow $1 pegasus_t:process { ptrace signal_perms };
ps_process_pattern($1, pegasus_t)
- init_labeled_script_domtrans($1, pegasus_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pegasus_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pegasus_t, pegasus_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, pegasus_conf_t)
diff --git a/policy/modules/contrib/perdition.if b/policy/modules/contrib/perdition.if
index 47e09e1..092ac61 100644
--- a/policy/modules/contrib/perdition.if
+++ b/policy/modules/contrib/perdition.if
@@ -40,10 +40,7 @@ interface(`perdition_admin',`
allow $1 perdition_t:process { ptrace signal_perms };
ps_process_pattern($1, perdition_t)
- init_labeled_script_domtrans($1, perdition_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 perdition_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, perdition_t, perdition_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, perdition_etc_t)
diff --git a/policy/modules/contrib/pingd.if b/policy/modules/contrib/pingd.if
index 21a6ecb..fe9acb0 100644
--- a/policy/modules/contrib/pingd.if
+++ b/policy/modules/contrib/pingd.if
@@ -84,10 +84,7 @@ interface(`pingd_admin',`
allow $1 pingd_t:process { ptrace signal_perms };
ps_process_pattern($1, pingd_t)
- init_labeled_script_domtrans($1, pingd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pingd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pingd_t, pingd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, pingd_etc_t)
diff --git a/policy/modules/contrib/pkcs.if b/policy/modules/contrib/pkcs.if
index 69be2aa..9d1af4e 100644
--- a/policy/modules/contrib/pkcs.if
+++ b/policy/modules/contrib/pkcs.if
@@ -26,10 +26,7 @@ interface(`pkcs_admin_slotd',`
allow $1 pkcs_slotd_t:process { ptrace signal_perms };
ps_process_pattern($1, pkcs_slotd_t)
- init_labeled_script_domtrans($1, pkcs_slotd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pkcs_slotd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pkcs_slotd_t, pkcs_slotd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, pkcs_slotd_var_lib_t)
diff --git a/policy/modules/contrib/polipo.if b/policy/modules/contrib/polipo.if
index ae27bb7..4b1988d 100644
--- a/policy/modules/contrib/polipo.if
+++ b/policy/modules/contrib/polipo.if
@@ -125,10 +125,7 @@ interface(`polipo_admin',`
allow $1 polipo_system_t:process { ptrace signal_perms };
ps_process_pattern($1, polipo_system_t)
- polipo_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 polipo_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, polipo_t, polipo_initrc_exec_t)
files_search_var($1)
admin_pattern($1, polipo_cache_t)
diff --git a/policy/modules/contrib/portmap.if b/policy/modules/contrib/portmap.if
index 9f982b5..61e1a12 100644
--- a/policy/modules/contrib/portmap.if
+++ b/policy/modules/contrib/portmap.if
@@ -114,10 +114,7 @@ interface(`portmap_admin',`
allow $1 { portmap_t portmap_helper_t }:process { ptrace signal_perms };
ps_process_pattern($1, { portmap_t portmap_helper_t })
- init_labeled_script_domtrans($1, portmap_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 portmap_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, portmap_t, portmap_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, portmap_var_run_t)
diff --git a/policy/modules/contrib/portreserve.if b/policy/modules/contrib/portreserve.if
index 5ad5291..0a90afd 100644
--- a/policy/modules/contrib/portreserve.if
+++ b/policy/modules/contrib/portreserve.if
@@ -108,10 +108,7 @@ interface(`portreserve_admin',`
allow $1 portreserve_t:process { ptrace signal_perms };
ps_process_pattern($1, portreserve_t)
- portreserve_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 portreserve_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, portreserve_t, portreserve_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, portreserve_etc_t)
diff --git a/policy/modules/contrib/postfix.if b/policy/modules/contrib/postfix.if
index 8bc856e..19fe613 100644
--- a/policy/modules/contrib/postfix.if
+++ b/policy/modules/contrib/postfix.if
@@ -720,10 +720,7 @@ interface(`postfix_admin',`
allow $1 postfix_domain:process { ptrace signal_perms };
ps_process_pattern($1, postfix_domain)
- init_labeled_script_domtrans($1, postfix_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 postfix_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, postfix_t, postfix_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { postfix_prng_t postfix_etc_t postfix_exec_t postfix_keytab_t })
diff --git a/policy/modules/contrib/postfixpolicyd.if b/policy/modules/contrib/postfixpolicyd.if
index 5de8173..e462ac0 100644
--- a/policy/modules/contrib/postfixpolicyd.if
+++ b/policy/modules/contrib/postfixpolicyd.if
@@ -26,10 +26,7 @@ interface(`postfixpolicyd_admin',`
allow $1 postfix_policyd_t:process { ptrace signal_perms };
ps_process_pattern($1, postfix_policyd_t)
- init_labeled_script_domtrans($1, postfix_policyd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 postfix_policyd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, postfix_policyd_t, postfix_policyd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, postfix_policyd_conf_t)
diff --git a/policy/modules/contrib/postgrey.if b/policy/modules/contrib/postgrey.if
index b9e71b5..d63198e 100644
--- a/policy/modules/contrib/postgrey.if
+++ b/policy/modules/contrib/postgrey.if
@@ -67,10 +67,7 @@ interface(`postgrey_admin',`
allow $1 postgrey_t:process { ptrace signal_perms };
ps_process_pattern($1, postgrey_t)
- init_labeled_script_domtrans($1, postgrey_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 postgrey_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, postgrey_t, postgrey_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, postgrey_etc_t)
diff --git a/policy/modules/contrib/ppp.if b/policy/modules/contrib/ppp.if
