commit: 89d1ba7ab8b4bd7188379b36d18464a912491e55
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Sat Aug 6 23:13:32 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Aug 13 18:23:03 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=89d1ba7a
Systemd units from Russell Coker.
policy/modules/contrib/apache.fc | 2 ++
policy/modules/contrib/apache.te | 5 ++++-
policy/modules/contrib/apcupsd.fc | 2 ++
policy/modules/contrib/apcupsd.te | 5 ++++-
policy/modules/contrib/apm.fc | 2 ++
policy/modules/contrib/apm.te | 5 ++++-
policy/modules/contrib/arpwatch.fc | 2 ++
policy/modules/contrib/arpwatch.te | 5 ++++-
policy/modules/contrib/automount.fc | 2 ++
policy/modules/contrib/automount.te | 5 ++++-
policy/modules/contrib/avahi.fc | 2 ++
policy/modules/contrib/avahi.te | 5 ++++-
policy/modules/contrib/bind.fc | 3 +++
policy/modules/contrib/bind.te | 5 ++++-
policy/modules/contrib/clamav.fc | 2 ++
policy/modules/contrib/clamav.te | 5 ++++-
policy/modules/contrib/consolekit.fc | 2 ++
policy/modules/contrib/consolekit.te | 5 ++++-
policy/modules/contrib/cron.fc | 3 +++
policy/modules/contrib/cron.te | 5 ++++-
policy/modules/contrib/cups.fc | 1 +
policy/modules/contrib/cups.te | 5 ++++-
policy/modules/contrib/dhcp.fc | 2 ++
policy/modules/contrib/dhcp.te | 5 ++++-
policy/modules/contrib/ftp.fc | 3 +++
policy/modules/contrib/ftp.te | 5 ++++-
policy/modules/contrib/kdump.fc | 2 ++
policy/modules/contrib/kdump.te | 2 +-
policy/modules/contrib/ldap.fc | 1 +
policy/modules/contrib/ldap.te | 5 ++++-
policy/modules/contrib/mysql.fc | 2 ++
policy/modules/contrib/mysql.te | 5 ++++-
policy/modules/contrib/nis.fc | 5 +++++
policy/modules/contrib/nis.te | 8 +++++++-
policy/modules/contrib/nscd.te | 5 ++++-
policy/modules/contrib/ntp.fc | 1 +
policy/modules/contrib/ppp.fc | 2 ++
policy/modules/contrib/ppp.te | 5 ++++-
policy/modules/contrib/rpc.fc | 3 +++
policy/modules/contrib/rpc.te | 8 +++++++-
policy/modules/contrib/samba.fc | 2 ++
policy/modules/contrib/samba.te | 5 ++++-
policy/modules/contrib/tor.fc | 2 ++
policy/modules/contrib/tor.te | 5 ++++-
44 files changed, 139 insertions(+), 22 deletions(-)
diff --git a/policy/modules/contrib/apache.fc b/policy/modules/contrib/apache.fc
index 96006a0..808cc65 100644
--- a/policy/modules/contrib/apache.fc
+++ b/policy/modules/contrib/apache.fc
@@ -50,6 +50,8 @@ HOME_DIR/((www)|(web)|(public_html))(/.*)?/logs(/.*)?
gen_context(system_u:objec
/usr/lib/dirsrv/cgi-bin(/.*)?
gen_context(system_u:object_r:httpd_sys_script_exec_t,s0)
/usr/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_modules_t,s0)
/usr/lib/lighttpd(/.*)?
