From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 364CE139694 for ; Thu, 16 Feb 2017 11:35:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 633EB21C073; Thu, 16 Feb 2017 11:34:58 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 325F221C073 for ; Thu, 16 Feb 2017 11:34:53 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 05C4B3413AA for ; Thu, 16 Feb 2017 11:34:47 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 0A1F649C8 for ; Thu, 16 Feb 2017 11:34:44 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1486307431.0daaba932bdff924e1e9bbb75d258b49ab21bb4a.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/contrib/, policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/at.fc policy/modules/contrib/ceph.fc policy/modules/contrib/cgmanager.fc policy/modules/contrib/dirsrv.fc policy/modules/contrib/networkmanager.fc policy/modules/contrib/ntp.fc policy/modules/contrib/phpfpm.fc policy/modules/contrib/qemu.fc policy/modules/contrib/resolvconf.fc policy/modules/contrib/salt.fc policy/modules/contrib/subsonic.fc policy/modules/contrib/uwsgi.fc policy/modules/contrib/vde.fc policy/modules/system/init.fc policy/modules/system/lvm.fc policy/modules/system/sysnetwork.fc policy/modules/system/tmpfiles.fc policy/modules/system/udev.fc X-VCS-Directories: policy/modules/contrib/ policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 0daaba932bdff924e1e9bbb75d258b49ab21bb4a X-VCS-Branch: master Date: Thu, 16 Feb 2017 11:34:44 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 94c45bbe-4c40-426e-b46c-2ad9a24fafdc X-Archives-Hash: 1107d1747c0dd0a9deab9a448269fc67 commit: 0daaba932bdff924e1e9bbb75d258b49ab21bb4a Author: Jason Zaman perfinion com> AuthorDate: Sun Feb 5 15:07:38 2017 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Feb 5 15:10:31 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0daaba93 transition gentoo-specific fcontexts to /run commit c80ffeb4cb306cebeb849844203d53c3a576bcab Author: cgzones googlemail.com> Date: Sat Dec 17 04:17:52 2016 transition file contexts to /run updated the fcontexts for upstream. this commit updates the rest of the missing fcontexts. policy/modules/contrib/at.fc | 2 +- policy/modules/contrib/ceph.fc | 12 ++++++------ policy/modules/contrib/cgmanager.fc | 6 +++--- policy/modules/contrib/dirsrv.fc | 4 ++-- policy/modules/contrib/networkmanager.fc | 2 +- policy/modules/contrib/ntp.fc | 2 +- policy/modules/contrib/phpfpm.fc | 4 ++-- policy/modules/contrib/qemu.fc | 2 +- policy/modules/contrib/resolvconf.fc | 2 +- policy/modules/contrib/salt.fc | 10 +++++----- policy/modules/contrib/subsonic.fc | 2 +- policy/modules/contrib/uwsgi.fc | 4 +++- policy/modules/contrib/vde.fc | 2 +- policy/modules/system/init.fc | 2 +- policy/modules/system/lvm.fc | 2 +- policy/modules/system/sysnetwork.fc | 4 ++-- policy/modules/system/tmpfiles.fc | 2 +- policy/modules/system/udev.fc | 4 ++-- 18 files changed, 35 insertions(+), 33 deletions(-) diff --git a/policy/modules/contrib/at.fc b/policy/modules/contrib/at.fc index ba2e7a13..b3cf1863 100644 --- a/policy/modules/contrib/at.fc +++ b/policy/modules/contrib/at.fc @@ -3,7 +3,7 @@ /usr/bin/at -- gen_context(system_u:object_r:at_exec_t,s0) /usr/sbin/atd -- gen_context(system_u:object_r:atd_exec_t,s0) -/var/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0) +/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0) /var/spool/at(/.*)? gen_context(system_u:object_r:at_spool_t,s0) /var/spool/at/atjobs(/.*)? gen_context(system_u:object_r:at_job_t,s0) diff --git a/policy/modules/contrib/ceph.fc b/policy/modules/contrib/ceph.fc index 1548b1e3..8e2e1799 100644 --- a/policy/modules/contrib/ceph.fc +++ b/policy/modules/contrib/ceph.fc @@ -1,7 +1,7 @@ # # /etc # -/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0) +/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0) /etc/ceph/.*\.secret -- gen_context(system_u:object_r:ceph_key_t,s0) /etc/ceph/.*\.keyring -- gen_context(system_u:object_r:ceph_key_t,s0) /etc/rc\.d/init\.d/ceph.* gen_context(system_u:object_r:ceph_initrc_exec_t,s0) @@ -23,8 +23,8 @@ /var/log/ceph(/.