index cd8b8b9..0376e92 100644
--- a/policy/modules/contrib/ppp.if
+++ b/policy/modules/contrib/ppp.if
@@ -487,10 +487,7 @@ interface(`ppp_admin',`
allow $1 { pptp_t pppd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { pptp_t pppd_t })
- ppp_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 pppd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pppd_t, pppd_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, pppd_tmp_t)
diff --git a/policy/modules/contrib/prelude.if b/policy/modules/contrib/prelude.if
index db8f510..ceef90f 100644
--- a/policy/modules/contrib/prelude.if
+++ b/policy/modules/contrib/prelude.if
@@ -126,10 +126,7 @@ interface(`prelude_admin',`
allow $1 { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t }:process { ptrace signal_perms };
ps_process_pattern($1, { prelude_t prelude_audisp_t prelude_lml_t prelude_correlator_t })
- init_labeled_script_domtrans($1, prelude_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 prelude_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, prelude_t, prelude_initrc_exec_t)
files_search_spool($1)
admin_pattern($1, prelude_spool_t)
diff --git a/policy/modules/contrib/privoxy.if b/policy/modules/contrib/privoxy.if
index bdcee30..a35e6ea 100644
--- a/policy/modules/contrib/privoxy.if
+++ b/policy/modules/contrib/privoxy.if
@@ -26,10 +26,7 @@ interface(`privoxy_admin',`
allow $1 privoxy_t:process { ptrace signal_perms };
ps_process_pattern($1, privoxy_t)
- init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 privoxy_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, privoxy_t, privoxy_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, privoxy_log_t)
diff --git a/policy/modules/contrib/psad.if b/policy/modules/contrib/psad.if
index cdc83d2..6ad8703 100644
--- a/policy/modules/contrib/psad.if
+++ b/policy/modules/contrib/psad.if
@@ -242,10 +242,7 @@ interface(`psad_admin',`
allow $1 psad_t:process { ptrace signal_perms };
ps_process_pattern($1, psad_t)
- init_labeled_script_domtrans($1, psad_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 psad_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, psad_t, psad_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, psad_etc_t)
diff --git a/policy/modules/contrib/puppet.if b/policy/modules/contrib/puppet.if
index 7cb8b1f..135dafb 100644
--- a/policy/modules/contrib/puppet.if
+++ b/policy/modules/contrib/puppet.if
@@ -211,10 +211,8 @@ interface(`puppet_admin',`
allow $1 { puppet_t puppetca_t puppetmaster_t }:process { ptrace signal_perms };
ps_process_pattern($1, { puppet_t puppetca_t puppetmaster_t })
- init_labeled_script_domtrans($1, { puppet_initrc_exec_t puppetmaster_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { puppet_initrc_exec_t puppetmaster_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, puppet_t, puppet_initrc_exec_t)
+ init_startstop_service($1, $2, puppetmaster_t, puppetmaster_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, puppet_etc_t)
diff --git a/policy/modules/contrib/pxe.if b/policy/modules/contrib/pxe.if
index 7da286f..e0068b7 100644
--- a/policy/modules/contrib/pxe.if
+++ b/policy/modules/contrib/pxe.if
@@ -26,10 +26,7 @@ interface(`pxe_admin',`
allow $1 pxe_t:process { ptrace signal_perms };
ps_process_pattern($1, pxe_t)
- init_labeled_script_domtrans($1, pxe_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pxe_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pxe_t, pxe_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, pxe_log_t)
diff --git a/policy/modules/contrib/pyicqt.if b/policy/modules/contrib/pyicqt.if
index 0ccea82..1742d8c 100644
--- a/policy/modules/contrib/pyicqt.if
+++ b/policy/modules/contrib/pyicqt.if
@@ -26,10 +26,7 @@ interface(`pyicqt_admin',`
allow $1 pyicqt_t:process { ptrace signal_perms };
ps_process_pattern($1, pyicqt_t)
- init_labeled_script_domtrans($1, pyicqt_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pyicqt_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pyicqt_t, pyicqt_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, pyicqt_conf_t)
diff --git a/policy/modules/contrib/pyzor.if b/policy/modules/contrib/pyzor.if
index c05a504..7bc14f9 100644
--- a/policy/modules/contrib/pyzor.if
+++ b/policy/modules/contrib/pyzor.if
@@ -118,10 +118,7 @@ interface(`pyzor_admin',`
allow $1 pyzord_t:process { ptrace signal_perms };
ps_process_pattern($1, pyzord_t)
- init_labeled_script_domtrans($1, pyzord_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 pyzord_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, pyzord_t, pyzord_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, pyzor_etc_t)
diff --git a/policy/modules/contrib/qpid.if b/policy/modules/contrib/qpid.if
index fe2adf8..531bdc3 100644
--- a/policy/modules/contrib/qpid.if
+++ b/policy/modules/contrib/qpid.if
@@ -177,10 +177,7 @@ interface(`qpidd_admin',`
allow $1 qpidd_t:process { ptrace signal_perms };
ps_process_pattern($1, qpidd_t)
- qpidd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 qpidd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, qpidd_t, qpidd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, qpidd_var_lib_t)
diff --git a/policy/modules/contrib/quantum.if b/policy/modules/contrib/quantum.if
index afc0068..31aa2d9 100644
--- a/policy/modules/contrib/quantum.if
+++ b/policy/modules/contrib/quantum.if
@@ -26,10 +26,7 @@ interface(`quantum_admin',`
allow $1 quantum_t:process { ptrace signal_perms };
ps_process_pattern($1, quantum_t)
- init_labeled_script_domtrans($1, quantum_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 quantum_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, quantum_t, quantum_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, quantum_log_t)
diff --git a/policy/modules/contrib/quota.if b/policy/modules/contrib/quota.if
