From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/system/
Date: Thu, 16 Feb 2017 11:34:44 +0000 (UTC) [thread overview]
Message-ID: <1486307431.0daaba932bdff924e1e9bbb75d258b49ab21bb4a.perfinion@gentoo> (raw)
commit: 0daaba932bdff924e1e9bbb75d258b49ab21bb4a
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Feb 5 15:07:38 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 5 15:10:31 2017 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0daaba93
transition gentoo-specific fcontexts to /run
commit c80ffeb4cb306cebeb849844203d53c3a576bcab
Author: cgzones <cgzones <AT> googlemail.com>
Date: Sat Dec 17 04:17:52 2016
transition file contexts to /run
updated the fcontexts for upstream. this commit updates the rest of the
missing fcontexts.
policy/modules/contrib/at.fc | 2 +-
policy/modules/contrib/ceph.fc | 12 ++++++------
policy/modules/contrib/cgmanager.fc | 6 +++---
policy/modules/contrib/dirsrv.fc | 4 ++--
policy/modules/contrib/networkmanager.fc | 2 +-
policy/modules/contrib/ntp.fc | 2 +-
policy/modules/contrib/phpfpm.fc | 4 ++--
policy/modules/contrib/qemu.fc | 2 +-
policy/modules/contrib/resolvconf.fc | 2 +-
policy/modules/contrib/salt.fc | 10 +++++-----
policy/modules/contrib/subsonic.fc | 2 +-
policy/modules/contrib/uwsgi.fc | 4 +++-
policy/modules/contrib/vde.fc | 2 +-
policy/modules/system/init.fc | 2 +-
policy/modules/system/lvm.fc | 2 +-
policy/modules/system/sysnetwork.fc | 4 ++--
policy/modules/system/tmpfiles.fc | 2 +-
policy/modules/system/udev.fc | 4 ++--
18 files changed, 35 insertions(+), 33 deletions(-)
diff --git a/policy/modules/contrib/at.fc b/policy/modules/contrib/at.fc
index ba2e7a13..b3cf1863 100644
--- a/policy/modules/contrib/at.fc
+++ b/policy/modules/contrib/at.fc
@@ -3,7 +3,7 @@
/usr/bin/at -- gen_context(system_u:object_r:at_exec_t,s0)
/usr/sbin/atd -- gen_context(system_u:object_r:atd_exec_t,s0)
-/var/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0)
+/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0)
/var/spool/at(/.*)? gen_context(system_u:object_r:at_spool_t,s0)
/var/spool/at/atjobs(/.*)? gen_context(system_u:object_r:at_job_t,s0)
diff --git a/policy/modules/contrib/ceph.fc b/policy/modules/contrib/ceph.fc
index 1548b1e3..8e2e1799 100644
--- a/policy/modules/contrib/ceph.fc
+++ b/policy/modules/contrib/ceph.fc
@@ -1,7 +1,7 @@
#
# /etc
#
-/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0)
+/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0)
/etc/ceph/.*\.secret -- gen_context(system_u:object_r:ceph_key_t,s0)
/etc/ceph/.*\.keyring -- gen_context(system_u:object_r:ceph_key_t,s0)
/etc/rc\.d/init\.d/ceph.* gen_context(system_u:object_r:ceph_initrc_exec_t,s0)
@@ -23,8 +23,8 @@
/var/log/ceph(/.*)? gen_context(system_u:object_r:ceph_log_t,s0)
-/var/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0)
-/var/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0)
-/var/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0)
-/var/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
-/var/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
+/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0)
+/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0)
+/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0)
+/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
+/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
diff --git a/policy/modules/contrib/cgmanager.fc b/policy/modules/contrib/cgmanager.fc
index 17c6f882..d53e92f5 100644
--- a/policy/modules/contrib/cgmanager.fc
+++ b/policy/modules/contrib/cgmanager.fc
@@ -4,6 +4,6 @@
/sys/fs/cgroup/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_cgroup_t,s0)
-/var/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0)
-/var/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0)
-/var/run/cgmanager/fs(/.*)? <<none>>
+/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0)
+/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0)
+/run/cgmanager/fs(/.*)? <<none>>
diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc
index f7590a03..88b1a6eb 100644
--- a/policy/modules/contrib/dirsrv.fc
+++ b/policy/modules/contrib/dirsrv.fc
@@ -6,7 +6,7 @@
/var/lock/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lock_t,s0)
/var/log/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_log_t,s0)
/var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
-/var/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0)
-/var/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0)
+/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0)
+/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0)
/etc/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_config_t,s0)
diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc
index d24e9f0c..fe5f8b4c 100644
--- a/policy/modules/contrib/networkmanager.fc
+++ b/policy/modules/contrib/networkmanager.fc
@@ -44,4 +44,4 @@
/run/nm-dns-dnsmasq\.conf -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
