fix to use context_template()

2005-07-18 14:25:05 +00:00 · 2005-07-18 14:25:05 +00:00 · 9f103ce14b
commit 9f103ce14b
parent 3b6174a142
10 changed files with 118 additions and 120 deletions
--- a/refpolicy/policy/modules/admin/dmesg.fc
+++ b/refpolicy/policy/modules/admin/dmesg.fc
@ -1,2 +1,2 @@
-/bin/dmesg		--		system_u:object_r:dmesg_exec_t
+/bin/dmesg		--		context_template(system_u:object_r:dmesg_exec_t,s0)
--- a/refpolicy/policy/modules/admin/logrotate.fc
+++ b/refpolicy/policy/modules/admin/logrotate.fc
@ -1,16 +1,16 @@
-/etc/cron\.(daily|weekly)/sysklogd -- system_u:object_r:logrotate_exec_t
+/etc/cron\.(daily|weekly)/sysklogd -- context_template(system_u:object_r:logrotate_exec_t,s0)
-/usr/sbin/logcheck	--	system_u:object_r:logrotate_exec_t
+/usr/sbin/logcheck	--	context_template(system_u:object_r:logrotate_exec_t,s0)
-/usr/sbin/logrotate	--	system_u:object_r:logrotate_exec_t
+/usr/sbin/logrotate	--	context_template(system_u:object_r:logrotate_exec_t,s0)
-/var/lib/logcheck(/.*)?		system_u:object_r:logrotate_var_lib_t
+/var/lib/logcheck(/.*)?		context_template(system_u:object_r:logrotate_var_lib_t,s0)
 # using a hard-coded name under /var/tmp is a bug - new version fixes it
-/var/tmp/logcheck	-d	system_u:object_r:logrotate_tmp_t
+/var/tmp/logcheck	-d	context_template(system_u:object_r:logrotate_tmp_t,s0)
 ifdef(`distro_debian', `
-/usr/bin/savelog	--	system_u:object_r:logrotate_exec_t
+/usr/bin/savelog	--	context_template(system_u:object_r:logrotate_exec_t,s0)
-/var/lib/logrotate(/.*)?	system_u:object_r:logrotate_var_lib_t
+/var/lib/logrotate(/.*)?	context_template(system_u:object_r:logrotate_var_lib_t,s0)
 ', `
-/var/lib/logrotate\.status --	system_u:object_r:logrotate_var_lib_t
+/var/lib/logrotate\.status --	context_template(system_u:object_r:logrotate_var_lib_t,s0)
 ')
--- a/refpolicy/policy/modules/admin/rpm.fc
+++ b/refpolicy/policy/modules/admin/rpm.fc
@ -1,32 +1,32 @@
-/bin/rpm 			--	system_u:object_r:rpm_exec_t
+/bin/rpm 			--	context_template(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/apt-get 		--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-get 		--	context_template(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/apt-shell   	 	-- 	system_u:object_r:rpm_exec_t
+/usr/bin/apt-shell   	 	-- 	context_template(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/synaptic		--    	system_u:object_r:rpm_exec_t 
+/usr/bin/synaptic		--    	context_template(system_u:object_r:rpm_exec_t,s0)
-/usr/bin/yum 			--	system_u:object_r:rpm_exec_t
+/usr/bin/yum 			--	context_template(system_u:object_r:rpm_exec_t,s0)
-/usr/lib(64)?/rpm/rpmd		-- 	system_u:object_r:bin_t
+/usr/lib(64)?/rpm/rpmd		-- 	context_template(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/rpm/rpmq		-- 	system_u:object_r:bin_t
+/usr/lib(64)?/rpm/rpmq		-- 	context_template(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/rpm/rpmk		-- 	system_u:object_r:bin_t
+/usr/lib(64)?/rpm/rpmk		-- 	context_template(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/rpm/rpmv		-- 	system_u:object_r:bin_t
+/usr/lib(64)?/rpm/rpmv		-- 	context_template(system_u:object_r:bin_t,s0)
 ifdef(`distro_redhat', `
-/usr/sbin/up2date		--	system_u:object_r:rpm_exec_t
+/usr/sbin/up2date		--	context_template(system_u:object_r:rpm_exec_t,s0)
-/usr/sbin/rhn_check		--	system_u:object_r:rpm_exec_t
+/usr/sbin/rhn_check		--	context_template(system_u:object_r:rpm_exec_t,s0)
 ')
-/var/lib/alternatives(/.*)?		system_u:object_r:rpm_var_lib_t
+/var/lib/alternatives(/.*)?		context_template(system_u:object_r:rpm_var_lib_t,s0)
-/var/lib/rpm(/.*)?			system_u:object_r:rpm_var_lib_t
+/var/lib/rpm(/.*)?			context_template(system_u:object_r:rpm_var_lib_t,s0)
-/var/log/rpmpkgs.*		--	system_u:object_r:rpm_log_t
+/var/log/rpmpkgs.*		--	context_template(system_u:object_r:rpm_log_t,s0)
-/var/log/yum\.log		--	system_u:object_r:rpm_log_t
+/var/log/yum\.log		--	context_template(system_u:object_r:rpm_log_t,s0)
 # SuSE
 ifdef(`distro_suse', `
-/usr/bin/online_update		--	system_u:object_r:rpm_exec_t
+/usr/bin/online_update		--	context_template(system_u:object_r:rpm_exec_t,s0)
-/sbin/yast2			--	system_u:object_r:rpm_exec_t
+/sbin/yast2			--	context_template(system_u:object_r:rpm_exec_t,s0)
-/var/lib/YaST2(/.*)?			system_u:object_r:rpm_var_lib_t
+/var/lib/YaST2(/.*)?			context_template(system_u:object_r:rpm_var_lib_t,s0)
-/var/log/YaST2(/.*)?			system_u:object_r:rpm_log_t
+/var/log/YaST2(/.*)?			context_template(system_u:object_r:rpm_log_t,s0)
 ')
--- a/refpolicy/policy/modules/services/cron.fc
+++ b/refpolicy/policy/modules/services/cron.fc
@ -1,40 +1,38 @@
-/etc/cron\.d(/.*)?			system_u:object_r:system_cron_spool_t
+/etc/cron\.d(/.*)?			context_template(system_u:object_r:system_cron_spool_t,s0)
-/etc/crontab			--	system_u:object_r:system_cron_spool_t
+/etc/crontab			--	context_template(system_u:object_r:system_cron_spool_t,s0)
-/usr/bin/at			--	system_u:object_r:crontab_exec_t
+/usr/bin/at			--	context_template(system_u:object_r:crontab_exec_t,s0)
-/usr/bin/(f)?crontab		--	system_u:object_r:crontab_exec_t
+/usr/bin/(f)?crontab		--	context_template(system_u:object_r:crontab_exec_t,s0)
-/usr/sbin/anacron		--	system_u:object_r:anacron_exec_t
+/usr/sbin/anacron		--	context_template(system_u:object_r:anacron_exec_t,s0)
-/usr/sbin/atd			--	system_u:object_r:crond_exec_t
+/usr/sbin/atd			--	context_template(system_u:object_r:crond_exec_t,s0)
-/usr/sbin/cron(d)?		--	system_u:object_r:crond_exec_t
+/usr/sbin/cron(d)?		--	context_template(system_u:object_r:crond_exec_t,s0)
-/usr/sbin/fcron			--	system_u:object_r:crond_exec_t
+/usr/sbin/fcron			--	context_template(system_u:object_r:crond_exec_t,s0)
-/var/log/cron.*			--	system_u:object_r:crond_log_t
+/var/log/cron.*			--	context_template(system_u:object_r:crond_log_t,s0)
-/var/run/atd\.pid		--	system_u:object_r:crond_var_run_t
+/var/run/atd\.pid		--	context_template(system_u:object_r:crond_var_run_t,s0)
-/var/run/crond?\.pid		--	system_u:object_r:crond_var_run_t
+/var/run/crond?\.pid		--	context_template(system_u:object_r:crond_var_run_t,s0)
-/var/run/crond\.reboot		--	system_u:object_r:crond_var_run_t
+/var/run/crond\.reboot		--	context_template(system_u:object_r:crond_var_run_t,s0)
-/var/run/fcron\.fifo		-s	system_u:object_r:crond_var_run_t
+/var/run/fcron\.fifo		-s	context_template(system_u:object_r:crond_var_run_t,s0)
-/var/run/fcron\.pid		--	system_u:object_r:crond_var_run_t
+/var/run/fcron\.pid		--	context_template(system_u:object_r:crond_var_run_t,s0)
-/var/spool/at			-d	system_u:object_r:cron_spool_t
+/var/spool/at			-d	context_template(system_u:object_r:cron_spool_t,s0)
-/var/spool/at/spool		-d	system_u:object_r:cron_spool_t
+/var/spool/at/spool		-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/at/[^/]*		--	<<none>>
-/var/spool/cron			-d	system_u:object_r:cron_spool_t
+/var/spool/cron			-d	context_template(system_u:object_r:cron_spool_t,s0)
-/var/spool/cron/root		--	system_u:object_r:sysadm_cron_spool_t
+/var/spool/cron/root		--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
 /var/spool/cron/[^/]*		--	<<none>>
-/var/spool/cron/crontabs 	-d	system_u:object_r:cron_spool_t
+/var/spool/cron/crontabs 	-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/cron/crontabs/.*	--	<<none>>
-/var/spool/cron/crontabs/root	--	system_u:object_r:sysadm_cron_spool_t
+/var/spool/cron/crontabs/root	--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
-/var/spool/fcron		-d	system_u:object_r:cron_spool_t
+/var/spool/fcron		-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/fcron/.*			<<none>>
-/var/spool/fcron/systab\.orig	--	system_u:object_r:system_cron_spool_t
+/var/spool/fcron/systab\.orig	--	context_template(system_u:object_r:system_cron_spool_t,s0)
-/var/spool/fcron/systab		--	system_u:object_r:system_cron_spool_t
+/var/spool/fcron/systab		--	context_template(system_u:object_r:system_cron_spool_t,s0)
-/var/spool/fcron/new\.systab	--	system_u:object_r:system_cron_spool_t
+/var/spool/fcron/new\.systab	--	context_template(system_u:object_r:system_cron_spool_t,s0)
--- a/refpolicy/policy/modules/services/inetd.fc
+++ b/refpolicy/policy/modules/services/inetd.fc
@ -1,10 +1,10 @@
-/usr/sbin/identd	--	system_u:object_r:inetd_child_exec_t
+/usr/sbin/identd	--	context_template(system_u:object_r:inetd_child_exec_t,s0)
-/usr/sbin/in\..*d	--	system_u:object_r:inetd_child_exec_t
+/usr/sbin/in\..*d	--	context_template(system_u:object_r:inetd_child_exec_t,s0)
-/usr/sbin/inetd		--	system_u:object_r:inetd_exec_t
+/usr/sbin/inetd		--	context_template(system_u:object_r:inetd_exec_t,s0)
-/usr/sbin/rlinetd	--	system_u:object_r:inetd_exec_t
+/usr/sbin/rlinetd	--	context_template(system_u:object_r:inetd_exec_t,s0)
-/usr/sbin/xinetd	--	system_u:object_r:inetd_exec_t
+/usr/sbin/xinetd	--	context_template(system_u:object_r:inetd_exec_t,s0)
-/var/log/(x)?inetd\.log	--	system_u:object_r:inetd_log_t
+/var/log/(x)?inetd\.log	--	context_template(system_u:object_r:inetd_log_t,s0)
-/var/run/inetd\.pid	--	system_u:object_r:inetd_var_run_t
+/var/run/inetd\.pid	--	context_template(system_u:object_r:inetd_var_run_t,s0)
--- a/refpolicy/policy/modules/services/kerberos.fc
+++ b/refpolicy/policy/modules/services/kerberos.fc
@ -1,17 +1,17 @@
-/etc/krb5\.conf			--	system_u:object_r:krb5_conf_t
+/etc/krb5\.conf			--	context_template(system_u:object_r:krb5_conf_t,s0)
-/etc/krb5\.keytab			system_u:object_r:krb5_keytab_t
+/etc/krb5\.keytab			context_template(system_u:object_r:krb5_keytab_t,s0)
-/usr(/local)?(/kerberos)?/sbin/krb5kdc -- system_u:object_r:krb5kdc_exec_t
+/usr(/local)?(/kerberos)?/sbin/krb5kdc -- context_template(system_u:object_r:krb5kdc_exec_t,s0)
-/usr(/local)?(/kerberos)?/sbin/kadmind -- system_u:object_r:kadmind_exec_t
+/usr(/local)?(/kerberos)?/sbin/kadmind -- context_template(system_u:object_r:kadmind_exec_t,s0)
-/usr/local/var/krb5kdc(/.*)?		system_u:object_r:krb5kdc_conf_t
+/usr/local/var/krb5kdc(/.*)?		context_template(system_u:object_r:krb5kdc_conf_t,s0)
-/usr/local/var/krb5kdc/principal.*	system_u:object_r:krb5kdc_principal_t
+/usr/local/var/krb5kdc/principal.*	context_template(system_u:object_r:krb5kdc_principal_t,s0)
-/var/kerberos/krb5kdc(/.*)?		system_u:object_r:krb5kdc_conf_t
+/var/kerberos/krb5kdc(/.*)?		context_template(system_u:object_r:krb5kdc_conf_t,s0)
-/var/kerberos/krb5kdc/principal.*	system_u:object_r:krb5kdc_principal_t
+/var/kerberos/krb5kdc/principal.*	context_template(system_u:object_r:krb5kdc_principal_t,s0)