*)? gen_context(system_u:object_r:ceph_log_t,s0) -/var/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0) -/var/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0) -/var/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0) -/var/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0) -/var/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0) +/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0) +/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0) +/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0) +/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0) +/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0) diff --git a/policy/modules/contrib/cgmanager.fc b/policy/modules/contrib/cgmanager.fc index 17c6f882..d53e92f5 100644 --- a/policy/modules/contrib/cgmanager.fc +++ b/policy/modules/contrib/cgmanager.fc @@ -4,6 +4,6 @@ /sys/fs/cgroup/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_cgroup_t,s0) -/var/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0) -/var/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0) -/var/run/cgmanager/fs(/.*)? <> +/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0) +/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0) +/run/cgmanager/fs(/.*)? <> diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc index f7590a03..88b1a6eb 100644 --- a/policy/modules/contrib/dirsrv.fc +++ b/policy/modules/contrib/dirsrv.fc @@ -6,7 +6,7 @@ /var/lock/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lock_t,s0) /var/log/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_log_t,s0) /var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0) -/var/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0) -/var/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) +/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0) +/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) /etc/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_config_t,s0) diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc index d24e9f0c..fe5f8b4c 100644 --- a/policy/modules/contrib/networkmanager.fc +++ b/policy/modules/contrib/networkmanager.fc @@ -44,4 +44,4 @@ /run/nm-dns-dnsmasq\.conf -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0) -/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0) +/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0) diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc index a5a1ac6d..16428bc2 100644 --- a/policy/modules/contrib/ntp.fc +++ b/policy/modules/contrib/ntp.fc @@ -28,7 +28,7 @@ /var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0) /run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0) -/var/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0) +/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0) ifdef(`distro_gentoo',` /usr/bin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0) diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc index 51da02a9..dd00177a 100644 --- a/policy/modules/contrib/phpfpm.fc +++ b/policy/modules/contrib/phpfpm.fc @@ -1,5 +1,5 @@ /usr/lib(64)?/php.*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0) -/var/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0) +/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0) /var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0) -/var/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0) +/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0) diff --git a/policy/modules/contrib/qemu.fc b/policy/modules/contrib/qemu.fc index cfb18ece..db9ff368 100644 --- a/policy/modules/contrib/qemu.fc +++ b/policy/modules/contrib/qemu.fc @@ -13,5 +13,5 @@ ifdef(`distro_gentoo',` /var/log/qemu-ga.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0) /var/log/qemu-ga(/.*)? -- gen_context(system_u:object_r:qemu_ga_log_t,s0) -/var/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) +/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) ') diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc index 7db4cb82..651bbe0a 100644 --- a/policy/modules/contrib/resolvconf.fc +++ b/policy/modules/contrib/resolvconf.fc @@ -4,4 +4,4 @@ /usr/sbin/resolvconf -- gen_context(system_u:object_r:resolvconf_exec_t,s0) -/var/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0) +/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0) diff --git a/policy/modules/contrib/salt.fc b/policy/modules/contrib/salt.fc index 22c2d13e..ccc8028f 100644 --- a/policy/modules/contrib/salt.fc +++ b/policy/modules/contrib/salt.fc @@ -16,11 +16,11 @@ /var/log/salt/master -- gen_context(system_u:object_r:salt_master_log_t,s0) /var/log/salt/minion -- gen_context(system_u:object_r:salt_minion_log_t,s0) -/var/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0) -/var/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0) -/var/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0) -/var/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0) -/var/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0) +/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0) +/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0) +/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0) +/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0) +/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0) /var/cache/salt -d gen_context(system_u:object_r:salt_cache_t,s0) /var/cache/salt/master(/.*)? gen_context(system_u:object_r:salt_master_cache_t,s0) diff --git a/policy/modules/contrib/subsonic.fc b/policy/modules/contrib/subsonic.fc index b1d2550c..df15d39e 100644 --- a/policy/modules/contrib/subsonic.fc +++ b/policy/modules/contrib/subsonic.fc @@ -3,4 +3,4 @@ /var/lib/subsonic(/.*)? gen_context(system_u:object_r:subsonic_var_lib_t,s0) -/var/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0) +/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0) diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc index 7d2210b0..2cf031c1 100644 --- a/policy/modules/contrib/uwsgi.fc +++ b/policy/modules/contrib/uwsgi.fc @@ -2,8 +2,10 @@ /usr/bin/uwsgi.* -- gen_context(system_u:object_r:uwsgi_exec_t,s0) +/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0) + /var/log/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_var_log_t,s0) -/var/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0) + /var/www/wsgi/.*\.so -- gen_context(system_u:object_r:uwsgi_content_exec_t,s0) /var/www/wsgi/.*/bin/.* gen_context(system_u:object_r:uwsgi_content_exec_t,s0) /var/www/wsgi(/.*)? gen_context(system_u:object_r:uwsgi_content_t,s0) diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc index d449e06d..fa0b6b28 100644 --- a/policy/modules/contrib/vde.fc +++ b/policy/modules/contrib/vde.fc @@ -1,5 +1,5 @@ /etc/rc\.d/init\.d/vde -- gen_context(system_u:object_r:vde_initrc_exec_t,s0) /usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0) /usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0) -/var/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0) +/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0) /tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 19a953f9..1fb15ae0 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -94,5 +94,5 @@ ifdef(`distro_gentoo',` # /var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0) -/var/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) +/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) ') diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index 3fc24cc0..e50ce47a 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -101,7 +101,7 @@ ifdef(`distro_gentoo',` ifdef(`distro_gentoo',` # Bug 529430 comment 7 /usr/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0) -/var/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0) +/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0) # Bug 529430 comment 8 /usr/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0) diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc index 2c93c410..a2329a85 100644 --- a/policy/modules/system/sysnetwork.fc +++ b/policy/modules/system/sysnetwork.fc @@ -73,6 +73,6 @@ ifdef(`distro_debian',` ifdef(`distro_gentoo',` /usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:dhcpc_script_exec_t,s0) -/var/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) -/var/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) ') diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc index 3f9b2b88..47fd4b8c 100644 --- a/policy/modules/system/tmpfiles.fc +++ b/policy/modules/system/tmpfiles.fc @@ -1,6 +1,6 @@ /etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0) -/var/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0) +/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0) /usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) /usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc index de646705..709d8330 100644 --- a/policy/modules/system/udev.fc +++ b/policy/modules/system/udev.fc @@ -49,6 +49,6 @@ ifdef(`distro_gentoo',` /usr/lib/ConsoleKit/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0) -/var/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0) -/var/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0) +/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0) +/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0) ') From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 79F5F139085 for ; Sun, 5 Feb 2017 15:13:51 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B060821C038; Sun, 5 Feb 2017 15:13:45 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8030E21C038 for ; Sun, 5 Feb 2017 15:13:45 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id A6822341142 for ; Sun, 5 Feb 2017 15:13:44 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D80593DC9 for ; Sun, 5 Feb 2017 15:13:41 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1486307431.0daaba932bdff924e1e9bbb75d258b49ab21bb4a.perfinion@gentoo> Subject: [gentoo-commits] proj/hardened-refpolicy:usrmerge commit in: policy/modules/contrib/, policy/modules/system/ X-VCS-Repository: proj/hardened-refpolicy X-VCS-Files: policy/modules/contrib/at.fc policy/modules/contrib/ceph.fc policy/modules/contrib/cgmanager.fc policy/modules/contrib/dirsrv.fc policy/modules/contrib/networkmanager.fc policy/modules/contrib/ntp.fc policy/modules/contrib/phpfpm.fc policy/modules/contrib/qemu.fc policy/modules/contrib/resolvconf.fc policy/modules/contrib/salt.fc policy/modules/contrib/subsonic.fc policy/modules/contrib/uwsgi.fc policy/modules/contrib/vde.fc policy/modules/system/init.fc policy/modules/system/lvm.fc policy/modules/system/sysnetwork.fc policy/modules/system/tmpfiles.fc policy/modules/system/udev.fc X-VCS-Directories: policy/modules/contrib/ policy/modules/system/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: 0daaba932bdff924e1e9bbb75d258b49ab21bb4a X-VCS-Branch: usrmerge Date: Sun, 5 Feb 2017 15:13:41 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 29a37cf2-c813-432a-9fe4-8e4c9bcbcff7 X-Archives-Hash: 37b63f9018ec89678f1184a464a05e81 Message-ID: <20170205151341.jXZYcg6cEeNzXbxY7ZvJGU5-iTN90PUMGNMHs5nlpMQ@z> commit: 0daaba932bdff924e1e9bbb75d258b49ab21bb4a Author: Jason Zaman perfinion com> AuthorDate: Sun Feb 5 15:07:38 2017 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Feb 5 15:10:31 2017 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=0daaba93 transition gentoo-specific fcontexts to /run commit c80ffeb4cb306cebeb849844203d53c3a576bcab Author: cgzones googlemail.com> Date: Sat Dec 17 04:17:52 2016 transition file contexts to /run updated the fcontexts for upstream. this commit updates the rest of the missing fcontexts. policy/modules/contrib/at.fc | 2 +- policy/modules/contrib/ceph.fc | 12 ++++++------ policy/modules/contrib/cgmanager.fc | 6 +++--- policy/modules/contrib/dirsrv.fc | 4 ++-- policy/modules/contrib/networkmanager.fc | 2 +- policy/modules/contrib/ntp.fc | 2 +- policy/modules/contrib/phpfpm.fc | 4 ++-- policy/modules/contrib/qemu.fc | 2 +- policy/modules/contrib/resolvconf.fc | 2 +- policy/modules/contrib/salt.fc | 10 +++++----- policy/modules/contrib/subsonic.fc | 2 +- policy/modules/contrib/uwsgi.fc | 4 +++- policy/modules/contrib/vde.fc | 2 +- policy/modules/system/init.fc | 2 +- policy/modules/system/lvm.fc | 2 +- policy/modules/system/sysnetwork.fc | 4 ++-- policy/modules/system/tmpfiles.fc | 2 +- policy/modules/system/udev.fc | 4 ++-- 18 files changed, 35 insertions(+), 33 deletions(-) diff --git a/policy/modules/contrib/at.fc b/policy/modules/contrib/at.fc index ba2e7a1..b3cf186 100644 --- a/policy/modules/contrib/at.fc +++ b/policy/modules/contrib/at.fc @@ -3,7 +3,7 @@ /usr/bin/at -- gen_context(system_u:object_r:at_exec_t,s0) /usr/sbin/atd -- gen_context(system_u:object_r:atd_exec_t,s0) -/var/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0) +/run/atd\.pid -- gen_context(system_u:object_r:atd_var_run_t,s0) /var/spool/at(/.*)? gen_context(system_u:object_r:at_spool_t,s0) /var/spool/at/atjobs(/.*)? gen_context(system_u:object_r:at_job_t,s0) diff --git a/policy/modules/contrib/ceph.fc b/policy/modules/contrib/ceph.fc index 1548b1e..8e2e179 100644 --- a/policy/modules/contrib/ceph.fc +++ b/policy/modules/contrib/ceph.fc @@ -1,7 +1,7 @@ # # /etc # -/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0) +/etc/ceph(/.*)? gen_context(system_u:object_r:ceph_conf_t,s0) /etc/ceph/.*\.secret -- gen_context(system_u:object_r:ceph_key_t,s0) /etc/ceph/.*\.keyring -- gen_context(system_u:object_r:ceph_key_t,s0) /etc/rc\.d/init\.d/ceph.* gen_context(system_u:object_r:ceph_initrc_exec_t,s0) @@ -23,8 +23,8 @@ /var/log/ceph(/.*)? gen_context(system_u:object_r:ceph_log_t,s0) -/var/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0) -/var/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0) -/var/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0) -/var/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0) -/var/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0) +/run/ceph -d gen_context(system_u:object_r:ceph_var_run_t,s0) +/run/ceph/ceph-osd.* gen_context(system_u:object_r:ceph_osd_var_run_t,s0) +/run/ceph/ceph-mon.* gen_context(system_u:object_r:ceph_mon_var_run_t,s0) +/run/ceph/ceph-mds.* gen_context(system_u:object_r:ceph_mds_var_run_t,s0) +/run/ceph/mds.* -- gen_context(system_u:object_r:ceph_mds_var_run_t,s0) diff --git a/policy/modules/contrib/cgmanager.fc b/policy/modules/contrib/cgmanager.fc index 17c6f88..d53e92f 100644 --- a/policy/modules/contrib/cgmanager.fc +++ b/policy/modules/contrib/cgmanager.fc @@ -4,6 +4,6 @@ /sys/fs/cgroup/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_cgroup_t,s0) -/var/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0) -/var/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0) -/var/run/cgmanager/fs(/.*)? <> +/run/cgmanager(/.*)? gen_context(system_u:object_r:cgmanager_run_t,s0) +/run/cgmanager.pid gen_context(system_u:object_r:cgmanager_run_t,s0) +/run/cgmanager/fs(/.*)? <> diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc index f7590a0..88b1a6e 100644 --- a/policy/modules/contrib/dirsrv.fc +++ b/policy/modules/contrib/dirsrv.fc @@ -6,7 +6,7 @@ /var/lock/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lock_t,s0) /var/log/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_log_t,s0) /var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0) -/var/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0) -/var/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) +/run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_run_t,s0) +/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_var_run_t,s0) /etc/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_config_t,s0) diff --git a/policy/modules/contrib/networkmanager.fc b/policy/modules/contrib/networkmanager.fc index d24e9f0..fe5f8b4 100644 --- a/policy/modules/contrib/networkmanager.fc +++ b/policy/modules/contrib/networkmanager.fc @@ -44,4 +44,4 @@ /run/nm-dns-dnsmasq\.conf -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0) -/var/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0) +/run/wpa_cli-.* -- gen_context(system_u:object_r:wpa_cli_var_run_t,s0) diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc index a5a1ac6..16428bc 100644 --- a/policy/modules/contrib/ntp.fc +++ b/policy/modules/contrib/ntp.fc @@ -28,7 +28,7 @@ /var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0) /run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0) -/var/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0) +/run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_var_run_t,s0) ifdef(`distro_gentoo',` /usr/bin/sntp -- gen_context(system_u:object_r:ntpdate_exec_t,s0) diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc index 51da02a..dd00177 100644 --- a/policy/modules/contrib/phpfpm.fc +++ b/policy/modules/contrib/phpfpm.fc @@ -1,5 +1,5 @@ /usr/lib(64)?/php.*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0) -/var/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0) +/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_var_run_t,s0) /var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0) -/var/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0) +/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_var_run_t,s0) diff --git a/policy/modules/contrib/qemu.fc b/policy/modules/contrib/qemu.fc index cfb18ec..db9ff36 100644 --- a/policy/modules/contrib/qemu.fc +++ b/policy/modules/contrib/qemu.fc @@ -13,5 +13,5 @@ ifdef(`distro_gentoo',` /var/log/qemu-ga.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0) /var/log/qemu-ga(/.*)? -- gen_context(system_u:object_r:qemu_ga_log_t,s0) -/var/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) +/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) ') diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc index 7db4cb8..651bbe0 100644 --- a/policy/modules/contrib/resolvconf.fc +++ b/policy/modules/contrib/resolvconf.fc @@ -4,4 +4,4 @@ /usr/sbin/resolvconf -- gen_context(system_u:object_r:resolvconf_exec_t,s0) -/var/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0) +/run/resolvconf(/.*)? gen_context(system_u:object_r:resolvconf_var_run_t,s0) diff --git a/policy/modules/contrib/salt.fc b/policy/modules/contrib/salt.fc index 22c2d13..ccc8028 100644 --- a/policy/modules/contrib/salt.fc +++ b/policy/modules/contrib/salt.fc @@ -16,11 +16,11 @@ /var/log/salt/master -- gen_context(system_u:object_r:salt_master_log_t,s0) /var/log/salt/minion -- gen_context(system_u:object_r:salt_minion_log_t,s0) -/var/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0) -/var/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0) -/var/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0) -/var/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0) -/var/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0) +/run/salt -d gen_context(system_u:object_r:salt_var_run_t,s0) +/run/salt/master(/.*)? gen_context(system_u:object_r:salt_master_var_run_t,s0) +/run/salt/minion(/.*)? gen_context(system_u:object_r:salt_minion_var_run_t,s0) +/run/salt-master\.pid -- gen_context(system_u:object_r:salt_master_var_run_t,s0) +/run/salt-minion\.pid -- gen_context(system_u:object_r:salt_minion_var_run_t,s0) /var/cache/salt -d gen_context(system_u:object_r:salt_cache_t,s0) /var/cache/salt/master(/.*)? gen_context(system_u:object_r:salt_master_cache_t,s0) diff --git a/policy/modules/contrib/subsonic.fc b/policy/modules/contrib/subsonic.fc index b1d2550..df15d39 100644 --- a/policy/modules/contrib/subsonic.fc +++ b/policy/modules/contrib/subsonic.fc @@ -3,4 +3,4 @@ /var/lib/subsonic(/.*)? gen_context(system_u:object_r:subsonic_var_lib_t,s0) -/var/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0) +/run/subsonic(/.*)? gen_context(system_u:object_r:subsonic_run_t,s0) diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc index 7d2210b..2cf031c 100644 --- a/policy/modules/contrib/uwsgi.fc +++ b/policy/modules/contrib/uwsgi.fc @@ -2,8 +2,10 @@ /usr/bin/uwsgi.* -- gen_context(system_u:object_r:uwsgi_exec_t,s0) +/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0) + /var/log/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_var_log_t,s0) -/var/run/uwsgi(/.*)? gen_context(system_u:object_r:uwsgi_run_t,s0) + /var/www/wsgi/.*\.so -- gen_context(system_u:object_r:uwsgi_content_exec_t,s0) /var/www/wsgi/.*/bin/.* gen_context(system_u:object_r:uwsgi_content_exec_t,s0) /var/www/wsgi(/.*)? gen_context(system_u:object_r:uwsgi_content_t,s0) diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc index d449e06..fa0b6b2 100644 --- a/policy/modules/contrib/vde.fc +++ b/policy/modules/contrib/vde.fc @@ -1,5 +1,5 @@ /etc/rc\.d/init\.d/vde -- gen_context(system_u:object_r:vde_initrc_exec_t,s0) /usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0) /usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0) -/var/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0) +/run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_var_run_t,s0) /tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0) diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 19a953f..1fb15ae 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -94,5 +94,5 @@ ifdef(`distro_gentoo',` # /var/lib/ip6?tables(/.*)? gen_context(system_u:object_r:initrc_tmp_t,s0) -/var/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) +/run/openrc(/.*)? gen_context(system_u:object_r:initrc_state_t,s0) ') diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index 3fc24cc..e50ce47 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -101,7 +101,7 @@ ifdef(`distro_gentoo',` ifdef(`distro_gentoo',` # Bug 529430 comment 7 /usr/sbin/lvmetad -- gen_context(system_u:object_r:lvm_exec_t,s0) -/var/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0) +/run/lvm(/.*)? gen_context(system_u:object_r:lvm_var_run_t,s0) # Bug 529430 comment 8 /usr/sbin/dmeventd -- gen_context(system_u:object_r:lvm_exec_t,s0) diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc index 2c93c41..a2329a8 100644 --- a/policy/modules/system/sysnetwork.fc +++ b/policy/modules/system/sysnetwork.fc @@ -73,6 +73,6 @@ ifdef(`distro_debian',` ifdef(`distro_gentoo',` /usr/lib/dhcpcd/dhcpcd-run-hooks -- gen_context(system_u:object_r:dhcpc_script_exec_t,s0) -/var/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) -/var/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/run/dhcpcd\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/run/dhcpcd\.unpriv\.sock -s gen_context(system_u:object_r:dhcpc_var_run_t,s0) ') diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc index 3f9b2b8..47fd4b8 100644 --- a/policy/modules/system/tmpfiles.fc +++ b/policy/modules/system/tmpfiles.fc @@ -1,6 +1,6 @@ /etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0) -/var/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0) +/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_var_run_t,s0) /usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) /usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc index de64670..709d833 100644 --- a/policy/modules/system/udev.fc +++ b/policy/modules/system/udev.fc @@ -49,6 +49,6 @@ ifdef(`distro_gentoo',` /usr/lib/ConsoleKit/udev-acl -- gen_context(system_u:object_r:udev_exec_t,s0) -/var/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0) -/var/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0) +/run/udev/rules\.d(/.*)? gen_context(system_u:object_r:udev_rules_t,s0) +/run/udev/data(/.*)? gen_context(system_u:object_r:udev_tbl_t,s0) ')