+/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index a5a1ac6d..16428bc2 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -28,7 +28,7 @@
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0)
-/var/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0)
+/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0)
ifdef(`distro_gentoo',`
/usr/bin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc
index 51da02a9..dd00177a 100644
--- a/policy/modules/contrib/phpfpm.fc
+++ b/policy/modules/contrib/phpfpm.fc
@@ -1,5 +1,5 @@
/usr/lib(64)?/php.*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0)
-/var/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0)
+/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0)
/var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0)
-/var/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0)
+/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0)
diff --git a/policy/modules/contrib/qemu.fc b/policy/modules/contrib/qemu.fc
index cfb18ece..db9ff368 100644
--- a/policy/modules/contrib/qemu.fc
+++ b/policy/modules/contrib/qemu.fc
@@ -13,5 +13,5 @@ ifdef(`distro_gentoo',`
/var/log/qemu-ga.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0)
/var/log/qemu-ga(/.*)? -- gen_context(system_u:object_r:qemu_ga_log_t,s0)
-/var/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0)
+/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0)
')
diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc
index 7db4cb82..651bbe0a 100644
--- a/policy/modules/contrib/resolvconf.fc
+++ b/policy/modules/contrib/resolvconf.fc
@@ -4,4 +4,4 @@
/usr/sbin/resolvconf -- gen_context(system_u:object_r:resolvconf_exec_t,s0)
-/var/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0)
+/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0)
diff --git a/policy/modules/contrib/salt.fc b/policy/modules/contrib/salt.fc
index 22c2d13e..ccc8028f 100644
--- a/policy/modules/contrib/salt.fc
+++ b/policy/modules/contrib/salt.fc
@@ -16,11 +16,11 @@
/var/log/salt/master -- gen_context(system_u:object_r:salt_master_log_t,s0)
/var/log/salt/minion -- gen_context(system_u:object_r:salt_minion_log_t,s0)
-/var/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0)
-/var/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0)
-/var/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0)
-/var/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0)
-/var/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0)
+/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0)
+/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0)
+/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0)
+/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0)
+/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0)
/var/cache/salt -d gen_context(system_u:object_r:salt_cache_t,s0)
/var/cache/salt/master(/.*)? gen_context(system_u:object_r:salt_master_cache_t,s0)
diff --git a/policy/modules/contrib/subsonic.fc b/policy/modules/contrib/subsonic.fc
index b1d2550c..df15d39e 100644
--- a/policy/modules/contrib/subsonic.fc
+++ b/policy/modules/contrib/subsonic.fc
@@ -3,4 +3,4 @@
/var/lib/subsonic(/.*)? gen_context(system_u:object_r:subsonic_var_lib_t,s0)
-/var/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0)
+/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0)
diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc
index 7d2210b0..2cf031c1 100644
--- a/policy/modules/contrib/uwsgi.fc
+++ b/policy/modules/contrib/uwsgi.fc
@@ -2,8 +2,10 @@
/usr/bin/uwsgi.* -- gen_context(system_u:object_r:uwsgi_exec_t,s0)
+/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0)
+
/var/log/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_var_log_t,s0)
-/var/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0)
+
/var/www/wsgi/.*\.so -- gen_context(system_u:object_r:uwsgi_content_exec_t,s0)
/var/www/wsgi/.*/bin/.* gen_context(system_u:object_r:uwsgi_content_exec_t,s0)
/var/www/wsgi(/.*)? gen_context(system_u:object_r:uwsgi_content_t,s0)
diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc
index d449e06d..fa0b6b28 100644
--- a/policy/modules/contrib/vde.fc
+++ b/policy/modules/contrib/vde.fc
@@ -1,5 +1,5 @@
/etc/rc\.d/init\.d/vde -- gen_context(system_u:object_r:vde_initrc_exec_t,s0)
/usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0)
/usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0)
-/var/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0)
+/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0)
/tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0)
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 19a953f9..1fb15ae0 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -94,5 +94,5 @@ ifdef(`distro_gentoo',`
#
/var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0)
-/var/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
+/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
')
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
index 3fc24cc0..e50ce47a 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -101,7 +101,7 @@ ifdef(`distro_gentoo',`
