From 6c53a10e28bb5103dc9d344ba2aac11337e31434 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 5 Oct 2007 18:00:55 +0000 Subject: [PATCH] trunk: Patch to clean up unescaped periods in several file context entries from Jan-Frode Myklebust. --- Changelog | 2 ++ policy/modules/kernel/corecommands.fc | 2 +- policy/modules/kernel/corecommands.te | 2 +- policy/modules/kernel/files.fc | 2 +- policy/modules/kernel/files.te | 2 +- policy/modules/services/aide.fc | 2 +- policy/modules/services/aide.te | 2 +- policy/modules/services/apcupsd.fc | 8 ++++---- policy/modules/services/apcupsd.te | 2 +- policy/modules/services/consolekit.fc | 2 +- policy/modules/services/consolekit.te | 2 +- policy/modules/services/fail2ban.fc | 4 ++-- policy/modules/services/fail2ban.te | 2 +- policy/modules/services/hal.fc | 4 ++-- policy/modules/services/hal.te | 2 +- policy/modules/services/oddjob.fc | 2 +- policy/modules/services/oddjob.te | 2 +- policy/modules/services/radius.fc | 2 +- policy/modules/services/radius.te | 2 +- policy/modules/services/ricci.fc | 8 ++++---- policy/modules/services/ricci.te | 2 +- policy/modules/services/rpcbind.fc | 6 +++--- policy/modules/services/rpcbind.te | 2 +- policy/modules/services/samba.fc | 2 +- policy/modules/services/samba.te | 2 +- policy/modules/system/init.fc | 2 +- policy/modules/system/init.te | 2 +- policy/modules/system/iscsi.fc | 2 +- policy/modules/system/iscsi.te | 2 +- policy/modules/system/libraries.fc | 10 +++++----- policy/modules/system/libraries.te | 2 +- policy/modules/system/lvm.fc | 2 +- policy/modules/system/lvm.te | 2 +- 33 files changed, 48 insertions(+), 46 deletions(-) diff --git a/Changelog b/Changelog index 2cba6d7f..2db03ad6 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,5 @@ +- Patch to clean up unescaped periods in several file context entries from + Jan-Frode Myklebust. - Merge shlib_t into lib_t. - Merge strict and targeted policies. The policy will now behave like the strict policy if the unconfined module is not present. If it is, it will diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 7c202da3..f3070579 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -193,7 +193,7 @@ ifdef(`distro_redhat', ` /usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0) /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0) -/usr/share/authconfig/authconfig.py -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0) /usr/share/cvs/contrib/rcs2log -- gen_context(system_u:object_r:bin_t,s0) /usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0) /usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te index 9a86a375..9058d484 100644 --- a/policy/modules/kernel/corecommands.te +++ b/policy/modules/kernel/corecommands.te @@ -1,5 +1,5 @@ -policy_module(corecommands,1.8.1) +policy_module(corecommands,1.8.2) ######################################## # diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc index 4484def2..f63a5c75 100644 --- a/policy/modules/kernel/files.fc +++ b/policy/modules/kernel/files.fc @@ -57,7 +57,7 @@ ifdef(`distro_suse',` /etc/motd -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/nohotplug -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/nologin.* -- gen_context(system_u:object_r:etc_runtime_t,s0) -/etc/reader.conf -- gen_context(system_u:object_r:etc_runtime_t,s0) +/etc/reader\.conf -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/smartd\.conf.* -- gen_context(system_u:object_r:etc_runtime_t,s0) /etc/cups/client\.conf -- gen_context(system_u:object_r:etc_t,s0) diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te index 8eae5461..cb086e6b 100644 --- a/policy/modules/kernel/files.te +++ b/policy/modules/kernel/files.te @@ -1,5 +1,5 @@ -policy_module(files,1.7.1) +policy_module(files,1.7.2) ######################################## # diff --git a/policy/modules/services/aide.fc b/policy/modules/services/aide.fc index 8c1b8b4b..7798464d 100644 --- a/policy/modules/services/aide.fc +++ b/policy/modules/services/aide.fc @@ -3,4 +3,4 @@ /var/lib/aide(/.*) gen_context(system_u:object_r:aide_db_t,mls_systemhigh) /var/log/aide(/.