From 19ebf01d6ab7fa4e39b61e8a902b66e21ffc7e86 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Mon, 24 Jul 2006 15:43:57 +0000 Subject: [PATCH] patch to fix escaping of . in file contexts from james athey --- policy/modules/admin/logwatch.fc | 2 +- policy/modules/admin/portage.fc | 8 +- policy/modules/apps/userhelper.fc | 2 +- policy/modules/apps/yam.fc | 2 +- policy/modules/kernel/corecommands.fc | 8 +- policy/modules/services/apache.fc | 2 +- policy/modules/services/bind.fc | 2 +- policy/modules/services/clamav.fc | 2 +- policy/modules/services/cpucontrol.fc | 2 +- policy/modules/services/cups.fc | 2 +- policy/modules/services/dante.fc | 2 +- policy/modules/services/dovecot.fc | 4 +- policy/modules/services/kerberos.fc | 2 +- policy/modules/services/ktalk.fc | 2 +- policy/modules/services/mta.fc | 4 +- policy/modules/services/networkmanager.fc | 2 +- policy/modules/services/nis.fc | 4 +- policy/modules/services/ntop.fc | 2 +- policy/modules/services/openca.fc | 2 +- policy/modules/services/pegasus.fc | 2 +- policy/modules/services/portmap.fc | 2 +- policy/modules/services/postgresql.fc | 2 +- policy/modules/services/pyzor.fc | 2 +- policy/modules/services/razor.fc | 2 +- policy/modules/services/rpc.fc | 2 +- policy/modules/services/xserver.fc | 4 +- policy/modules/system/hotplug.fc | 2 +- policy/modules/system/libraries.fc | 108 +++++++++++----------- policy/modules/system/logging.fc | 2 +- policy/modules/system/selinuxutil.fc | 6 +- policy/modules/system/unconfined.fc | 4 +- 31 files changed, 97 insertions(+), 97 deletions(-) diff --git a/policy/modules/admin/logwatch.fc b/policy/modules/admin/logwatch.fc index 67ff2c13..53fba320 100644 --- a/policy/modules/admin/logwatch.fc +++ b/policy/modules/admin/logwatch.fc @@ -1,4 +1,4 @@ -/usr/share/logwatch/scripts/logwatch.pl -- gen_context(system_u:object_r:logwatch_exec_t, s0) +/usr/share/logwatch/scripts/logwatch\.pl -- gen_context(system_u:object_r:logwatch_exec_t, s0) /var/cache/logwatch(/.*)? gen_context(system_u:object_r:logwatch_cache_t, s0) diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc index 76d3408c..a44f7ce3 100644 --- a/policy/modules/admin/portage.fc +++ b/policy/modules/admin/portage.fc @@ -1,5 +1,5 @@ -/etc/make.conf -- gen_context(system_u:object_r:portage_conf_t,s0) -/etc/make.globals -- gen_context(system_u:object_r:portage_conf_t,s0) +/etc/make\.conf -- gen_context(system_u:object_r:portage_conf_t,s0) +/etc/make\.globals -- gen_context(system_u:object_r:portage_conf_t,s0) /etc/portage(/.*)? gen_context(system_u:object_r:portage_conf_t,s0) /usr/bin/gcc-config -- gen_context(system_u:object_r:gcc_config_exec_t,s0) @@ -8,7 +8,7 @@ /usr/lib(64)?/portage/bin/ebuild -- gen_context(system_u:object_r:portage_exec_t,s0) /usr/lib(64)?/portage/bin/emerge -- gen_context(system_u:object_r:portage_exec_t,s0) /usr/lib(64)?/portage/bin/quickpkg -- gen_context(system_u:object_r:portage_exec_t,s0) -/usr/lib(64)?/portage/bin/ebuild.sh -- gen_context(system_u:object_r:portage_exec_t,s0) +/usr/lib(64)?/portage/bin/ebuild\.sh -- gen_context(system_u:object_r:portage_exec_t,s0) /usr/lib(64)?/portage/bin/regenworld -- gen_context(system_u:object_r:portage_exec_t,s0) /usr/lib(64)?/portage/bin/sandbox -- gen_context(system_u:object_r:portage_exec_t,s0) @@ -16,7 +16,7 @@ /var/db/pkg(/.*)? gen_context(system_u:object_r:portage_db_t,s0) /var/cache/edb(/.*)? gen_context(system_u:object_r:portage_cache_t,s0) -/var/log/emerge.log.* -- gen_context(system_u:object_r:portage_log_t,s0) +/var/log/emerge\.log.* -- gen_context(system_u:object_r:portage_log_t,s0) /var/lib/portage(/.*)? gen_context(system_u:object_r:portage_cache_t,s0) /var/tmp/portage(/.*)? gen_context(system_u:object_r:portage_tmp_t,s0) /var/tmp/portage-pkg(/.*)? gen_context(system_u:object_r:portage_tmp_t,s0) diff --git a/policy/modules/apps/userhelper.fc b/policy/modules/apps/userhelper.fc index 0cd9dc41..e70b0e8b 100644 --- a/policy/modules/apps/userhelper.fc +++ b/policy/modules/apps/userhelper.fc @@ -1,7 +1,7 @@ # # /etc # -/etc/security/console.apps(/.*)? gen_context(system_u:object_r:userhelper_conf_t,s0) +/etc/security/console\.apps(/.*)? gen_context(system_u:object_r:userhelper_conf_t,s0) # # /usr diff --git a/policy/modules/apps/yam.fc b/policy/modules/apps/yam.fc index 2875fb6a..4ec6edeb 100644 --- a/policy/modules/apps/yam.fc +++ b/policy/modules/apps/yam.fc @@ -1,4 +1,4 @@ -/etc/yam.conf -- gen_context(system_u:object_r:yam_etc_t,s0) +/etc/yam\.conf -- gen_context(system_u:object_r:yam_etc_t,s0) /usr/bin/yam -- gen_context(system_u:object_r:yam_exec_t,s0) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index e1308e2c..8745c6f3 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -81,8 +81,8 @@ ifdef(`targeted_policy',` ifdef(`distro_gentoo',` /lib/rcscripts/addons(/.*)? gen_context(system_u:object_r:bin_t,s0) /lib/rcscripts/sh(/.*)? gen_context(system_u:object_r:bin_t,s0) -/lib/rcscripts/net.modules.d/helpers.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0) -/lib/rcscripts/net.modules.d/helpers.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0) +/lib/rcscripts/net\.modules\.d/helpers\.d/dhclient-.* -- gen_context(system_u:object_r:bin_t,s0) +/lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0) ') # @@ -103,7 +103,7 @@ ifdef(`distro_gentoo',` /opt/(.*/)?sbin(/.*)? gen_context(system_u:object_r:sbin_t,s0) ifdef(`distro_gentoo',` -/opt/vmware/workstation/lib/lib/wrapper-gtk24.sh -- gen_context(system_u:object_r:bin_t,s0) +/opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0) ') # @@ -194,7 +194,7 @@ ifdef(`distro_redhat', ` /usr/share/system-config-httpd/system-config-httpd -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-keyboard/system-config-keyboard -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-language/system-config-language -- gen_context(system_u:object_r:bin_t,s0) -/usr/share/system-config-lvm/system-config-lvm.py -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/system-config-lvm/system-config-lvm\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-mouse/system-config-mouse -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-netboot/system-config-netboot\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/system-config-netboot/pxeos\.py -- gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc index f6277c55..3f81db79 100644 --- a/policy/modules/services/apache.fc +++ b/policy/modules/services/apache.fc @@ -21,7 +21,7 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_R /usr/lib/apache-ssl/.+ -- gen_context(system_u:object_r:httpd_exec_t,s0) /usr/lib/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_sys_script_exec_t,s0) -/usr/lib/squid/cachemgr.cgi -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/lib/squid/cachemgr\.cgi -- gen_context(system_u:object_r:httpd_exec_t,s0) /usr/lib(64)?/apache(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) /usr/lib(64)?/apache2/modules(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0) /usr/lib(64)?/apache(2)?/suexec(2)? -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) diff --git a/policy/modules/services/bind.fc b/policy/modules/services/bind.fc index 3a1ba684..b63564d0 100644 --- a/policy/modules/services/bind.fc +++ b/policy/modules/services/bind.fc @@ -36,7 +36,7 @@ ifdef(`distro_redhat',` /var/named/named\.ca -- gen_context(system_u:object_r:named_conf_t,s0) /var/named/chroot(/.*)? gen_context(system_u:object_r:named_conf_t,s0) /var/named/chroot/etc(/.*)? gen_context(system_u:object_r:named_conf_t,s0) -/var/named/chroot/etc/rndc.key -- gen_context(system_u:object_r:dnssec_t,s0) +/var/named/chroot/etc/rndc\.key -- gen_context(system_u:object_r:dnssec_t,s0) /var/named/chroot/var/run/named.* gen_context(system_u:object_r:named_var_run_t,s0) /var/named/chroot/var/tmp(/.*)? gen_context(system_u:object_r:named_cache_t,s0) /var/named/chroot/var/named(/.*)? gen_context(system_u:object_r:named_zone_t,s0) diff --git a/policy/modules/services/clamav.fc b/policy/modules/services/clamav.fc index 4640ac66..874f1e58 100644 --- a/policy/modules/services/clamav.fc +++ b/policy/modules/services/clamav.fc @@ -8,7 +8,7 @@ /usr/sbin/clamd -- gen_context(system_u:object_r:clamd_exec_t,s0) /var/run/clamav(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0) -/var/run/clamav/clamd.ctl -s gen_context(system_u:object_r:clamd_sock_t,s0) +/var/run/clamav/clamd\.ctl -s gen_context(system_u:object_r:clamd_sock_t,s0) /var/lib/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0) /var/log/clamav -d gen_context(system_u:object_r:clamd_var_log_t,s0) /var/log/clamav/clamav.* -- gen_context(system_u:object_r:clamd_var_log_t,s0) diff --git a/policy/modules/services/cpucontrol.fc b/policy/modules/services/cpucontrol.fc index 6905f77c..789c8c7d 100644 --- a/policy/modules/services/cpucontrol.fc +++ b/policy/modules/services/cpucontrol.fc @@ -7,4 +7,4 @@ /usr/sbin/cpuspeed -- gen_context(system_u:object_r:cpuspeed_exec_t,s0) /usr/sbin/powernowd -- gen_context(system_u:object_r:cpuspeed_exec_t,s0) -/var/run/cpufreqd.pid -- gen_context(system_u:object_r:cpuspeed_var_run_t,s0) +/var/run/cpufreqd\.pid -- gen_context(system_u:object_r:cpuspeed_var_run_t,s0) diff --git a/policy/modules/services/cups.fc b/policy/modules/services/cups.fc index 44831b19..2f030f02 100644 --- a/policy/modules/services/cups.fc +++ b/policy/modules/services/cups.fc @@ -33,7 +33,7 @@ /usr/share/cups(/.*)? gen_context(system_u:object_r:cupsd_etc_t,s0) /usr/share/foomatic/db/oldprinterids -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0) -/usr/share/hplip/hpssd.py -- gen_context(system_u:object_r:hplip_exec_t,s0) +/usr/share/hplip/hpssd\.py -- gen_context(system_u:object_r:hplip_exec_t,s0) /var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0) /var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0) diff --git a/policy/modules/services/dante.fc b/policy/modules/services/dante.fc index 5071baeb..139171dc 100644 --- a/policy/modules/services/dante.fc +++ b/policy/modules/services/dante.fc @@ -3,4 +3,4 @@ /usr/sbin/sockd -- gen_context(system_u:object_r:dante_exec_t,s0) -/var/run/sockd.pid -- gen_context(system_u:object_r:dante_var_run_t,s0) +/var/run/sockd\.pid -- gen_context(system_u:object_r:dante_var_run_t,s0) diff --git a/policy/modules/services/dovecot.fc b/policy/modules/services/dovecot.fc index 0b5a5136..a6a0023c 100644 --- a/policy/modules/services/dovecot.fc +++ b/policy/modules/services/dovecot.fc @@ -2,8 +2,8 @@ # # /etc # -/etc/dovecot.conf.* gen_context(system_u:object_r:dovecot_etc_t,s0) -/etc/dovecot.passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0) +/etc/dovecot\.conf.* gen_context(system_u:object_r:dovecot_etc_t,s0) +/etc/dovecot\.passwd.* gen_context(system_u:object_r:dovecot_passwd_t,s0) /etc/pki/dovecot(/.*)? gen_context(system_u:object_r:dovecot_cert_t,s0) diff --git a/policy/modules/services/kerberos.fc b/policy/modules/services/kerberos.fc index 1990ad08..10b302e6 100644 --- a/policy/modules/services/kerberos.fc +++ b/policy/modules/services/kerberos.fc @@ -2,7 +2,7 @@ /etc/krb5\.keytab gen_context(system_u:object_r:krb5_keytab_t,s0) /etc/krb5kdc(/.*)? gen_context(system_u:object_r:krb5kdc_conf_t,s0) -/etc/krb5kdc/kadm5.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0) +/etc/krb5kdc/kadm5\.keytab -- gen_context(system_u:object_r:krb5_keytab_t,s0) /etc/krb5kdc/principal.* gen_context(system_u:object_r:krb5kdc_principal_t,s0) /usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0) diff --git a/policy/modules/services/ktalk.fc b/policy/modules/services/ktalk.fc index 6b30e263..379e4e82 100644 --- a/policy/modules/services/ktalk.fc +++ b/policy/modules/services/ktalk.fc @@ -1,4 +1,4 @@ -/usr/bin/in.talkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0) +/usr/bin/in\.talkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0) /usr/bin/ktalkd -- gen_context(system_u:object_r:ktalkd_exec_t,s0) /var/log/talkd.* -- gen_context(system_u:object_r:ktalkd_log_t,s0) diff --git a/policy/modules/services/mta.fc b/policy/modules/services/mta.fc index 14ff65cf..d19d68ba 100644 --- a/policy/modules/services/mta.fc +++ b/policy/modules/services/mta.fc @@ -9,8 +9,8 @@ ifdef(`distro_redhat',` /usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0) /usr/sbin/rmail -- gen_context(system_u:object_r:sendmail_exec_t,s0) -/usr/sbin/sendmail.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0) -/usr/sbin/sendmail(.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) +/usr/sbin/sendmail\.postfix -- gen_context(system_u:object_r:sendmail_exec_t,s0) +/usr/sbin/sendmail(\.sendmail)? -- gen_context(system_u:object_r:sendmail_exec_t,s0) /var/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0) diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc index e198e694..da1e1e5a 100644 --- a/policy/modules/services/networkmanager.fc +++ b/policy/modules/services/networkmanager.fc @@ -1,5 +1,5 @@ /usr/(s)?bin/NetworkManager -- gen_context(system_u:object_r:NetworkManager_exec_t,s0) -/var/run/NetworkManager.