ifdef(`distro_gentoo',`
# Bug 529430 comment 7
/usr/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0)
-/var/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
+/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
# Bug 529430 comment 8
/usr/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0)
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index 2c93c410..a2329a85 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -73,6 +73,6 @@ ifdef(`distro_debian',`
ifdef(`distro_gentoo',`
/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:dhcpc_script_exec_t,s0)
-/var/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-/var/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
+/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
+/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
')
diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc
index 3f9b2b88..47fd4b8c 100644
--- a/policy/modules/system/tmpfiles.fc
+++ b/policy/modules/system/tmpfiles.fc
@@ -1,6 +1,6 @@
/etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0)
-/var/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
+/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
/usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
/usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
index de646705..709d8330 100644
--- a/policy/modules/system/udev.fc
+++ b/policy/modules/system/udev.fc
@@ -49,6 +49,6 @@ ifdef(`distro_gentoo',`
/usr/lib/ConsoleKit/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0)
-/var/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
-/var/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0)
+/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
+/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0)
')
WARNING: multiple messages have this Message-ID (diff)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:usrmerge commit in: policy/modules/contrib/, policy/modules/system/
Date: Sun, 5 Feb 2017 15:13:41 +0000 (UTC) [thread overview]
Message-ID: <1486307431.0daaba932bdff924e1e9bbb75d258b49ab21bb4a.perfinion@gentoo> (raw)
Message-ID: <20170205151341.jXZYcg6cEeNzXbxY7ZvJGU5-iTN90PUMGNMHs5nlpMQ@z> (raw)
commit: 0daaba932bdff924e1e9bbb75d258b49ab21bb4a
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Feb 5 15:07:38 2017 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 5 15:10:31 2017 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0daaba93
transition gentoo-specific fcontexts to /run
commit c80ffeb4cb306cebeb849844203d53c3a576bcab
Author: cgzones <cgzones <AT> googlemail.com>
Date: Sat Dec 17 04:17:52 2016
transition file contexts to /run
updated the fcontexts for upstream. this commit updates the rest of the
missing fcontexts.
policy/modules/contrib/at.fc | 2 +-
policy/modules/contrib/ceph.fc | 12 ++++++------
policy/modules/contrib/cgmanager.fc | 6 +++---
policy/modules/contrib/dirsrv.fc | 4 ++--
policy/modules/contrib/networkmanager.fc | 2 +-
policy/modules/contrib/ntp.fc | 2 +-
policy/modules/contrib/phpfpm.fc | 4 ++--
policy/modules/contrib/qemu.fc | 2 +-
policy/modules/contrib/resolvconf.fc | 2 +-
policy/modules/contrib/salt.fc | 10 +++++-----
policy/modules/contrib/subsonic.fc | 2 +-
policy/modules/contrib/uwsgi.fc | 4 +++-
policy/modules/contrib/vde.fc | 2 +-
policy/modules/system/init.fc | 2 +-
policy/modules/system/lvm.fc | 2 +-
policy/modules/system/sysnetwork.fc | 4 ++--
policy/modules/system/tmpfiles.fc | 2 +-
policy/modules/system/udev.fc | 4 ++--
18 files changed, 35 insertions(+), 33 deletions(-)
diff --git a/policy/modules/contrib/at.fc b/policy/modules/contrib/at.fc
index ba2e7a1..b3cf186 100644
--- a/policy/modules/contrib/at.fc
+++ b/policy/modules/contrib/at.fc
@@ -3,7 +3,7 @@
/usr/bin/at -- gen_context(system_u:object_r:at_exec_t,s0)
/usr/sbin/atd -- gen_context(system_u:object_r:atd_exec_t,s0)
-/var/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0)
+/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0)
/var/spool/at(/.*)? gen_context(system_u:object_r:at_spool_t,s0)
/var/spool/at/atjobs(/.*)? gen_context(system_u:object_r:at_job_t,s0)
diff --git a/policy/modules/contrib/ceph.fc b/policy/modules/contrib/ceph.fc
index 1548b1e..8e2e179 100644
--- a/policy/modules/contrib/ceph.fc
+++ b/policy/modules/contrib/ceph.fc
@@ -1,7 +1,7 @@
#
# /etc
#
-/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0)
+/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0)
/etc/ceph/.*\.secret -- gen_context(system_u:object_r:ceph_key_t,s0)
/etc/ceph/.*\.keyring -- gen_context(system_u:object_r:ceph_key_t,s0)
/etc/rc\.d/init\.d/ceph.* gen_context(system_u:object_r:ceph_initrc_exec_t,s0)
@@ -23,8 +23,8 @@
/var/log/ceph(/.*)? gen_context(system_u:object_r:ceph_log_t,s0)
-/var/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0)
-/var/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0)
-/var/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0)
-/var/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