index 68611e3..c2a5ef4 100644
--- a/policy/modules/contrib/quota.if
+++ b/policy/modules/contrib/quota.if
@@ -184,10 +184,7 @@ interface(`quota_admin',`
allow $1 { quota_nld_t quota_t }:process { ptrace signal_perms };
ps_process_pattern($1, { quota_nld_t quota_t })
- init_labeled_script_domtrans($1, quota_nld_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 quota_nld_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, quota_nld_t, quota_nld_initrc_exec_t)
files_list_all($1)
admin_pattern($1, { quota_db_t quota_flag_t quota_nld_var_run_t })
diff --git a/policy/modules/contrib/rabbitmq.if b/policy/modules/contrib/rabbitmq.if
index 2c3d338..53efd0d 100644
--- a/policy/modules/contrib/rabbitmq.if
+++ b/policy/modules/contrib/rabbitmq.if
@@ -45,10 +45,7 @@ interface(`rabbitmq_admin',`
allow $1 { rabbitmq_epmd_t rabbitmq_beam_t }:process { ptrace signal_perms };
ps_process_pattern($1, { rabbitmq_epmd_t rabbitmq_beam_t })
- init_labeled_script_domtrans($1, rabbitmq_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rabbitmq_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, { rabbitmq_epmd_t rabbitmq_beam_t }, rabbitmq_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, rabbitmq_var_log_t)
diff --git a/policy/modules/contrib/radius.if b/policy/modules/contrib/radius.if
index 4460582..7703bc7 100644
--- a/policy/modules/contrib/radius.if
+++ b/policy/modules/contrib/radius.if
@@ -41,10 +41,7 @@ interface(`radius_admin',`
allow $1 radiusd_t:process { ptrace signal_perms };
ps_process_pattern($1, radiusd_t)
- init_labeled_script_domtrans($1, radiusd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 radiusd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, radiusd_t, radiusd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { radiusd_etc_t radiusd_etc_rw_t })
diff --git a/policy/modules/contrib/radvd.if b/policy/modules/contrib/radvd.if
index ac7058d..38e35fe 100644
--- a/policy/modules/contrib/radvd.if
+++ b/policy/modules/contrib/radvd.if
@@ -26,10 +26,7 @@ interface(`radvd_admin',`
allow $1 radvd_t:process { ptrace signal_perms };
ps_process_pattern($1, radvd_t)
- init_labeled_script_domtrans($1, radvd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 radvd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, radvd_t, radvd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, radvd_etc_t)
diff --git a/policy/modules/contrib/raid.if b/policy/modules/contrib/raid.if
index 951db7f..6d98a94 100644
--- a/policy/modules/contrib/raid.if
+++ b/policy/modules/contrib/raid.if
@@ -91,10 +91,7 @@ interface(`raid_admin_mdadm',`
allow $1 mdadm_t:process { ptrace signal_perms };
ps_process_pattern($1, mdadm_t)
- init_labeled_script_domtrans($1, mdadm_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 mdadm_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, mdadm_t, mdadm_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, mdadm_var_run_t)
diff --git a/policy/modules/contrib/redis.if b/policy/modules/contrib/redis.if
index 3969450..6d86dbf 100644
--- a/policy/modules/contrib/redis.if
+++ b/policy/modules/contrib/redis.if
@@ -26,10 +26,7 @@ interface(`redis_admin',`
allow $1 redis_t:process { ptrace signal_perms };
ps_process_pattern($1, redis_t)
- init_labeled_script_domtrans($1, redis_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 redis_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, redis_t, redis_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, redis_log_t)
diff --git a/policy/modules/contrib/resmgr.if b/policy/modules/contrib/resmgr.if
index 0d93db6..a406934 100644
--- a/policy/modules/contrib/resmgr.if
+++ b/policy/modules/contrib/resmgr.if
@@ -46,10 +46,7 @@ interface(`resmgr_admin',`
allow $1 resmgrd_t:process { ptrace signal_perms };
ps_process_pattern($1, resmgrd_t)
- init_labeled_script_domtrans($1, resmgrd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 resmgrd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, resmgrd_t, resmgrd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, resmgrd_etc_t)
diff --git a/policy/modules/contrib/rgmanager.if b/policy/modules/contrib/rgmanager.if
index 1c2f9aa..1e0ed7a 100644
--- a/policy/modules/contrib/rgmanager.if
+++ b/policy/modules/contrib/rgmanager.if
@@ -105,10 +105,7 @@ interface(`rgmanager_admin',`
allow $1 rgmanager_t:process { ptrace signal_perms };
ps_process_pattern($1, rgmanager_t)
- init_labeled_script_domtrans($1, rgmanager_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rgmanager_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, rgmanager_t, rgmanager_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, rgmanager_tmp_t)
diff --git a/policy/modules/contrib/rhcs.if b/policy/modules/contrib/rhcs.if
index c8bdea2..776c570 100644
--- a/policy/modules/contrib/rhcs.if
+++ b/policy/modules/contrib/rhcs.if
@@ -467,15 +467,14 @@ interface(`rhcs_admin',`
attribute cluster_log;
type dlm_controld_initrc_exec_t, foghorn_initrc_exec_t, fenced_lock_t;
type fenced_tmp_t, qdiskd_var_lib_t;
+ type dlm_controld_t, foghorn_t;
')
allow $1 cluster_domain:process { ptrace signal_perms };
ps_process_pattern($1, cluster_domain)
- init_labeled_script_domtrans($1, { dlm_controld_initrc_exec_t foghorn_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { dlm_controld_initrc_exec_t foghorn_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, dlm_controld_t, dlm_controld_initrc_exec_t)
+ init_startstop_service($1, $2, foghorn_t, foghorn_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, cluster_pid)
diff --git a/policy/modules/contrib/rhsmcertd.if b/policy/modules/contrib/rhsmcertd.if
index 6dbc905..7bdee3c 100644
--- a/policy/modules/contrib/rhsmcertd.if
+++ b/policy/modules/contrib/rhsmcertd.if
@@ -285,10 +285,7 @@ interface(`rhsmcertd_admin',`
allow $1 rhsmcertd_t:process { ptrace signal_perms };