gen_context(system_u:object_r:httpd_modules_t,s0)
+/usr/lib/systemd/system/httpd.*\.service --
gen_context(system_u:object_r:httpd_unit_t,s0)
+/usr/lib/systemd/system/jetty.*\.service --
gen_context(system_u:object_r:httpd_unit_t,s0)
/usr/libexec/httpd-ssl-pass-dialog --
gen_context(system_u:object_r:httpd_passwd_exec_t,s0)
diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index d3299a2..e02fcdc 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -1,4 +1,4 @@
-policy_module(apache, 2.10.0)
+policy_module(apache, 2.10.1)
########################################
#
@@ -327,6 +327,9 @@ files_tmp_file(httpd_tmp_t)
type httpd_tmpfs_t;
files_tmpfs_file(httpd_tmpfs_t)
+type httpd_unit_t;
+init_unit_file(httpd_unit_t)
+
apache_content_template(user)
ubac_constrained(httpd_user_script_t)
userdom_user_home_content(httpd_user_content_t)
diff --git a/policy/modules/contrib/apcupsd.fc
b/policy/modules/contrib/apcupsd.fc
index 5ec0e13..82d48b1 100644
--- a/policy/modules/contrib/apcupsd.fc
+++ b/policy/modules/contrib/apcupsd.fc
@@ -2,6 +2,8 @@
/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
+/usr/lib/systemd/system/apcupsd.*\.service --
gen_context(system_u:object_r:apcupsd_unit_t,s0)
+
/usr/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
/var/lock/subsys/apcupsd --
gen_context(system_u:object_r:apcupsd_lock_t,s0)
diff --git a/policy/modules/contrib/apcupsd.te
b/policy/modules/contrib/apcupsd.te
index d5bf5bd..586104d 100644
--- a/policy/modules/contrib/apcupsd.te
+++ b/policy/modules/contrib/apcupsd.te
@@ -1,4 +1,4 @@
-policy_module(apcupsd, 1.10.0)
+policy_module(apcupsd, 1.10.1)
########################################
#
@@ -21,6 +21,9 @@ logging_log_file(apcupsd_log_t)
type apcupsd_tmp_t;
files_tmp_file(apcupsd_tmp_t)
+type apcupsd_unit_t;
+init_unit_file(apcupsd_unit_t)
+
type apcupsd_var_run_t;
files_pid_file(apcupsd_var_run_t)
diff --git a/policy/modules/contrib/apm.fc b/policy/modules/contrib/apm.fc
index ce27d2f..0b5cf18 100644
--- a/policy/modules/contrib/apm.fc
+++ b/policy/modules/contrib/apm.fc
@@ -2,6 +2,8 @@
/usr/bin/apm -- gen_context(system_u:object_r:apm_exec_t,s0)
+/usr/lib/systemd/system/apmd.*\.service --
gen_context(system_u:object_r:apmd_unit_t,s0)
+
/usr/sbin/acpid -- gen_context(system_u:object_r:apmd_exec_t,s0)
/usr/sbin/apmd -- gen_context(system_u:object_r:apmd_exec_t,s0)
/usr/sbin/powersaved -- gen_context(system_u:object_r:apmd_exec_t,s0)
diff --git a/policy/modules/contrib/apm.te b/policy/modules/contrib/apm.te
index d6344dc..3acc764 100644
--- a/policy/modules/contrib/apm.te
+++ b/policy/modules/contrib/apm.te
@@ -1,4 +1,4 @@
-policy_module(apm, 1.14.0)
+policy_module(apm, 1.14.1)
########################################
#
@@ -29,6 +29,9 @@ logging_log_file(apmd_log_t)
type apmd_tmp_t;
files_tmp_file(apmd_tmp_t)
+type apmd_unit_t;
+init_unit_file(apmd_unit_t)
+
type apmd_var_lib_t;
files_type(apmd_var_lib_t)
diff --git a/policy/modules/contrib/arpwatch.fc
b/policy/modules/contrib/arpwatch.fc
index 9ca0d0f..59498be 100644
--- a/policy/modules/contrib/arpwatch.fc
+++ b/policy/modules/contrib/arpwatch.fc
@@ -1,5 +1,7 @@
/etc/rc\.d/init\.d/arpwatch --
gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0)
+/usr/lib/systemd/system/arpwatch.*\.service --
gen_context(system_u:object_r:arpwatch_unit_t,s0)
+
/usr/sbin/arpwatch --
gen_context(system_u:object_r:arpwatch_exec_t,s0)
/var/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0)
diff --git a/policy/modules/contrib/arpwatch.te
b/policy/modules/contrib/arpwatch.te
index 97ecc55..0cda29a 100644
--- a/policy/modules/contrib/arpwatch.te
+++ b/policy/modules/contrib/arpwatch.te
@@ -1,4 +1,4 @@
-policy_module(arpwatch, 1.12.0)
+policy_module(arpwatch, 1.12.1)
########################################
#
@@ -18,6 +18,9 @@ files_type(arpwatch_data_t)
type arpwatch_tmp_t;
files_tmp_file(arpwatch_tmp_t)
+type arpwatch_unit_t;
+init_unit_file(arpwatch_unit_t)
+
type arpwatch_var_run_t;
files_pid_file(arpwatch_var_run_t)
diff --git a/policy/modules/contrib/automount.fc
b/policy/modules/contrib/automount.fc
index 92adb37..989c10e 100644
--- a/policy/modules/contrib/automount.fc
+++ b/policy/modules/contrib/automount.fc