-/var/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
+/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0)
+/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0)
+/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0)
+/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
+/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0)
diff --git a/policy/modules/contrib/cgmanager.fc b/policy/modules/contrib/cgmanager.fc
index 17c6f88..d53e92f 100644
--- a/policy/modules/contrib/cgmanager.fc
+++ b/policy/modules/contrib/cgmanager.fc
@@ -4,6 +4,6 @@
/sys/fs/cgroup/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_cgroup_t,s0)
-/var/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0)
-/var/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0)
-/var/run/cgmanager/fs(/.*)? <<none>>
+/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0)
+/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0)
+/run/cgmanager/fs(/.*)? <<none>>
diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc
index f7590a0..88b1a6e 100644
--- a/policy/modules/contrib/dirsrv.fc
+++ b/policy/modules/contrib/dirsrv.fc
@@ -6,7 +6,7 @@
/var/lock/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lock_t,s0)
/var/log/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_log_t,s0)
/var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0)
-/var/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0)
-/var/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0)
+/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0)
+/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0)
/etc/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_config_t,s0)
diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc
index d24e9f0..fe5f8b4 100644
--- a/policy/modules/contrib/networkmanager.fc
+++ b/policy/modules/contrib/networkmanager.fc
@@ -44,4 +44,4 @@
/run/nm-dns-dnsmasq\.conf -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
+/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0)
diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index a5a1ac6..16428bc 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -28,7 +28,7 @@
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0)
-/var/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0)
+/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0)
ifdef(`distro_gentoo',`
/usr/bin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc
index 51da02a..dd00177 100644
--- a/policy/modules/contrib/phpfpm.fc
+++ b/policy/modules/contrib/phpfpm.fc
@@ -1,5 +1,5 @@
/usr/lib(64)?/php.*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0)
-/var/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0)
+/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0)
/var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0)
-/var/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0)
+/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0)
diff --git a/policy/modules/contrib/qemu.fc b/policy/modules/contrib/qemu.fc
index cfb18ec..db9ff36 100644
--- a/policy/modules/contrib/qemu.fc
+++ b/policy/modules/contrib/qemu.fc
@@ -13,5 +13,5 @@ ifdef(`distro_gentoo',`
/var/log/qemu-ga.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0)
/var/log/qemu-ga(/.*)? -- gen_context(system_u:object_r:qemu_ga_log_t,s0)
-/var/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0)
+/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0)
')
diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc
index 7db4cb8..651bbe0 100644
--- a/policy/modules/contrib/resolvconf.fc
+++ b/policy/modules/contrib/resolvconf.fc
@@ -4,4 +4,4 @@
/usr/sbin/resolvconf -- gen_context(system_u:object_r:resolvconf_exec_t,s0)
-/var/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0)
+/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0)
diff --git a/policy/modules/contrib/salt.fc b/policy/modules/contrib/salt.fc
index 22c2d13..ccc8028 100644
--- a/policy/modules/contrib/salt.fc
+++ b/policy/modules/contrib/salt.fc
@@ -16,11 +16,11 @@
/var/log/salt/master -- gen_context(system_u:object_r:salt_master_log_t,s0)
/var/log/salt/minion -- gen_context(system_u:object_r:salt_minion_log_t,s0)
-/var/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0)
-/var/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0)
-/var/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0)
-/var/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0)
-/var/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0)
+/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0)
+/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0)
+/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0)
+/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0)
+/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0)
/var/cache/salt -d gen_context(system_u:object_r:salt_cache_t,s0)
/var/cache/salt/master(/.*)? gen_context(system_u:object_r:salt_master_cache_t,s0)
diff --git a/policy/modules/contrib/subsonic.fc b/policy/modules/contrib/subsonic.fc