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0) +/var/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) /var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) diff --git a/policy/modules/services/nis.fc b/policy/modules/services/nis.fc index 0128ee0e..8e6586a2 100644 --- a/policy/modules/services/nis.fc +++ b/policy/modules/services/nis.fc @@ -3,8 +3,8 @@ /sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0) -/usr/sbin/rpc.yppasswdd -- gen_context(system_u:object_r:yppasswdd_exec_t,s0) -/usr/sbin/rpc.ypxfr -- gen_context(system_u:object_r:ypxfr_exec_t,s0) +/usr/sbin/rpc\.yppasswdd -- gen_context(system_u:object_r:yppasswdd_exec_t,s0) +/usr/sbin/rpc\.ypxfr -- gen_context(system_u:object_r:ypxfr_exec_t,s0) /usr/sbin/ypserv -- gen_context(system_u:object_r:ypserv_exec_t,s0) /var/yp(/.*)? gen_context(system_u:object_r:var_yp_t,s0) diff --git a/policy/modules/services/ntop.fc b/policy/modules/services/ntop.fc index da88341e..0d836ae6 100644 --- a/policy/modules/services/ntop.fc +++ b/policy/modules/services/ntop.fc @@ -4,4 +4,4 @@ /usr/share/ntop/html(/.*)? gen_context(system_u:object_r:ntop_http_content_t,s0) /var/lib/ntop(/.*)? gen_context(system_u:object_r:ntop_var_lib_t,s0) -/var/run/ntop.pid -- gen_context(system_u:object_r:ntop_var_run_t,s0) +/var/run/ntop\.pid -- gen_context(system_u:object_r:ntop_var_run_t,s0) diff --git a/policy/modules/services/openca.fc b/policy/modules/services/openca.fc index dc360b93..72a2db6d 100644 --- a/policy/modules/services/openca.fc +++ b/policy/modules/services/openca.fc @@ -1,5 +1,5 @@ /etc/openca(/.*)? gen_context(system_u:object_r:openca_etc_t,s0) -/etc/openca/*.\.in(/.*)? gen_context(system_u:object_r:openca_etc_in_t,s0) +/etc/openca/.*\.in(/.*)? gen_context(system_u:object_r:openca_etc_in_t,s0) /etc/openca/rbac(/.*)? gen_context(system_u:object_r:openca_etc_writeable_t,s0) /usr/share/openca(/.*)? gen_context(system_u:object_r:openca_usr_share_t,s0) diff --git a/policy/modules/services/pegasus.fc b/policy/modules/services/pegasus.fc index 601c91ca..cd4c544b 100644 --- a/policy/modules/services/pegasus.fc +++ b/policy/modules/services/pegasus.fc @@ -1,6 +1,6 @@ /etc/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_conf_t,s0) -/etc/Pegasus/pegasus_current.conf gen_context(system_u:object_r:pegasus_data_t,s0) +/etc/Pegasus/pegasus_current\.conf gen_context(system_u:object_r:pegasus_data_t,s0) /usr/sbin/cimserver -- gen_context(system_u:object_r:pegasus_exec_t,s0) /usr/sbin/init_repository -- gen_context(system_u:object_r:pegasus_exec_t,s0) diff --git a/policy/modules/services/portmap.fc b/policy/modules/services/portmap.fc index 2c42dfd3..76f58342 100644 --- a/policy/modules/services/portmap.fc +++ b/policy/modules/services/portmap.fc @@ -9,4 +9,4 @@ ifdef(`distro_debian',` /usr/sbin/pmap_set -- gen_context(system_u:object_r:portmap_helper_exec_t,s0) ') -/var/run/portmap.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0) +/var/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0) diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc index a77d9eb3..0e9fed1f 100644 --- a/policy/modules/services/postgresql.fc +++ b/policy/modules/services/postgresql.fc @@ -28,7 +28,7 @@ ifdef(`distro_redhat', ` /var/lib/postgres(ql)?(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) /var/lib/pgsql/data(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) -/var/lib/pgsql/pgstartup.log gen_context(system_u:object_r:postgresql_log_t,s0) +/var/lib/pgsql/pgstartup\.log gen_context(system_u:object_r:postgresql_log_t,s0) /var/log/postgres\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0) /var/log/postgresql(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0) diff --git a/policy/modules/services/pyzor.fc b/policy/modules/services/pyzor.fc index 71e71c87..0fbe17a7 100644 --- a/policy/modules/services/pyzor.fc +++ b/policy/modules/services/pyzor.fc @@ -4,7 +4,7 @@ /usr/bin/pyzord -- gen_context(system_u:object_r:pyzord_exec_t,s0) /var/lib/pyzord(/.*)? gen_context(system_u:object_r:pyzor_var_lib_t,s0) -/var/log/pyzord.log -- gen_context(system_u:object_r:pyzord_log_t,s0) +/var/log/pyzord\.log -- gen_context(system_u:object_r:pyzord_log_t,s0) ifdef(`strict_policy',` HOME_DIR/\.pyzor(/.*)? gen_context(system_u:object_r:ROLE_pyzor_home_t,s0) diff --git a/policy/modules/services/razor.fc b/policy/modules/services/razor.fc index 82c87b45..ad74d5b2 100644 --- a/policy/modules/services/razor.fc +++ b/policy/modules/services/razor.fc @@ -7,4 +7,4 @@ HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:ROLE_razor_home_t,s0) /usr/bin/razor.* -- gen_context(system_u:object_r:razor_exec_t,s0) /var/lib/razor(/.