ps_process_pattern($1, rhsmcertd_t)
- rhsmcertd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 rhsmcertd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, rhsmcertd_t, rhsmcertd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, rhsmcertd_log_t)
diff --git a/policy/modules/contrib/ricci.if b/policy/modules/contrib/ricci.if
index 2ab3ed1..086f434 100644
--- a/policy/modules/contrib/ricci.if
+++ b/policy/modules/contrib/ricci.if
@@ -203,10 +203,7 @@ interface(`ricci_admin',`
allow $1 ricci_t:process { ptrace signal_perms };
ps_process_pattern($1, ricci_t)
- init_labeled_script_domtrans($1, ricci_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ricci_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, ricci_t, ricci_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, ricci_tmp_t)
diff --git a/policy/modules/contrib/rngd.if b/policy/modules/contrib/rngd.if
index 13f788f..7b26dc3 100644
--- a/policy/modules/contrib/rngd.if
+++ b/policy/modules/contrib/rngd.if
@@ -25,10 +25,7 @@ interface(`rngd_admin',`
allow $1 rngd_t:process { ptrace signal_perms };
ps_process_pattern($1, rngd_t)
- init_labeled_script_domtrans($1, rngd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rngd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, rngd_t, rngd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, rngd_var_run_t)
diff --git a/policy/modules/contrib/roundup.if b/policy/modules/contrib/roundup.if
index 975bb6a..c874017 100644
--- a/policy/modules/contrib/roundup.if
+++ b/policy/modules/contrib/roundup.if
@@ -26,10 +26,7 @@ interface(`roundup_admin',`
allow $1 roundup_t:process { ptrace signal_perms };
ps_process_pattern($1, roundup_t)
- init_labeled_script_domtrans($1, roundup_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 roundup_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, roundup_t, roundup_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, roundup_var_lib_t)
diff --git a/policy/modules/contrib/rpc.if b/policy/modules/contrib/rpc.if
index 157afd9..fbf5995 100644
--- a/policy/modules/contrib/rpc.if
+++ b/policy/modules/contrib/rpc.if
@@ -395,15 +395,14 @@ interface(`rpc_admin',`
type nfsd_initrc_exec_t, rpcd_initrc_exec_t, exports_t;
type var_lib_nfs_t, rpcd_var_run_t, gssd_tmp_t;
type nfsd_ro_t, nfsd_rw_t, gssd_keytab_t;
+ type nfsd_t, rpcd_t;
')
allow $1 rpc_domain:process { ptrace signal_perms };
ps_process_pattern($1, rpc_domain)
- init_labeled_script_domtrans($1, { nfsd_initrc_exec_t rpcd_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { nfsd_initrc_exec_t rpcd_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, nfsd_t, nfsd_initrc_exec_t)
+ init_startstop_service($1, $2, rpcd_t, rpcd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { gssd_keytab_t exports_t })
diff --git a/policy/modules/contrib/rpcbind.if b/policy/modules/contrib/rpcbind.if
index f78fef0..78ca83a 100644
--- a/policy/modules/contrib/rpcbind.if
+++ b/policy/modules/contrib/rpcbind.if
@@ -160,10 +160,7 @@ interface(`rpcbind_admin',`
allow $1 rpcbind_t:process { ptrace signal_perms };
ps_process_pattern($1, rpcbind_t)
- init_labeled_script_domtrans($1, rpcbind_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rpcbind_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, rpcbind_t, rpcbind_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, rpcbind_var_run_t)
diff --git a/policy/modules/contrib/rpm.if b/policy/modules/contrib/rpm.if
index fc9c8d8..3ff41b3 100644
--- a/policy/modules/contrib/rpm.if
+++ b/policy/modules/contrib/rpm.if
@@ -634,10 +634,7 @@ interface(`rpm_admin',`
allow $1 { rpm_t rpm_script_t }:process { ptrace signal_perms };
ps_process_pattern($1, { rpm_t rpm_script_t })
- init_labeled_script_domtrans($1, rpm_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rpm_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, rpm_t, rpm_initrc_exec_t)
admin_pattern($1, rpm_file_t)
diff --git a/policy/modules/contrib/rtkit.if b/policy/modules/contrib/rtkit.if
index e904ec4..ed6d0cd 100644
--- a/policy/modules/contrib/rtkit.if
+++ b/policy/modules/contrib/rtkit.if
@@ -90,8 +90,5 @@ interface(`rtkit_admin',`
allow $1 rtkit_daemon_t:process { ptrace signal_perms };
ps_process_pattern($1, rtkit_daemon_t)
- init_labeled_script_domtrans($1, rtkit_daemon_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rtkit_daemon_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, rtkit_daemon_t, rtkit_daemon_initrc_exec_t)
')
diff --git a/policy/modules/contrib/rwho.if b/policy/modules/contrib/rwho.if
index 0360ff0..05aa3f1 100644
--- a/policy/modules/contrib/rwho.if
+++ b/policy/modules/contrib/rwho.if
@@ -142,10 +142,7 @@ interface(`rwho_admin',`
allow $1 rwho_t:process { ptrace signal_perms };
ps_process_pattern($1, rwho_t)
- init_labeled_script_domtrans($1, rwho_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 rwho_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, rwho_t, rwho_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, rwho_log_t)
diff --git a/policy/modules/contrib/samba.if b/policy/modules/contrib/samba.if
index 50d07fb..dfc606e 100644
--- a/policy/modules/contrib/samba.if
+++ b/policy/modules/contrib/samba.if
@@ -695,10 +695,7 @@ interface(`samba_admin',`
allow $1 { nmbd_t smbd_t }:process { ptrace signal_perms };
ps_process_pattern($1, { nmbd_t smbd_t })
- init_labeled_script_domtrans($1, samba_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 samba_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, samba_t, samba_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, { samba_etc_t smbd_keytab_t })
diff --git a/policy/modules/contrib/samhain.if b/policy/modules/contrib/samhain.if
index b1ebcee..983fee5 100644
--- a/policy/modules/contrib/samhain.if
+++ b/policy/modules/contrib/samhain.if