index b1d2550..df15d39 100644
--- a/policy/modules/contrib/subsonic.fc
+++ b/policy/modules/contrib/subsonic.fc
@@ -3,4 +3,4 @@
/var/lib/subsonic(/.*)? gen_context(system_u:object_r:subsonic_var_lib_t,s0)
-/var/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0)
+/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0)
diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc
index 7d2210b..2cf031c 100644
--- a/policy/modules/contrib/uwsgi.fc
+++ b/policy/modules/contrib/uwsgi.fc
@@ -2,8 +2,10 @@
/usr/bin/uwsgi.* -- gen_context(system_u:object_r:uwsgi_exec_t,s0)
+/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0)
+
/var/log/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_var_log_t,s0)
-/var/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0)
+
/var/www/wsgi/.*\.so -- gen_context(system_u:object_r:uwsgi_content_exec_t,s0)
/var/www/wsgi/.*/bin/.* gen_context(system_u:object_r:uwsgi_content_exec_t,s0)
/var/www/wsgi(/.*)? gen_context(system_u:object_r:uwsgi_content_t,s0)
diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc
index d449e06..fa0b6b2 100644
--- a/policy/modules/contrib/vde.fc
+++ b/policy/modules/contrib/vde.fc
@@ -1,5 +1,5 @@
/etc/rc\.d/init\.d/vde -- gen_context(system_u:object_r:vde_initrc_exec_t,s0)
/usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0)
/usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0)
-/var/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0)
+/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0)
/tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0)
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 19a953f..1fb15ae 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -94,5 +94,5 @@ ifdef(`distro_gentoo',`
#
/var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0)
-/var/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
+/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
')
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
index 3fc24cc..e50ce47 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -101,7 +101,7 @@ ifdef(`distro_gentoo',`
ifdef(`distro_gentoo',`
# Bug 529430 comment 7
/usr/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0)
-/var/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
+/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0)
# Bug 529430 comment 8
/usr/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0)
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index 2c93c41..a2329a8 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -73,6 +73,6 @@ ifdef(`distro_debian',`
ifdef(`distro_gentoo',`
/usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:dhcpc_script_exec_t,s0)
-/var/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-/var/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
+/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
+/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0)
')
diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc
index 3f9b2b8..47fd4b8 100644
--- a/policy/modules/system/tmpfiles.fc
+++ b/policy/modules/system/tmpfiles.fc
@@ -1,6 +1,6 @@
/etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0)
-/var/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
+/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
/usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
/usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
index de64670..709d833 100644
--- a/policy/modules/system/udev.fc
+++ b/policy/modules/system/udev.fc
@@ -49,6 +49,6 @@ ifdef(`distro_gentoo',`
/usr/lib/ConsoleKit/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0)
-/var/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
-/var/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0)
+/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0)
+/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0)
')
next reply other threads:[~2017-02-16 11:35 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-16 11:34 Jason Zaman [this message]
2017-02-05 15:13 ` [gentoo-commits] proj/hardened-refpolicy:usrmerge commit in: policy/modules/contrib/, policy/modules/system/ Jason Zaman
-- strict thread matches above, loose matches on Subject: below --
2017-05-07 17:41 [gentoo-commits] proj/hardened-refpolicy:master " Jason Zaman
2016-12-06 12:26 Jason Zaman
2014-07-15 16:16 Sven Vermeulen
2014-06-25 19:59 Sven Vermeulen
2013-12-17 8:52 Sven Vermeulen
2013-02-11 19:52 Sven Vermeulen
2012-12-31 23:19 Sven Vermeulen
2012-12-08 12:41 Sven Vermeulen
2012-12-08 12:40 Sven Vermeulen
2012-12-07 17:28 Sven Vermeulen
2012-11-12 21:30 Sven Vermeulen
2012-10-29 18:41 Sven Vermeulen
2012-08-29 18:48 Sven Vermeulen
2012-08-15 13:03 Sven Vermeulen
2012-08-08 19:37 Sven Vermeulen
2012-07-24 9:24 Sven Vermeulen
2012-07-17 17:15 Sven Vermeulen
2012-07-12 20:02 Sven Vermeulen
2012-06-27 19:12 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1486307431.0daaba932bdff924e1e9bbb75d258b49ab21bb4a.perfinion@gentoo \
--to=perfinion@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox