[refpolicy] [PATCH v4 1/2] Use substititions for /usr/local/lib and /etc/init.d

All of lore.kernel.org
 help / color / mirror / Atom feed

* [refpolicy] [PATCH v4 1/2] Use substititions for /usr/local/lib and /etc/init.d
@ 2012-08-15 14:12 Sven Vermeulen
  2012-08-15 15:47 ` Christopher J. PeBenito
  0 siblings, 1 reply; 2+ messages in thread
From: Sven Vermeulen @ 2012-08-15 14:12 UTC (permalink / raw)
  To: refpolicy

Introduce the substitutions for the /usr/local/lib* locations (towards /usr/lib)
and /etc/init.d (towards /etc/rc.d/init.d).

Update the file contexts of the translated locations.

Rebased (collided with Guido's patch for commenting within the
file_contexts.subs_dist file) since v3.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 config/file_contexts.subs_dist        |    4 ++++
 policy/modules/kernel/corecommands.fc |    3 ---
 policy/modules/kernel/files.fc        |    2 +-
 policy/modules/services/xserver.fc    |    4 ++--
 policy/modules/system/init.fc         |    2 --
 policy/modules/system/ipsec.fc        |    5 -----
 policy/modules/system/libraries.fc    |    1 -
 7 files changed, 7 insertions(+), 14 deletions(-)

diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
index a31a721..70083d7 100644
--- a/config/file_contexts.subs_dist
+++ b/config/file_contexts.subs_dist
@@ -8,10 +8,14 @@
 # It does not perform substitutions as done by sed(1), for
 # example, but aliasing.
 # 
+/etc/init.d /etc/rc.d/init.d
 /lib32 /lib
 /lib64 /lib
 /run /var/run
 /run/lock /var/lock
 /usr/lib32 /usr/lib
 /usr/lib64 /usr/lib
+/usr/local/lib32 /usr/lib
+/usr/local/lib64 /usr/lib
+/usr/local/lib/ /usr/lib/
 /var/run/lock /var/lock
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 16b3f1b..9020aa1 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -66,8 +66,6 @@ ifdef(`distro_redhat',`
 /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
 /etc/hotplug\.d/default/default.*	gen_context(system_u:object_r:bin_t,s0)
 
-/etc/init\.d/functions		--	gen_context(system_u:object_r:bin_t,s0)
-
 /etc/kde/env(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /etc/kde/shutdown(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 
@@ -257,7 +255,6 @@ ifdef(`distro_gentoo',`
 
 /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
 
-/usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
 /usr/local/Brother(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/local/Printer(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/local/linuxprinter/filters(/.*)?	gen_context(system_u:object_r:bin_t,s0)
diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index 8796ca3..1975fc4 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -84,7 +84,7 @@ ifdef(`distro_redhat',`
 
 ifdef(`distro_suse',`
 /etc/defkeymap\.map	--	gen_context(system_u:object_r:etc_runtime_t,s0)
-/etc/init\.d/\.depend.*	--	gen_context(system_u:object_r:etc_runtime_t,s0)
+/etc/rc\.d/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
 ')
 
 #
diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
index fc86b7c..be8f670 100644
--- a/policy/modules/services/xserver.fc
+++ b/policy/modules/services/xserver.fc
@@ -22,13 +22,13 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
 /etc/gdm/PreSession/.*	--	gen_context(system_u:object_r:xsession_exec_t,s0)
 /etc/gdm/Xsession	--	gen_context(system_u:object_r:xsession_exec_t,s0)
 
-/etc/init\.d/xfree86-common --	gen_context(system_u:object_r:xserver_exec_t,s0)
-
 /etc/kde[34]?/kdm/Xstartup --	gen_context(system_u:object_r:xsession_exec_t,s0)
 /etc/kde[34]?/kdm/Xreset --	gen_context(system_u:object_r:xsession_exec_t,s0)
 /etc/kde[34]?/kdm/Xsession --	gen_context(system_u:object_r:xsession_exec_t,s0)
 /etc/kde[34]?/kdm/backgroundrc	gen_context(system_u:object_r:xdm_var_run_t,s0)
 
+/etc/rc\.d/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)
+
 /etc/X11/[wx]dm/Xreset.* --	gen_context(system_u:object_r:xsession_exec_t,s0)
 /etc/X11/[wxg]dm/Xsession --	gen_context(system_u:object_r:xsession_exec_t,s0)
 /etc/X11/wdm(/.*)?		gen_context(system_u:object_r:xdm_rw_etc_t,s0)
diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index d2e40b8..03e27db 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -1,8 +1,6 @@
 #
 # /etc
 #
-/etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
-
 /etc/rc\.d/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
 /etc/rc\.d/rc\.[^/]+	--	gen_context(system_u:object_r:initrc_exec_t,s0)
 
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
index ec85acb..662e79b 100644
--- a/policy/modules/system/ipsec.fc
+++ b/policy/modules/system/ipsec.fc
@@ -27,11 +27,6 @@
 /usr/libexec/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
 /usr/libexec/nm-openswan-service -- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
 
-/usr/local/lib(64)?/ipsec/eroute --	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/pluto --	gen_context(system_u:object_r:ipsec_exec_t,s0)
-/usr/local/lib(64)?/ipsec/spi	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
-
 /usr/sbin/ipsec			-- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
 /usr/sbin/racoon		--	gen_context(system_u:object_r:racoon_exec_t,s0)
 /usr/sbin/setkey		--	gen_context(system_u:object_r:setkey_exec_t,s0)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index ef8bbaf..f302477 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -242,7 +242,6 @@ HOME_DIR/.*/plugins/nppdf\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_
 /usr/lib.*/libmpg123\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/local(/.*)?/libmpg123\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/usr/local/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 HOME_DIR/.*/plugins/nppdf\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 HOME_DIR/.mozilla/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
-- 
1.7.8.6

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* [refpolicy] [PATCH v4 1/2] Use substititions for /usr/local/lib and /etc/init.d
  2012-08-15 14:12 [refpolicy] [PATCH v4 1/2] Use substititions for /usr/local/lib and /etc/init.d Sven Vermeulen
@ 2012-08-15 15:47 ` Christopher J. PeBenito
  0 siblings, 0 replies; 2+ messages in thread
From: Christopher J. PeBenito @ 2012-08-15 15:47 UTC (permalink / raw)
  To: refpolicy

On 08/15/12 10:12, Sven Vermeulen wrote:
> Introduce the substitutions for the /usr/local/lib* locations (towards /usr/lib)
> and /etc/init.d (towards /etc/rc.d/init.d).
> 
> Update the file contexts of the translated locations.
> 
> Rebased (collided with Guido's patch for commenting within the
> file_contexts.subs_dist file) since v3.

Merged.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  config/file_contexts.subs_dist        |    4 ++++
>  policy/modules/kernel/corecommands.fc |    3 ---
>  policy/modules/kernel/files.fc        |    2 +-
>  policy/modules/services/xserver.fc    |    4 ++--
>  policy/modules/system/init.fc         |    2 --
>  policy/modules/system/ipsec.fc        |    5 -----
>  policy/modules/system/libraries.fc    |    1 -
>  7 files changed, 7 insertions(+), 14 deletions(-)
> 
> diff --git a/config/file_contexts.subs_dist b/config/file_contexts.subs_dist
> index a31a721..70083d7 100644
> --- a/config/file_contexts.subs_dist
> +++ b/config/file_contexts.subs_dist
> @@ -8,10 +8,14 @@
>  # It does not perform substitutions as done by sed(1), for
>  # example, but aliasing.
>  # 
> +/etc/init.d /etc/rc.d/init.d
>  /lib32 /lib
>  /lib64 /lib
>  /run /var/run
>  /run/lock /var/lock
>  /usr/lib32 /usr/lib
>  /usr/lib64 /usr/lib
> +/usr/local/lib32 /usr/lib
> +/usr/local/lib64 /usr/lib
> +/usr/local/lib/ /usr/lib/
>  /var/run/lock /var/lock
> diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
> index 16b3f1b..9020aa1 100644
> --- a/policy/modules/kernel/corecommands.fc
> +++ b/policy/modules/kernel/corecommands.fc
> @@ -66,8 +66,6 @@ ifdef(`distro_redhat',`
>  /etc/hotplug/hotplug\.functions --	gen_context(system_u:object_r:bin_t,s0)
>  /etc/hotplug\.d/default/default.*	gen_context(system_u:object_r:bin_t,s0)
>  
> -/etc/init\.d/functions		--	gen_context(system_u:object_r:bin_t,s0)
> -
>  /etc/kde/env(/.*)?			gen_context(system_u:object_r:bin_t,s0)
>  /etc/kde/shutdown(/.*)?			gen_context(system_u:object_r:bin_t,s0)
>  
> @@ -257,7 +255,6 @@ ifdef(`distro_gentoo',`
>  
>  /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
>  
> -/usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
>  /usr/local/Brother(/.*)?		gen_context(system_u:object_r:bin_t,s0)
>  /usr/local/Printer(/.*)?		gen_context(system_u:object_r:bin_t,s0)
>  /usr/local/linuxprinter/filters(/.*)?	gen_context(system_u:object_r:bin_t,s0)
> diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
> index 8796ca3..1975fc4 100644
> --- a/policy/modules/kernel/files.fc
> +++ b/policy/modules/kernel/files.fc
> @@ -84,7 +84,7 @@ ifdef(`distro_redhat',`
>  
>  ifdef(`distro_suse',`
>  /etc/defkeymap\.map	--	gen_context(system_u:object_r:etc_runtime_t,s0)
> -/etc/init\.d/\.depend.*	--	gen_context(system_u:object_r:etc_runtime_t,s0)
> +/etc/rc\.d/init\.d/\.depend.* -- gen_context(system_u:object_r:etc_runtime_t,s0)
>  ')
>  
>  #
> diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc
> index fc86b7c..be8f670 100644
> --- a/policy/modules/services/xserver.fc
> +++ b/policy/modules/services/xserver.fc
> @@ -22,13 +22,13 @@ HOME_DIR/\.Xauthority.*	--	gen_context(system_u:object_r:xauth_home_t,s0)
>  /etc/gdm/PreSession/.*	--	gen_context(system_u:object_r:xsession_exec_t,s0)
>  /etc/gdm/Xsession	--	gen_context(system_u:object_r:xsession_exec_t,s0)
>  
> -/etc/init\.d/xfree86-common --	gen_context(system_u:object_r:xserver_exec_t,s0)
> -
>  /etc/kde[34]?/kdm/Xstartup --	gen_context(system_u:object_r:xsession_exec_t,s0)
>  /etc/kde[34]?/kdm/Xreset --	gen_context(system_u:object_r:xsession_exec_t,s0)
>  /etc/kde[34]?/kdm/Xsession --	gen_context(system_u:object_r:xsession_exec_t,s0)
>  /etc/kde[34]?/kdm/backgroundrc	gen_context(system_u:object_r:xdm_var_run_t,s0)
>  
> +/etc/rc\.d/init\.d/xfree86-common -- gen_context(system_u:object_r:xserver_exec_t,s0)
> +
>  /etc/X11/[wx]dm/Xreset.* --	gen_context(system_u:object_r:xsession_exec_t,s0)
>  /etc/X11/[wxg]dm/Xsession --	gen_context(system_u:object_r:xsession_exec_t,s0)
>  /etc/X11/wdm(/.*)?		gen_context(system_u:object_r:xdm_rw_etc_t,s0)
> diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
> index d2e40b8..03e27db 100644
> --- a/policy/modules/system/init.fc
> +++ b/policy/modules/system/init.fc
> @@ -1,8 +1,6 @@
>  #
>  # /etc
>  #
> -/etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
> -
>  /etc/rc\.d/rc		--	gen_context(system_u:object_r:initrc_exec_t,s0)
>  /etc/rc\.d/rc\.[^/]+	--	gen_context(system_u:object_r:initrc_exec_t,s0)
>  
> diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
> index ec85acb..662e79b 100644
> --- a/policy/modules/system/ipsec.fc
> +++ b/policy/modules/system/ipsec.fc
> @@ -27,11 +27,6 @@
>  /usr/libexec/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
>  /usr/libexec/nm-openswan-service -- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
>  
> -/usr/local/lib(64)?/ipsec/eroute --	gen_context(system_u:object_r:ipsec_exec_t,s0)
> -/usr/local/lib(64)?/ipsec/klipsdebug -- gen_context(system_u:object_r:ipsec_exec_t,s0)
> -/usr/local/lib(64)?/ipsec/pluto --	gen_context(system_u:object_r:ipsec_exec_t,s0)
> -/usr/local/lib(64)?/ipsec/spi	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
> -
>  /usr/sbin/ipsec			-- 	gen_context(system_u:object_r:ipsec_mgmt_exec_t,s0)
>  /usr/sbin/racoon		--	gen_context(system_u:object_r:racoon_exec_t,s0)
>  /usr/sbin/setkey		--	gen_context(system_u:object_r:setkey_exec_t,s0)
> diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
> index ef8bbaf..f302477 100644
> --- a/policy/modules/system/libraries.fc
> +++ b/policy/modules/system/libraries.fc
> @@ -242,7 +242,6 @@ HOME_DIR/.*/plugins/nppdf\.so.* 	--	gen_context(system_u:object_r:textrel_shlib_
>  /usr/lib.*/libmpg123\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
>  /usr/local(/.*)?/libmpg123\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
>  /usr/lib/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
> -/usr/local/lib/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
>  
>  HOME_DIR/.*/plugins/nppdf\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
>  HOME_DIR/.mozilla/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2012-08-15 15:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-08-15 14:12 [refpolicy] [PATCH v4 1/2] Use substititions for /usr/local/lib and /etc/init.d Sven Vermeulen
2012-08-15 15:47 ` Christopher J. PeBenito

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.