*)? gen_context(system_u:object_r:razor_var_lib_t,s0) -/var/log/razor-agent.log -- gen_context(system_u:object_r:razor_log_t,s0) +/var/log/razor-agent\.log -- gen_context(system_u:object_r:razor_log_t,s0) diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc index dbe7c720..4e6471d9 100644 --- a/policy/modules/services/rpc.fc +++ b/policy/modules/services/rpc.fc @@ -12,7 +12,7 @@ # /usr # /usr/sbin/exportfs -- gen_context(system_u:object_r:nfsd_exec_t,s0) -/usr/sbin/rpc.idmapd -- gen_context(system_u:object_r:rpcd_exec_t,s0) +/usr/sbin/rpc\.idmapd -- gen_context(system_u:object_r:rpcd_exec_t,s0) /usr/sbin/rpc\.gssd -- gen_context(system_u:object_r:gssd_exec_t,s0) /usr/sbin/rpc\.mountd -- gen_context(system_u:object_r:nfsd_exec_t,s0) /usr/sbin/rpc\.nfsd -- gen_context(system_u:object_r:nfsd_exec_t,s0) diff --git a/policy/modules/services/xserver.fc b/policy/modules/services/xserver.fc index e5e55a61..4cbe747f 100644 --- a/policy/modules/services/xserver.fc +++ b/policy/modules/services/xserver.fc @@ -2,10 +2,10 @@ # HOME_DIR # ifdef(`strict_policy',` -HOME_DIR/\.fonts.conf -- gen_context(system_u:object_r:ROLE_fonts_config_t,s0) +HOME_DIR/\.fonts\.conf -- gen_context(system_u:object_r:ROLE_fonts_config_t,s0) HOME_DIR/\.fonts(/.*)? gen_context(system_u:object_r:ROLE_fonts_t,s0) HOME_DIR/\.fonts/auto(/.*)? gen_context(system_u:object_r:ROLE_fonts_cache_t,s0) -HOME_DIR/\.fonts.cache-.* -- gen_context(system_u:object_r:ROLE_fonts_cache_t,s0) +HOME_DIR/\.fonts\.cache-.* -- gen_context(system_u:object_r:ROLE_fonts_cache_t,s0) HOME_DIR/\.ICEauthority.* -- gen_context(system_u:object_r:ROLE_iceauth_home_t,s0) HOME_DIR/\.xauth.* -- gen_context(system_u:object_r:ROLE_xauth_home_t,s0) HOME_DIR/\.Xauthority.* -- gen_context(system_u:object_r:ROLE_xauth_home_t,s0) diff --git a/policy/modules/system/hotplug.fc b/policy/modules/system/hotplug.fc index 1af89167..caf736b3 100644 --- a/policy/modules/system/hotplug.fc +++ b/policy/modules/system/hotplug.fc @@ -1,6 +1,6 @@ /etc/hotplug(/.*)? gen_context(system_u:object_r:hotplug_etc_t,s0) -/etc/hotplug/firmware.agent -- gen_context(system_u:object_r:hotplug_exec_t,s0) +/etc/hotplug/firmware\.agent -- gen_context(system_u:object_r:hotplug_exec_t,s0) /etc/hotplug\.d/.* -- gen_context(system_u:object_r:hotplug_exec_t,s0) diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc index 91263809..11ce8ae2 100644 --- a/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc @@ -3,21 +3,21 @@ # ifdef(`distro_gentoo',` /emul/linux/x86/usr(/.*)?/lib(/.*)? gen_context(system_u:object_r:lib_t,s0) -/emul/linux/x86/usr(/.*)?/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/emul/linux/x86/usr(/.*)?/lib/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) /emul/linux/x86/lib(/.*)? gen_context(system_u:object_r:lib_t,s0) -/emul/linux/x86/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/emul/linux/x86/lib/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) /emul/linux/x86/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) ') ifdef(`distro_redhat',` /emul/ia32-linux/usr(/.*)?/lib(/.*)? gen_context(system_u:object_r:lib_t,s0) -/emul/ia32-linux/usr(/.*)?/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) -/emul/ia32-linux/usr(/.*)?/java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/emul/ia32-linux/usr(/.*)?/lib/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/emul/ia32-linux/usr(/.*)?/java/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) /emul/ia32-linux/usr(/.*)?/java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0) /emul/ia32-linux/usr(/.*)?/java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0) /emul/ia32-linux/usr(/.*)?/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) /emul/ia32-linux/lib(/.*)? gen_context(system_u:object_r:lib_t,s0) -/emul/ia32-linux/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/emul/ia32-linux/lib/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) /emul/ia32-linux/lib(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) ') @@ -34,17 +34,17 @@ ifdef(`distro_redhat',` # /lib(/.*)? gen_context(system_u:object_r:lib_t,s0) /lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) -/lib/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) -/lib64/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/lib/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/lib64/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) /lib/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) /lib64/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) -/lib/security/pam_poldi.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/lib64/security/pam_poldi.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/lib/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/lib64/security/pam_poldi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) ifdef(`distro_gentoo',` /lib32(/.*)? gen_context(system_u:object_r:lib_t,s0) -/lib32/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) +/lib32/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) /lib32/ld-[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) ') @@ -52,20 +52,20 @@ ifdef(`distro_gentoo',` # /opt # /opt/(.*/)?lib(/.*)? gen_context(system_u:object_r:lib_t,s0) -/opt/(.*/)?lib/.*\.so -- gen_context(system_u:object_r:shlib_t,s0) -/opt/(.*/)?lib/.*\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) +/opt/(.*/)?lib/.+\.so -- gen_context(system_u:object_r:shlib_t,s0) +/opt/(.*/)?lib/.+\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) /opt/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) -/opt/(.*/)?lib64/.*\.so -- gen_context(system_u:object_r:shlib_t,s0) -/opt/(.*/)?lib64/.*\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) -/opt/(.*/)?jre.*/libdeploy.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/(.*/)?jre.*/libjvm.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/(.*/)?jre.*/libawt.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/cisco-vpnclient/lib/libvpnapi.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/netbeans(.*/)?jdk.*/linux/.*.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/(.*/)?lib64/.+\.so -- gen_context(system_u:object_r:shlib_t,s0) +/opt/(.*/)?lib64/.+\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) +/opt/(.*/)?jre.*/libdeploy\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/(.*/)?jre.*/libjvm\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/(.*/)?jre.*/libawt\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ifdef(`distro_gentoo',` -/opt/netscape/plugins/libflashplayer.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/netscape/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/netscape/plugins/libflashplayer\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/netscape/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) ') # @@ -76,45 +76,45 @@ ifdef(`distro_gentoo',` # # /usr # -/usr/(.*/)?/HelixPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(.*/)?/RealPlayer/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(.*/)?/HelixPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(.*/)?/RealPlayer/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(.*/)?java/.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(.*/)?java/.*\.jar -- gen_context(system_u:object_r:shlib_t,s0) -/usr/(.*/)?java/.*\.jsa -- gen_context(system_u:object_r:shlib_t,s0) +/usr/(.*/)?java/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:shlib_t,s0) +/usr/(.*/)?java/.+\.jsa -- gen_context(system_u:object_r:shlib_t,s0) /usr/(.*/)?lib(/.*)? gen_context(system_u:object_r:lib_t,s0) -/usr/(.*/)?lib/.*\.so -- gen_context(system_u:object_r:shlib_t,s0) -/usr/(.*/)?lib/.*\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) +/usr/(.*/)?lib/.+\.so -- gen_context(system_u:object_r:shlib_t,s0) +/usr/(.*/)?lib/.+\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) /usr/(.*/)?lib64(/.*)? gen_context(system_u:object_r:lib_t,s0) -/usr/(.*/)?lib64/.*\.so -- gen_context(system_u:object_r:shlib_t,s0) -/usr/(.*/)?lib64/.*\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) +/usr/(.*/)?lib64/.+\.so -- gen_context(system_u:object_r:shlib_t,s0) +/usr/(.*/)?lib64/.+\.so\.[^/]* -- gen_context(system_u:object_r:shlib_t,s0) /usr/(.*/)?lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* gen_context(system_u:object_r:ld_so_t,s0) -/usr/(.*/)?nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/win32/.* -- gen_context(system_u:object_r:shlib_t,s0) -/usr/lib(64)?/xulrunner-[^/]*/libxul.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(.*/)?lib(64)?(/.*)?/nvidia/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/xulrunner-[^/]*/libxul\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libsipphoneapi\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/ati-fglrx/.*\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/ati-fglrx/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/(nvidia/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libGLU\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libjs\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?(/.*)?/libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?(/.*)?/libnvidia.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?(/.*)?/nvidia_drv.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libGL(core)?\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libnvidia.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/nvidia-graphics(-[^/]*/)?libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) -/usr/(local/)?lib(64)?/wine/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?lib(64)?/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?lib/libfame-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/NX/lib/libXcomp.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/NX/lib/libjpeg.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/NX/lib/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/NX/lib/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/libGL\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/libXvMCNVIDIA\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -146,9 +146,9 @@ ifdef(`distro_redhat',` /usr/lib(64)?/helix/codecs/colorcvt\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/helix/codecs/cvt1\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libSDL-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/xorg/modules/dri/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/X11R6/lib/modules/dri/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/dri/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/xorg/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/X11R6/lib/modules/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/dri/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/libOSMesa\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/X11R6/lib/libfglrx_gamma\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libHermes\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -193,7 +193,7 @@ ifdef(`distro_redhat',` /usr/lib(64)?/libImlib2\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/ocaml/stublibs/dllnums\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/httpd/modules/libphp5\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/php/modules/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/php/modules/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame /usr/lib(64)?.*/libmpg123\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -202,7 +202,7 @@ ifdef(`distro_redhat',` /usr/lib(64)?/libavcodec-.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libavutil-.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libxvidcore\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/xine/plugins/.*\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/xine/plugins/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libgsm\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libmp3lame\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -213,18 +213,18 @@ HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textre # Jai, Sun Microsystems (Jpackage SPRM) /usr/lib(64)?/libmlib_jai\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/libdivxdecore.so.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/libdivxencore.so.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/libdivxencore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) # vmware /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/vmware/lib(/.*)?/HConfig.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/vmware/lib(/.*)?/HConfig\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/vmware/(.*/)?VmPerl\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) # Java, Sun Microsystems (JPackage SRPM) -/usr/(.*/)?jre.*/libdeploy.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(local/)?(.*/)?jre.*/libjvm.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(local/)?(.*/)?jre.*/libawt.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(.*/)?jre.*/libdeploy\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?(.*/)?jre.*/libjvm\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?(.*/)?jre.*/libawt\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?Adobe/(.*/)?intellinux/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?Adobe/(.*/)?intellinux/sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -233,13 +233,13 @@ HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textre /usr/(local/)?Adobe/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?Adobe/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/local/matlab.*/bin/glnx86/libmwlapack.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/local/matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?sidecars/* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib/acroread/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/acroread/.+\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib/acroread/(.*/)?ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) ') dnl end distro_redhat @@ -250,10 +250,10 @@ HOME_DIR/.*/plugins/libflashplayer\.so.* -- gen_context(system_u:object_r:textre /var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:ld_so_t,s0) /var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:shlib_t,s0) -/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- gen_context(system_u:object_r:shlib_t,s0) +/var/mailman/pythonlib(/.*)?/.+\.so(\..*)? -- gen_context(system_u:object_r:shlib_t,s0) ifdef(`distro_suse',` -/var/lib/samba/bin/.*\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0) +/var/lib/samba/bin/.+\.so(\.[^/]*)* -l gen_context(system_u:object_r:lib_t,s0) ') /var/spool/postfix/lib(64)?(/.*)? gen_context(system_u:object_r:lib_t,s0) @@ -261,4 +261,4 @@ ifdef(`distro_suse',` /var/spool/postfix/lib(64)?/ld.*\.so.* -- gen_context(system_u:object_r:ld_so_t,s0) /var/spool/postfix/lib(64)?/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0) /var/spool/postfix/lib(64)?/[^/]*/lib.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0) -/var/spool/postfix/lib(64)?/devfsd/.*\.so.* -- gen_context(system_u:object_r:shlib_t,s0) +/var/spool/postfix/lib(64)?/devfsd/.+\.so.* -- gen_context(system_u:object_r:shlib_t,s0) diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc index cdd15cd9..553f6ac3 100644 --- a/policy/modules/system/logging.fc +++ b/policy/modules/system/logging.fc @@ -26,7 +26,7 @@ ifdef(`distro_suse', ` /var/log -d gen_context(system_u:object_r:var_log_t,s0-s15:c0.c255) /var/log/.* gen_context(system_u:object_r:var_log_t,s0) -/var/log/audit.log -- gen_context(system_u:object_r:auditd_log_t,s15:c0.c255) +/var/log/audit\.log -- gen_context(system_u:object_r:auditd_log_t,s15:c0.c255) /var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,s15:c0.c255) diff --git a/policy/modules/system/selinuxutil.fc b/policy/modules/system/selinuxutil.fc index 8cb41798..1a7e566d 100644 --- a/policy/modules/system/selinuxutil.fc +++ b/policy/modules/system/selinuxutil.fc @@ -9,8 +9,8 @@ /etc/selinux/([^/]*/)?policy(/.*)? gen_context(system_u:object_r:policy_config_t,s15:c0.c255) /etc/selinux/([^/]*/)?seusers -- gen_context(system_u:object_r:selinux_config_t,s15:c0.c255) /etc/selinux/([^/]*/)?modules/(active|tmp|previous)(/.*)? gen_context(system_u:object_r:semanage_store_t,s0) -/etc/selinux/([^/]*/)?modules/semanage.read.LOCK -- gen_context(system_u:object_r:semanage_read_lock_t,s0) -/etc/selinux/([^/]*/)?modules/semanage.trans.LOCK -- gen_context(system_u:object_r:semanage_trans_lock_t,s0) +/etc/selinux/([^/]*/)?modules/semanage\.read\.LOCK -- gen_context(system_u:object_r:semanage_read_lock_t,s0) +/etc/selinux/([^/]*/)?modules/semanage\.trans\.LOCK -- gen_context(system_u:object_r:semanage_trans_lock_t,s0) /etc/selinux/([^/]*/)?users(/.*)? -- gen_context(system_u:object_r:selinux_config_t,s15:c0.c255) # @@ -47,4 +47,4 @@ ifdef(`distro_debian', ` # # /var/run # -/var/run/restorecond.pid -- gen_context(system_u:object_r:restorecond_var_run_t,s0) +/var/run/restorecond\.pid -- gen_context(system_u:object_r:restorecond_var_run_t,s0) diff --git a/policy/modules/system/unconfined.fc b/policy/modules/system/unconfined.fc index 08643f95..d651278b 100644 --- a/policy/modules/system/unconfined.fc +++ b/policy/modules/system/unconfined.fc @@ -5,8 +5,8 @@ /usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_exec_t,s0) ifdef(`targeted_policy',` -/usr/lib/openoffice.org.*/program/.*\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) /usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) -/usr/local/RealPlay/realplay.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) +/usr/local/RealPlay/realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) /usr/bin/mplayer -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0) ')