@@ -221,10 +221,7 @@ interface(`samhain_admin',`
ps_process_pattern($1, samhain_domain)
# duplicate role transition: remove samhain_admin(sysadm_t, sysadm_r) first
- # init_labeled_script_domtrans($1, samhain_initrc_exec_t)
- # domain_system_change_exemption($1)
- # role_transition $2 samhain_initrc_exec_t system_r;
- # allow $2 system_r;
+ # init_startstop_service($1, $2, samhain_domain, samhain_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, samhain_db_t)
diff --git a/policy/modules/contrib/sanlock.if b/policy/modules/contrib/sanlock.if
index cd6c213..dbca6c8 100644
--- a/policy/modules/contrib/sanlock.if
+++ b/policy/modules/contrib/sanlock.if
@@ -104,10 +104,7 @@ interface(`sanlock_admin',`
allow $1 sanlock_t:process { ptrace signal_perms };
ps_process_pattern($1, sanlock_t)
- sanlock_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 sanlock_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, sanlock_t, sanlock_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, sanlock_var_run_t)
diff --git a/policy/modules/contrib/sasl.if b/policy/modules/contrib/sasl.if
index 8c3c151..edb4de2 100644
--- a/policy/modules/contrib/sasl.if
+++ b/policy/modules/contrib/sasl.if
@@ -45,10 +45,7 @@ interface(`sasl_admin',`
allow $1 saslauthd_t:process { ptrace signal_perms };
ps_process_pattern($1, saslauthd_t)
- init_labeled_script_domtrans($1, saslauthd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 saslauthd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, saslauthd_t, saslauthd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, saslauthd_keytab_t)
diff --git a/policy/modules/contrib/sblim.if b/policy/modules/contrib/sblim.if
index 98c9e0a..00e2e69 100644
--- a/policy/modules/contrib/sblim.if
+++ b/policy/modules/contrib/sblim.if
@@ -64,10 +64,7 @@ interface(`sblim_admin',`
allow $1 sblim_domain:process { ptrace signal_perms };
ps_process_pattern($1, sblim_domain)
- init_labeled_script_domtrans($1, sblim_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sblim_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, sblim_domain, sblim_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, sblim_var_run_t)
diff --git a/policy/modules/contrib/sendmail.if b/policy/modules/contrib/sendmail.if
index 35ad2a7..d60de84 100644
--- a/policy/modules/contrib/sendmail.if
+++ b/policy/modules/contrib/sendmail.if
@@ -360,9 +360,7 @@ interface(`sendmail_admin',`
allow $1 { unconfined_sendmail_t sendmail_t }:process { ptrace signal_perms };
ps_process_pattern($1, { unconfined_sendmail_t sendmail_t })
- init_labeled_script_domtrans($1, sendmail_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sendmail_initrc_exec_t system_r;
+ init_startstop_service($1, $2, sendmail_t, sendmail_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, sendmail_keytab_t)
diff --git a/policy/modules/contrib/sensord.if b/policy/modules/contrib/sensord.if
index d204752..e58af36 100644
--- a/policy/modules/contrib/sensord.if
+++ b/policy/modules/contrib/sensord.if
@@ -25,10 +25,7 @@ interface(`sensord_admin',`
allow $1 sensord_t:process { ptrace signal_perms };
ps_process_pattern($1, sensord_t)
- init_labeled_script_domtrans($1, sensord_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sensord_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, sensord_t, sensord_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, sensord_var_run_t)
diff --git a/policy/modules/contrib/shorewall.if b/policy/modules/contrib/shorewall.if
index 1aeef8a..7bd4593 100644
--- a/policy/modules/contrib/shorewall.if
+++ b/policy/modules/contrib/shorewall.if
@@ -179,10 +179,7 @@ interface(`shorewall_admin',`
allow $1 shorewall_t:process { ptrace signal_perms };
ps_process_pattern($1, shorewall_t)
- init_labeled_script_domtrans($1, shorewall_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 shorewall_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, shorewall_t, shorewall_initrc_exec_t)
can_exec($1, shorewall_exec_t)
diff --git a/policy/modules/contrib/slpd.if b/policy/modules/contrib/slpd.if
index ca32e89..ffacc36 100644
--- a/policy/modules/contrib/slpd.if
+++ b/policy/modules/contrib/slpd.if
@@ -26,10 +26,7 @@ interface(`slpd_admin',`
allow $1 slpd_t:process { ptrace signal_perms };
ps_process_pattern($1, slpd_t)
- init_labeled_script_domtrans($1, slpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 slpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, slpd_t, slpd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, slpd_log_t)
diff --git a/policy/modules/contrib/smartmon.if b/policy/modules/contrib/smartmon.if
index e0644b5..08f4ee2 100644
--- a/policy/modules/contrib/smartmon.if
+++ b/policy/modules/contrib/smartmon.if
@@ -45,10 +45,7 @@ interface(`smartmon_admin',`
allow $1 fsdaemon_t:process { ptrace signal_perms };
ps_process_pattern($1, fsdaemon_t)
- init_labeled_script_domtrans($1, fsdaemon_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 fsdaemon_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, fsdaemon_t, fsdaemon_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, fsdaemon_tmp_t)
diff --git a/policy/modules/contrib/smokeping.if b/policy/modules/contrib/smokeping.if
index 1fa51c1..4f49c99 100644
--- a/policy/modules/contrib/smokeping.if
+++ b/policy/modules/contrib/smokeping.if
@@ -161,10 +161,7 @@ interface(`smokeping_admin',`
allow $1 smokeping_t:process { ptrace signal_perms };
ps_process_pattern($1, smokeping_t)
- smokeping_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 smokeping_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, smokeping_t, smokeping_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, smokeping_var_lib_t)
diff --git a/policy/modules/contrib/smstools.if b/policy/modules/contrib/smstools.if
index 81136f0..fc420a5 100644
--- a/policy/modules/contrib/smstools.if
+++ b/policy/modules/contrib/smstools.if
@@ -27,10 +27,7 @@ interface(`smstools_admin',`
allow $1 smsd_t:process { ptrace signal_perms };
ps_process_pattern($1, smsd_t)
- init_labeled_script_domtrans($1, smsd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 smsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, smsd_t, smsd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, smsd_conf_t)
diff --git a/policy/modules/contrib/snmp.if b/policy/modules/contrib/snmp.if
index bf78fa9..9677503 100644
--- a/policy/modules/contrib/snmp.if
+++ b/policy/modules/contrib/snmp.if
@@ -182,10 +182,7 @@ interface(`snmp_admin',`
allow $1 snmpd_t:process { ptrace signal_perms };
ps_process_pattern($1, snmpd_t)
- init_labeled_script_domtrans($1, snmpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 snmpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, snmpd_t, snmpd_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, snmpd_log_t)
diff --git a/policy/modules/contrib/snort.if b/policy/modules/contrib/snort.if
index 7d86b34..e6ae26e 100644
--- a/policy/modules/contrib/snort.if
+++ b/policy/modules/contrib/snort.if
@@ -45,10 +45,7 @@ interface(`snort_admin',`
allow $1 snort_t:process { ptrace signal_perms };
ps_process_pattern($1, snort_t)
- init_labeled_script_domtrans($1, snort_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 snort_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, snort_t, snort_initrc_exec_t)
admin_pattern($1, snort_etc_t)
files_search_etc($1)
diff --git a/policy/modules/contrib/soundserver.if b/policy/modules/contrib/soundserver.if
index a5abc5a..8dc1c0f 100644
--- a/policy/modules/contrib/soundserver.if
+++ b/policy/modules/contrib/soundserver.if
@@ -41,10 +41,7 @@ interface(`soundserver_admin',`
allow $1 soundd_t:process { ptrace signal_perms };
ps_process_pattern($1, soundd_t)
- init_labeled_script_domtrans($1, soundd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 soundd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, soundd_t, soundd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, soundd_etc_t)
diff --git a/policy/modules/contrib/spamassassin.if b/policy/modules/contrib/spamassassin.if
index 7f5a1cc..e915b5f 100644
--- a/policy/modules/contrib/spamassassin.if
+++ b/policy/modules/contrib/spamassassin.if
@@ -384,10 +384,7 @@ interface(`spamassassin_admin',`
allow $1 spamd_t:process { ptrace signal_perms };
ps_process_pattern($1, spamd_t)
- init_labeled_script_domtrans($1, spamd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 spamd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, spamd_t, spamd_initrc_exec_t)
files_list_tmp($1)
admin_pattern($1, spamd_tmp_t)
diff --git a/policy/modules/contrib/squid.if b/policy/modules/contrib/squid.if
index 5e1f053..941cedf 100644
--- a/policy/modules/contrib/squid.if
+++ b/policy/modules/contrib/squid.if
@@ -216,10 +216,7 @@ interface(`squid_admin',`
allow $1 squid_t:process { ptrace signal_perms };
ps_process_pattern($1, squid_t)
- init_labeled_script_domtrans($1, squid_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 squid_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, squid_t, squid_initrc_exec_t)
files_list_var($1)
admin_pattern($1, squid_cache_t)
diff --git a/policy/modules/contrib/sssd.if b/policy/modules/contrib/sssd.if
index a240455..e1b4cb0 100644
--- a/policy/modules/contrib/sssd.if
+++ b/policy/modules/contrib/sssd.if
@@ -342,10 +342,7 @@ interface(`sssd_admin',`
allow $1 sssd_t:process { ptrace signal_perms };
ps_process_pattern($1, sssd_t)
- sssd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 sssd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, sssd_t, sssd_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, sssd_conf_t)
diff --git a/policy/modules/contrib/svnserve.if b/policy/modules/contrib/svnserve.if
index 5cd46e9..618dccb 100644
--- a/policy/modules/contrib/svnserve.if
+++ b/policy/modules/contrib/svnserve.if
@@ -25,10 +25,7 @@ interface(`svnserve_admin',`
allow $1 svnserve_t:process { ptrace signal_perms };
ps_process_pattern($1, svnserve_t)
- init_labeled_script_domtrans($1, svnserve_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 svnserve_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, svnserve_t, svnserve_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, svnserve_var_run_t)
diff --git a/policy/modules/contrib/sysstat.if b/policy/modules/contrib/sysstat.if
index 14ae3f2..a00a0dd 100644
--- a/policy/modules/contrib/sysstat.if
+++ b/policy/modules/contrib/sysstat.if
@@ -46,10 +46,7 @@ interface(`sysstat_admin',`
allow $1 sysstat_t:process { ptrace signal_perms };
ps_process_pattern($1, sysstat_t)
- init_labeled_script_domtrans($1, sysstat_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 sysstat_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, sysstat_t, sysstat_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, sysstat_log_t)
diff --git a/policy/modules/contrib/systemtap.if b/policy/modules/contrib/systemtap.if
index d60a21e..62520b3 100644
--- a/policy/modules/contrib/systemtap.if
+++ b/policy/modules/contrib/systemtap.if
@@ -26,10 +26,7 @@ interface(`stapserver_admin',`
allow $1 stapserver_t:process { ptrace signal_perms };
ps_process_pattern($1, stapserver_t)
- init_labeled_script_domtrans($1, stapserver_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 stapserver_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, stapserver_t, stapserver_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, stapserver_conf_t)
diff --git a/policy/modules/contrib/tcsd.if b/policy/modules/contrib/tcsd.if
index b42ec1d..5140a7d 100644
--- a/policy/modules/contrib/tcsd.if
+++ b/policy/modules/contrib/tcsd.if
@@ -141,10 +141,7 @@ interface(`tcsd_admin',`
allow $1 tcsd_t:process { ptrace signal_perms };
ps_process_pattern($1, tcsd_t)
- tcsd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 tcsd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, tcsd_t, tcsd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, tcsd_var_lib_t)
diff --git a/policy/modules/contrib/tgtd.if b/policy/modules/contrib/tgtd.if
index dc5b46e..3056b2e 100644
--- a/policy/modules/contrib/tgtd.if
+++ b/policy/modules/contrib/tgtd.if
@@ -83,10 +83,7 @@ interface(`tgtd_admin',`
allow $1 tgtd_t:process { ptrace signal_perms };
ps_process_pattern($1, tgtd_t)
- init_labeled_script_domtrans($1, tgtd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 tgtd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, tgtd_t, tgtd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, tgtd_var_lib_t)
diff --git a/policy/modules/contrib/tor.if b/policy/modules/contrib/tor.if
index 61c2e07..f2fc7a7 100644
--- a/policy/modules/contrib/tor.if
+++ b/policy/modules/contrib/tor.if
@@ -45,10 +45,7 @@ interface(`tor_admin',`
allow $1 tor_t:process { ptrace signal_perms };
ps_process_pattern($1, tor_t)
- init_labeled_script_domtrans($1, tor_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 tor_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, tor_t, tor_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, tor_etc_t)
diff --git a/policy/modules/contrib/transproxy.if b/policy/modules/contrib/transproxy.if
index 81a8351..946881b 100644
--- a/policy/modules/contrib/transproxy.if
+++ b/policy/modules/contrib/transproxy.if
@@ -25,10 +25,7 @@ interface(`transproxy_admin',`
allow $1 transproxy_t:process { ptrace signal_perms };
ps_process_pattern($1, transproxy_t)
- init_labeled_script_domtrans($1, transproxy_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 transproxy_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, transproxy_t, transproxy_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, transproxy_var_run_t)
diff --git a/policy/modules/contrib/tuned.if b/policy/modules/contrib/tuned.if
index e29db63..5ca6fa5 100644
--- a/policy/modules/contrib/tuned.if
+++ b/policy/modules/contrib/tuned.if
@@ -122,10 +122,7 @@ interface(`tuned_admin',`
allow $1 tuned_t:process { ptrace signal_perms };
ps_process_pattern($1, tuned_t)
- tuned_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 tuned_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, tuned_t, tuned_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, { tuned_etc_t tuned_rw_etc_t })
diff --git a/policy/modules/contrib/ulogd.if b/policy/modules/contrib/ulogd.if
index 9b95c3e..290eb1b 100644
--- a/policy/modules/contrib/ulogd.if
+++ b/policy/modules/contrib/ulogd.if
@@ -126,10 +126,7 @@ interface(`ulogd_admin',`
allow $1 ulogd_t:process { ptrace signal_perms };
ps_process_pattern($1, ulogd_t)
- init_labeled_script_domtrans($1, ulogd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 ulogd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, ulogd_t, ulogd_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, ulogd_etc_t)
diff --git a/policy/modules/contrib/uptime.if b/policy/modules/contrib/uptime.if
index 19f4724..ce3bc3b 100644
--- a/policy/modules/contrib/uptime.if
+++ b/policy/modules/contrib/uptime.if
@@ -26,10 +26,7 @@ interface(`uptime_admin',`
allow $1 uptimed_t:process { ptrace signal_perms };
ps_process_pattern($1, uptimed_t)
- init_labeled_script_domtrans($1, uptimed_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 uptimed_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, uptimed_t, uptimed_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, uptimed_etc_t)
diff --git a/policy/modules/contrib/uucp.if b/policy/modules/contrib/uucp.if
index af9acc0..a06faaf 100644
--- a/policy/modules/contrib/uucp.if
+++ b/policy/modules/contrib/uucp.if
@@ -104,10 +104,7 @@ interface(`uucp_admin',`
type uucpd_var_run_t, uucpd_initrc_exec_t;
')
- init_labeled_script_domtrans($1, uucpd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 uucpd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, uucpd_t, uucpd_initrc_exec_t)
allow $1 uucpd_t:process { ptrace signal_perms };
ps_process_pattern($1, uucpd_t)
diff --git a/policy/modules/contrib/uuidd.if b/policy/modules/contrib/uuidd.if
index 6e48653..30f45eb 100644
--- a/policy/modules/contrib/uuidd.if
+++ b/policy/modules/contrib/uuidd.if
@@ -181,10 +181,7 @@ interface(`uuidd_admin',`
allow $1 uuidd_t:process signal_perms;
ps_process_pattern($1, uuidd_t)
- uuidd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 uuidd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, uuidd_t, uuidd_initrc_exec_t)
files_search_var_lib($1)
admin_pattern($1, uuidd_var_lib_t)
diff --git a/policy/modules/contrib/varnishd.if b/policy/modules/contrib/varnishd.if
index 1c35171..e2dc5ea 100644
--- a/policy/modules/contrib/varnishd.if
+++ b/policy/modules/contrib/varnishd.if
@@ -160,10 +160,7 @@ interface(`varnishd_admin_varnishlog',`
allow $1 varnishlog_t:process { ptrace signal_perms };
ps_process_pattern($1, varnishlog_t)
- init_labeled_script_domtrans($1, varnishlog_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 varnishlog_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, varnishlog_t, varnishlog_initrc_exec_t)
files_list_pids($1)
admin_pattern($1, varnishlog_var_run_t)
@@ -199,10 +196,7 @@ interface(`varnishd_admin',`
allow $1 varnishd_t:process { ptrace signal_perms };
ps_process_pattern($1, varnishd_t)
- init_labeled_script_domtrans($1, varnishd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 varnishd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, varnishd_t, varnishd_initrc_exec_t)
files_list_var_lib($1)
admin_pattern($1, varnishd_var_lib_t)
diff --git a/policy/modules/contrib/vdagent.if b/policy/modules/contrib/vdagent.if
index 31c752e..c4a5ed7 100644
--- a/policy/modules/contrib/vdagent.if
+++ b/policy/modules/contrib/vdagent.if
@@ -121,10 +121,7 @@ interface(`vdagent_admin',`
allow $1 vdagent_t:process signal_perms;
ps_process_pattern($1, vdagent_t)
- init_labeled_script_domtrans($1, vdagentd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 vdagentd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, vdagentd_t, vdagentd_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, vdagent_log_t)
diff --git a/policy/modules/contrib/vhostmd.if b/policy/modules/contrib/vhostmd.if
index 22edd58..3c66a92 100644
--- a/policy/modules/contrib/vhostmd.if
+++ b/policy/modules/contrib/vhostmd.if
@@ -219,10 +219,7 @@ interface(`vhostmd_admin',`
allow $1 vhostmd_t:process { ptrace signal_perms };
ps_process_pattern($1, vhostmd_t)
- vhostmd_initrc_domtrans($1)
- domain_system_change_exemption($1)
- role_transition $2 vhostmd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, vhostmd_t, vhostmd_initrc_exec_t)
fs_search_tmpfs($1)
admin_pattern($1, vhostmd_tmpfs_t)
diff --git a/policy/modules/contrib/virt.if b/policy/modules/contrib/virt.if
index 7c97c87..5b57d50 100644
--- a/policy/modules/contrib/virt.if
+++ b/policy/modules/contrib/virt.if
@@ -1176,10 +1176,7 @@ interface(`virt_admin',`
ps_process_pattern($1, { virt_domain svirt_lxc_domain virtd_t })
ps_process_pattern($1, { virtd_lxc_t virsh_t virt_bridgehelper_t virt_qmf_t })
- init_labeled_script_domtrans($1, virtd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 virtd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, virtd_t, virtd_initrc_exec_t)
fs_search_tmpfs($1)
admin_pattern($1, virt_tmpfs_type)
diff --git a/policy/modules/contrib/vnstatd.if b/policy/modules/contrib/vnstatd.if
index 137ac44..7ec9bd0 100644
--- a/policy/modules/contrib/vnstatd.if
+++ b/policy/modules/contrib/vnstatd.if
@@ -168,10 +168,7 @@ interface(`vnstatd_admin',`
allow $1 vnstatd_t:process { ptrace signal_perms };
ps_process_pattern($1, vnstatd_t)
- init_labeled_script_domtrans($1, vnstatd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 vnstatd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, vnstatd_t, vnstatd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, vnstatd_var_run_t)
diff --git a/policy/modules/contrib/watchdog.if b/policy/modules/contrib/watchdog.if
index 6461a77..b0fe922 100644
--- a/policy/modules/contrib/watchdog.if
+++ b/policy/modules/contrib/watchdog.if
@@ -26,10 +26,7 @@ interface(`watchdog_admin',`
allow $1 watchdog_t:process { ptrace signal_perms };
ps_process_pattern($1, watchdog_t)
- init_labeled_script_domtrans($1, watchdog_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 watchdog_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, watchdog_t, watchdog_initrc_exec_t)
logging_search_logs($1)
admin_pattern($1, watchdog_log_t)
diff --git a/policy/modules/contrib/wdmd.if b/policy/modules/contrib/wdmd.if
index 1e3aec0..53de648 100644
--- a/policy/modules/contrib/wdmd.if
+++ b/policy/modules/contrib/wdmd.if
@@ -45,10 +45,7 @@ interface(`wdmd_admin',`
allow $1 wdmd_t:process { ptrace signal_perms };
ps_process_pattern($1, wdmd_t)
- init_labeled_script_domtrans($1, wdmd_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 wdmd_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, wdmd_t, wdmd_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, wdmd_var_run_t)
diff --git a/policy/modules/contrib/xfs.if b/policy/modules/contrib/xfs.if
index 4570b86..1993406 100644
--- a/policy/modules/contrib/xfs.if
+++ b/policy/modules/contrib/xfs.if
@@ -84,10 +84,7 @@ interface(`xfs_admin',`
allow $1 xfs_t:process { ptrace signal_perms };
ps_process_pattern($1, xfs_t)
- init_labeled_script_domtrans($1, xfs_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 xfs_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, xfs_t, xfs_initrc_exec_t)
files_search_pids($1)
admin_pattern($1, xfs_var_run_t)
diff --git a/policy/modules/contrib/zabbix.if b/policy/modules/contrib/zabbix.if
index 29d87d7..d71bce0 100644
--- a/policy/modules/contrib/zabbix.if
+++ b/policy/modules/contrib/zabbix.if
@@ -146,10 +146,8 @@ interface(`zabbix_admin',`
allow $1 { zabbix_t zabbix_agent_t }:process { ptrace signal_perms };
ps_process_pattern($1, { zabbix_t zabbix_agent_t })
- init_labeled_script_domtrans($1, { zabbix_agent_initrc_exec_t zabbix_initrc_exec_t })
- domain_system_change_exemption($1)
- role_transition $2 { zabbix_agent_initrc_exec_t zabbix_initrc_exec_t } system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, zabbix_t, zabbix_initrc_exec_t)
+ init_startstop_service($1, $2, zabbix_agent_t, zabbix_agent_initrc_exec_t)
logging_list_logs($1)
admin_pattern($1, zabbix_log_t)
diff --git a/policy/modules/contrib/zarafa.if b/policy/modules/contrib/zarafa.if
index 83b4ca5..37a7434 100644
--- a/policy/modules/contrib/zarafa.if
+++ b/policy/modules/contrib/zarafa.if
@@ -152,10 +152,7 @@ interface(`zarafa_admin',`
allow $1 zarafa_domain:process { ptrace signal_perms };
ps_process_pattern($1, zarafa_domain)
- init_labeled_script_domtrans($1, zarafa_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 zarafa_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, zarafa_t, zarafa_initrc_exec_t)
files_search_etc($1)
admin_pattern($1, zarafa_etc_t)
diff --git a/policy/modules/contrib/zebra.if b/policy/modules/contrib/zebra.if
index 3416401..21da77a 100644
--- a/policy/modules/contrib/zebra.if
+++ b/policy/modules/contrib/zebra.if
@@ -69,10 +69,7 @@ interface(`zebra_admin',`
allow $1 zebra_t:process { ptrace signal_perms };
ps_process_pattern($1, zebra_t)
- init_labeled_script_domtrans($1, zebra_initrc_exec_t)
- domain_system_change_exemption($1)
- role_transition $2 zebra_initrc_exec_t system_r;
- allow $2 system_r;
+ init_startstop_service($1, $2, zebra_t, zebra_initrc_exec_t)
files_list_etc($1)
admin_pattern($1, zebra_conf_t)