-/var/log/krb5kdc\.log			system_u:object_r:krb5kdc_log_t
+/var/log/krb5kdc\.log			context_template(system_u:object_r:krb5kdc_log_t,s0)
-/var/log/kadmind\.log			system_u:object_r:kadmind_log_t
+/var/log/kadmind\.log			context_template(system_u:object_r:kadmind_log_t,s0)
 #this goes to su:
-#/usr(/local)?/bin/ksu		--	system_u:object_r:su_exec_t
+#/usr(/local)?/bin/ksu		--	context_template(system_u:object_r:su_exec_t,s0)
--- a/refpolicy/policy/modules/services/nis.fc
+++ b/refpolicy/policy/modules/services/nis.fc
@ -1,6 +1,6 @@
-/etc/ypserv\.conf		--	system_u:object_r:ypserv_conf_t
+/etc/ypserv\.conf		--	context_template(system_u:object_r:ypserv_conf_t,s0)
-/sbin/ypbind			--	system_u:object_r:ypbind_exec_t
+/sbin/ypbind			--	context_template(system_u:object_r:ypbind_exec_t,s0)
-/usr/sbin/ypserv		--	system_u:object_r:ypserv_exec_t
+/usr/sbin/ypserv		--	context_template(system_u:object_r:ypserv_exec_t,s0)
--- a/refpolicy/policy/modules/services/ssh.fc
+++ b/refpolicy/policy/modules/services/ssh.fc
@ -1,16 +1,16 @@
-/etc/ssh/primes			--	system_u:object_r:sshd_key_t
+/etc/ssh/primes			--	context_template(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_key 		--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_key 		--	context_template(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_dsa_key	--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_dsa_key	--	context_template(system_u:object_r:sshd_key_t,s0)
-/etc/ssh/ssh_host_rsa_key	--	system_u:object_r:sshd_key_t
+/etc/ssh/ssh_host_rsa_key	--	context_template(system_u:object_r:sshd_key_t,s0)
-/usr/bin/ssh			--	system_u:object_r:ssh_exec_t
+/usr/bin/ssh			--	context_template(system_u:object_r:ssh_exec_t,s0)
-/usr/bin/ssh-agent		--	system_u:object_r:ssh_agent_exec_t
+/usr/bin/ssh-agent		--	context_template(system_u:object_r:ssh_agent_exec_t,s0)
-/usr/bin/ssh-keygen		--	system_u:object_r:ssh_keygen_exec_t
+/usr/bin/ssh-keygen		--	context_template(system_u:object_r:ssh_keygen_exec_t,s0)
-/usr/sbin/sshd			--	system_u:object_r:sshd_exec_t
+/usr/sbin/sshd			--	context_template(system_u:object_r:sshd_exec_t,s0)
-/var/run/sshd\.init\.pid	--	system_u:object_r:sshd_var_run_t
+/var/run/sshd\.init\.pid	--	context_template(system_u:object_r:sshd_var_run_t,s0)
 ifdef(`targeted_policy', `', `
-HOME_DIR/\.ssh(/.*)?			system_u:object_r:ROLE_home_ssh_t
+HOME_DIR/\.ssh(/.*)?			context_template(system_u:object_r:ROLE_home_ssh_t,s0)
 ')
--- a/refpolicy/policy/modules/system/fstools.fc
+++ b/refpolicy/policy/modules/system/fstools.fc
@ -1,36 +1,36 @@
-/sbin/blockdev		--	system_u:object_r:fsadm_exec_t
+/sbin/blockdev		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/cfdisk		--	system_u:object_r:fsadm_exec_t
+/sbin/cfdisk		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/dosfsck		--	system_u:object_r:fsadm_exec_t
+/sbin/dosfsck		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/dumpe2fs		--	system_u:object_r:fsadm_exec_t
+/sbin/dumpe2fs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/e2fsck		--	system_u:object_r:fsadm_exec_t
+/sbin/e2fsck		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/e2label		--	system_u:object_r:fsadm_exec_t
+/sbin/e2label		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/fdisk		--	system_u:object_r:fsadm_exec_t
+/sbin/fdisk		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/findfs		--	system_u:object_r:fsadm_exec_t
+/sbin/findfs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/fsck.*		--	system_u:object_r:fsadm_exec_t