*)? gen_context(system_u:object_r:aide_log_t,mls_systemhigh) -/var/log/aide.log -- gen_context(system_u:object_r:aide_log_t,mls_systemhigh) +/var/log/aide\.log -- gen_context(system_u:object_r:aide_log_t,mls_systemhigh) diff --git a/policy/modules/services/aide.te b/policy/modules/services/aide.te index e3502f5e..6206db91 100644 --- a/policy/modules/services/aide.te +++ b/policy/modules/services/aide.te @@ -1,5 +1,5 @@ -policy_module(aide,1.2.0) +policy_module(aide,1.2.1) ######################################## # diff --git a/policy/modules/services/apcupsd.fc b/policy/modules/services/apcupsd.fc index a3b88336..a71bd47b 100644 --- a/policy/modules/services/apcupsd.fc +++ b/policy/modules/services/apcupsd.fc @@ -9,7 +9,7 @@ ifdef(`distro_debian',` /var/run/apcupsd\.pid -- gen_context(system_u:object_r:apcupsd_var_run_t,s0) -/var/www/apcupsd/multimon.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) -/var/www/apcupsd/upsfstats.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) -/var/www/apcupsd/upsimage.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) -/var/www/apcupsd/upsstats.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) +/var/www/apcupsd/multimon\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) +/var/www/apcupsd/upsfstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) +/var/www/apcupsd/upsimage\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) +/var/www/apcupsd/upsstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0) diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te index 8454318e..120e51df 100644 --- a/policy/modules/services/apcupsd.te +++ b/policy/modules/services/apcupsd.te @@ -1,5 +1,5 @@ -policy_module(apcupsd,1.2.1) +policy_module(apcupsd,1.2.2) ######################################## # diff --git a/policy/modules/services/consolekit.fc b/policy/modules/services/consolekit.fc index 838082c5..6722878e 100644 --- a/policy/modules/services/consolekit.fc +++ b/policy/modules/services/consolekit.fc @@ -1,3 +1,3 @@ /usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0) -/var/run/consolekit.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0) +/var/run/consolekit\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0) diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te index c0131e39..40c3e933 100644 --- a/policy/modules/services/consolekit.te +++ b/policy/modules/services/consolekit.te @@ -1,5 +1,5 @@ -policy_module(consolekit,1.2.0) +policy_module(consolekit,1.2.1) ######################################## # diff --git a/policy/modules/services/fail2ban.fc b/policy/modules/services/fail2ban.fc index 08be019d..a7ee95eb 100644 --- a/policy/modules/services/fail2ban.fc +++ b/policy/modules/services/fail2ban.fc @@ -1,3 +1,3 @@ /usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0) -/var/log/fail2ban.log -- gen_context(system_u:object_r:fail2ban_log_t,s0) -/var/run/fail2ban.pid -- gen_context(system_u:object_r:fail2ban_var_run_t,s0) +/var/log/fail2ban\.log -- gen_context(system_u:object_r:fail2ban_log_t,s0) +/var/run/fail2ban\.pid -- gen_context(system_u:object_r:fail2ban_var_run_t,s0) diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te index f19fd8a5..1e5e778b 100644 --- a/policy/modules/services/fail2ban.te +++ b/policy/modules/services/fail2ban.te @@ -1,5 +1,5 @@ -policy_module(fail2ban,1.0.1) +policy_module(fail2ban,1.0.2) ######################################## # diff --git a/policy/modules/services/hal.fc b/policy/modules/services/hal.fc index 4c43b6ce..5055a778 100644 --- a/policy/modules/services/hal.fc +++ b/policy/modules/services/hal.fc @@ -15,7 +15,7 @@ /var/lib/hal(/.*)? gen_context(system_u:object_r:hald_var_lib_t,s0) -/var/log/pm-suspend.log gen_context(system_u:object_r:hald_log_t,s0) +/var/log/pm-suspend\.log gen_context(system_u:object_r:hald_log_t,s0) -/var/run/haldaemon.pid -- gen_context(system_u:object_r:hald_var_run_t,s0) +/var/run/haldaemon\.pid -- gen_context(system_u:object_r:hald_var_run_t,s0) /var/run/vbestate -- gen_context(system_u:object_r:hald_var_run_t,s0) diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te index ce992141..8f94a13e 100644 --- a/policy/modules/services/hal.te +++ b/policy/modules/services/hal.te @@ -1,5 +1,5 @@ -policy_module(hal,1.8.1) +policy_module(hal,1.8.2) ######################################## # diff --git a/policy/modules/services/oddjob.fc b/policy/modules/services/oddjob.fc index da4e8642..60b26f4c 100644 --- a/policy/modules/services/oddjob.fc +++ b/policy/modules/services/oddjob.fc @@ -2,4 +2,4 @@ /usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0) -/var/run/oddjobd.pid gen_context(system_u:object_r:oddjob_var_run_t,s0) +/var/run/oddjobd\.pid gen_context(system_u:object_r:oddjob_var_run_t,s0) diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te index 6e3c1861..3635b8ca 100644 --- a/policy/modules/services/oddjob.te +++ b/policy/modules/services/oddjob.te @@ -1,5 +1,5 @@ -policy_module(oddjob,1.3.1) +policy_module(oddjob,1.3.2) ######################################## # diff --git a/policy/modules/services/radius.fc b/policy/modules/services/radius.fc index a9ce21df..50b60a68 100644 --- a/policy/modules/services/radius.fc +++ b/policy/modules/services/radius.fc @@ -3,7 +3,7 @@ /etc/cron\.(daily|weekly|monthly)/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0) /etc/raddb(/.*)? gen_context(system_u:object_r:radiusd_etc_t,s0) -/etc/raddb/db.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0) +/etc/raddb/db\.daily -- gen_context(system_u:object_r:radiusd_etc_rw_t,s0) /usr/sbin/radiusd -- gen_context(system_u:object_r:radiusd_exec_t,s0) /usr/sbin/freeradius -- gen_context(system_u:object_r:radiusd_exec_t,s0) diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te index 8cf45dba..6668fca1 100644 --- a/policy/modules/services/radius.te +++ b/policy/modules/services/radius.te @@ -1,5 +1,5 @@ -policy_module(radius,1.5.1) +policy_module(radius,1.5.2) ######################################## # diff --git a/policy/modules/services/ricci.fc b/policy/modules/services/ricci.fc index 38280047..99596f95 100644 --- a/policy/modules/services/ricci.fc +++ b/policy/modules/services/ricci.fc @@ -9,8 +9,8 @@ /var/lib/ricci(/.*)? gen_context(system_u:object_r:ricci_var_lib_t,s0) -/var/log/clumond.log -- gen_context(system_u:object_r:ricci_modcluster_var_log_t,s0) +/var/log/clumond\.log -- gen_context(system_u:object_r:ricci_modcluster_var_log_t,s0) -/var/run/clumond.sock -s gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0) -/var/run/modclusterd.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0) -/var/run/ricci.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0) +/var/run/clumond\.sock -s gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0) +/var/run/modclusterd\.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0) +/var/run/ricci\.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0) diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te index 41096fe6..4923e409 100644 --- a/policy/modules/services/ricci.te +++ b/policy/modules/services/ricci.te @@ -1,5 +1,5 @@ -policy_module(ricci,1.2.1) +policy_module(ricci,1.2.2) ######################################## # diff --git a/policy/modules/services/rpcbind.fc b/policy/modules/services/rpcbind.fc index 6a546e4a..104df47f 100644 --- a/policy/modules/services/rpcbind.fc +++ b/policy/modules/services/rpcbind.fc @@ -2,6 +2,6 @@ /var/lib/rpcbind(/.*)? gen_context(system_u:object_r:rpcbind_var_lib_t,s0) -/var/run/rpc.statd.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0) -/var/run/rpcbind.lock -- gen_context(system_u:object_r:rpcbind_var_run_t,s0) -/var/run/rpcbind.sock -s gen_context(system_u:object_r:rpcbind_var_run_t,s0) +/var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0) +/var/run/rpcbind\.lock -- gen_context(system_u:object_r:rpcbind_var_run_t,s0) +/var/run/rpcbind\.sock -s gen_context(system_u:object_r:rpcbind_var_run_t,s0) diff --git a/policy/modules/services/rpcbind.te b/policy/modules/services/rpcbind.te index ca7d9502..d0899649 100644 --- a/policy/modules/services/rpcbind.te +++ b/policy/modules/services/rpcbind.te @@ -1,5 +1,5 @@ -policy_module(rpcbind,1.0.0) +policy_module(rpcbind,1.0.1) ######################################## # diff --git a/policy/modules/services/samba.fc b/policy/modules/services/samba.fc index 4454f484..57764d1b 100644 --- a/policy/modules/services/samba.fc +++ b/policy/modules/services/samba.fc @@ -3,7 +3,7 @@ # /etc # /etc/samba/MACHINE\.SID -- gen_context(system_u:object_r:samba_secrets_t,s0) -/etc/samba/passdb.tdb -- gen_context(system_u:object_r:samba_secrets_t,s0) +/etc/samba/passdb\.tdb -- gen_context(system_u:object_r:samba_secrets_t,s0) /etc/samba/secrets\.tdb -- gen_context(system_u:object_r:samba_secrets_t,s0) /etc/samba/smbpasswd -- gen_context(system_u:object_r:samba_secrets_t,s0) /etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0) diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te index ece439a0..68cc7120 100644 --- a/policy/modules/services/samba.te +++ b/policy/modules/services/samba.te @@ -1,5 +1,5 @@ -policy_module(samba,1.6.1) +policy_module(samba,1.6.2) ################################# # diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc index 8ec8ef1b..fbdf8f1c 100644 --- a/policy/modules/system/init.fc +++ b/policy/modules/system/init.fc @@ -13,7 +13,7 @@ ifdef(`distro_gentoo',` /etc/vmware/init\.d/vmware -- gen_context(system_u:object_r:initrc_exec_t,s0) -/etc/x11/startDM.sh -- gen_context(system_u:object_r:initrc_exec_t,s0) +/etc/x11/startDM\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0) ') # diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index e914795d..a6e0697e 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -1,5 +1,5 @@ -policy_module(init,1.8.1) +policy_module(init,1.8.2) gen_require(` class passwd rootok; diff --git a/policy/modules/system/iscsi.fc b/policy/modules/system/iscsi.fc index bc08e138..a5aaa684 100644 --- a/policy/modules/system/iscsi.fc +++ b/policy/modules/system/iscsi.fc @@ -2,4 +2,4 @@ /var/lib/iscsi(/.*)? -- gen_context(system_u:object_r:iscsi_var_lib_t,s0) /var/lock/iscsi(/.*)? -- gen_context(system_u:object_r:iscsi_lock_t,s0) -/var/run/iscsid.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0) +/var/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0) diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te index 21521812..409a4d9f 100644 --- a/policy/modules/system/iscsi.te +++ b/policy/modules/system/iscsi.te @@ -1,5 +1,5 @@ -policy_module(iscsid,1.2.1) +policy_module(iscsid,1.2.2) ######################################## # diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc index 50019e6e..9ffd9fc6 100644 --- a/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc @@ -109,8 +109,8 @@ ifdef(`distro_gentoo',` /usr/(.*/)?nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib/vlc/codec/libdmo_plugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib/vlc/codec/librealaudio_plugin.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/vlc/codec/libdmo_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/vlc/codec/librealaudio_plugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(.*/)?lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?(/.*)?/nvidia/.+\.so(\..*)? -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -255,10 +255,10 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_ /usr/(local/)?Adobe/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?acroread/(.*/)?lib/[^/]*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?Adobe/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(local/)?lib/xchat/plugins/systray.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?lib/xchat/plugins/systray\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(local/)?matlab.*/bin/glnx86/libmwlapack\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl).so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/(local/)?matlab.*/sys/os/glnx86/libtermcap.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?matlab.*/bin/glnx86/(libmw(lapack|mathutil|services)|lapack|libmkl)\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/(local/)?matlab.*/sys/os/glnx86/libtermcap\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/(.*/)?intellinux/SPPlugins/ADMPlugin\.apl -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te index dab58022..34a88de4 100644 --- a/policy/modules/system/libraries.te +++ b/policy/modules/system/libraries.te @@ -1,5 +1,5 @@ -policy_module(libraries,1.7.1) +policy_module(libraries,1.7.2) ######################################## # diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index 4d4fc375..57da9cd6 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -94,5 +94,5 @@ ifdef(`distro_gentoo',` # /var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) /var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0) -/var/run/multipathd.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0) +/var/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0) /var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 6c727a4c..ad340434 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -1,5 +1,5 @@ -policy_module(lvm,1.7.1) +policy_module(lvm,1.7.2) ######################################## #