+/sbin/fsck.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/hdparm		--	system_u:object_r:fsadm_exec_t
+/sbin/hdparm		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/install-mbr	--	system_u:object_r:fsadm_exec_t
+/sbin/install-mbr	--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/jfs_.*		--	system_u:object_r:fsadm_exec_t
+/sbin/jfs_.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/losetup.*		--	system_u:object_r:fsadm_exec_t
+/sbin/losetup.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/lsraid		--	system_u:object_r:fsadm_exec_t
+/sbin/lsraid		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkdosfs		--	system_u:object_r:fsadm_exec_t
+/sbin/mkdosfs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mke2fs		--	system_u:object_r:fsadm_exec_t
+/sbin/mke2fs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkfs.*		--	system_u:object_r:fsadm_exec_t
+/sbin/mkfs.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkraid		--	system_u:object_r:fsadm_exec_t
+/sbin/mkraid		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkreiserfs	--	system_u:object_r:fsadm_exec_t
+/sbin/mkreiserfs	--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/mkswap		--	system_u:object_r:fsadm_exec_t
+/sbin/mkswap		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/parted		--	system_u:object_r:fsadm_exec_t
+/sbin/parted		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/partprobe		--	system_u:object_r:fsadm_exec_t
+/sbin/partprobe		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/partx		--	system_u:object_r:fsadm_exec_t
+/sbin/partx		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/raidstart		--	system_u:object_r:fsadm_exec_t
+/sbin/raidstart		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/reiserfs(ck|tune)	--	system_u:object_r:fsadm_exec_t
+/sbin/reiserfs(ck|tune)	--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/resize.*fs	--	system_u:object_r:fsadm_exec_t
+/sbin/resize.*fs	--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/scsi_info		--	system_u:object_r:fsadm_exec_t
+/sbin/scsi_info		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/sfdisk		--	system_u:object_r:fsadm_exec_t
+/sbin/sfdisk		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/swapon.*		--	system_u:object_r:fsadm_exec_t
+/sbin/swapon.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/sbin/tune2fs		--	system_u:object_r:fsadm_exec_t
+/sbin/tune2fs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/usr/bin/partition_uuid	--	system_u:object_r:fsadm_exec_t
+/usr/bin/partition_uuid	--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/usr/bin/raw		--	system_u:object_r:fsadm_exec_t
+/usr/bin/raw		--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/usr/bin/scsi_unique_id	--	system_u:object_r:fsadm_exec_t
+/usr/bin/scsi_unique_id	--	context_template(system_u:object_r:fsadm_exec_t,s0)
-/usr/sbin/smartctl	--	system_u:object_r:fsadm_exec_t
+/usr/sbin/smartctl	--	context_template(system_u:object_r:fsadm_exec_t,s0)
--- a/refpolicy/policy/modules/system/unconfined.fc
+++ b/refpolicy/policy/modules/system/unconfined.fc
@ -1,3 +1,3 @@
 # Add programs here which should not be confined by SELinux
 # e.g.:
-# /usr/local/bin/appsrv	--	system_u:object_r:unconfined_exec_t
+# /usr/local/bin/appsrv	--	context_template(system_u:object_r:unconfined_exec_t,s0)
`@ -1,2 +1,2 @@`

	`/bin/dmesg -- system_u:object_r:dmesg_exec_t`	`/bin/dmesg -- context_template(system_u:object_r:dmesg_exec_t,s0)`