@@ -1,6 +1,8 @@
/etc/apm/event\.d/autofs --
gen_context(system_u:object_r:automount_exec_t,s0)
/etc/rc\.d/init\.d/autofs --
gen_context(system_u:object_r:automount_initrc_exec_t,s0)
+/usr/lib/systemd/system/autofs.*\.service --
gen_context(system_u:object_r:automount_unit_t,s0)
+
/usr/sbin/automount --
gen_context(system_u:object_r:automount_exec_t,s0)
/var/lock/subsys/autofs --
gen_context(system_u:object_r:automount_lock_t,s0)
diff --git a/policy/modules/contrib/automount.te
b/policy/modules/contrib/automount.te
index be5adee..2f5852e 100644
--- a/policy/modules/contrib/automount.te
+++ b/policy/modules/contrib/automount.te
@@ -1,4 +1,4 @@
-policy_module(automount, 1.16.0)
+policy_module(automount, 1.16.1)
########################################
#
@@ -22,6 +22,9 @@ type automount_tmp_t;
files_tmp_file(automount_tmp_t)
files_mountpoint(automount_tmp_t)
+type automount_unit_t;
+init_unit_file(automount_unit_t)
+
type automount_var_run_t;
files_pid_file(automount_var_run_t)
diff --git a/policy/modules/contrib/avahi.fc b/policy/modules/contrib/avahi.fc
index e9fe2ca..f6604ae 100644
--- a/policy/modules/contrib/avahi.fc
+++ b/policy/modules/contrib/avahi.fc
@@ -1,5 +1,7 @@
/etc/rc\.d/init\.d/avahi.* --
gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
+/usr/lib/systemd/system/avahi.*\.service --
gen_context(system_u:object_r:avahi_unit_t,s0)
+
/usr/sbin/avahi-daemon -- gen_context(system_u:object_r:avahi_exec_t,s0)
/usr/sbin/avahi-dnsconfd --
gen_context(system_u:object_r:avahi_exec_t,s0)
/usr/sbin/avahi-autoipd --
gen_context(system_u:object_r:avahi_exec_t,s0)
diff --git a/policy/modules/contrib/avahi.te b/policy/modules/contrib/avahi.te
index 461cef0..40cba10 100644
--- a/policy/modules/contrib/avahi.te
+++ b/policy/modules/contrib/avahi.te
@@ -1,4 +1,4 @@
-policy_module(avahi, 1.16.0)
+policy_module(avahi, 1.16.1)
########################################
#
@@ -13,6 +13,9 @@ init_named_socket_activation(avahi_t, avahi_var_run_t)
type avahi_initrc_exec_t;
init_script_file(avahi_initrc_exec_t)
+type avahi_unit_t;
+init_unit_file(avahi_unit_t)
+
type avahi_var_lib_t;
files_pid_file(avahi_var_lib_t)
diff --git a/policy/modules/contrib/bind.fc b/policy/modules/contrib/bind.fc
index 2b9a3a1..d0c6d58 100644
--- a/policy/modules/contrib/bind.fc
+++ b/policy/modules/contrib/bind.fc
@@ -14,6 +14,9 @@
/etc/unbound(/.*)? gen_context(system_u:object_r:named_conf_t,s0)
/etc/unbound/.*\.key -- gen_context(system_u:object_r:dnssec_t,s0)
+/usr/lib/systemd/system/named.*\.service --
gen_context(system_u:object_r:named_unit_t,s0)
+/usr/lib/systemd/system/unbound.*\.service --
gen_context(system_u:object_r:named_unit_t,s0)
+
/usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
/usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0)
/usr/sbin/named-checkconf --
gen_context(system_u:object_r:named_checkconf_exec_t,s0)
diff --git a/policy/modules/contrib/bind.te b/policy/modules/contrib/bind.te
index 0683298..e3072c7 100644
--- a/policy/modules/contrib/bind.te
+++ b/policy/modules/contrib/bind.te
@@ -1,4 +1,4 @@
-policy_module(bind, 1.16.1)
+policy_module(bind, 1.16.2)
########################################
#
@@ -53,6 +53,9 @@ logging_log_file(named_log_t)
type named_tmp_t;
files_tmp_file(named_tmp_t)
+type named_unit_t;
+init_unit_file(named_unit_t)
+
type named_var_run_t;
files_pid_file(named_var_run_t)
init_daemon_pid_file(named_var_run_t, dir, "named")
diff --git a/policy/modules/contrib/clamav.fc b/policy/modules/contrib/clamav.fc
index d72afcc..f12497d 100644
--- a/policy/modules/contrib/clamav.fc
+++ b/policy/modules/contrib/clamav.fc
@@ -6,6 +6,8 @@
/usr/bin/clamdscan --
gen_context(system_u:object_r:clamscan_exec_t,s0)
/usr/bin/freshclam --
gen_context(system_u:object_r:freshclam_exec_t,s0)
+/usr/lib/systemd/system/clamd.*\.service --
gen_context(system_u:object_r:clamd_unit_t,s0)
+
/usr/sbin/clamd -- gen_context(system_u:object_r:clamd_exec_t,s0)
/usr/sbin/clamav-milter --
gen_context(system_u:object_r:clamd_exec_t,s0)
diff --git a/policy/modules/contrib/clamav.te b/policy/modules/contrib/clamav.te
index c157b65..d733ffb 100644
--- a/policy/modules/contrib/clamav.te
+++ b/policy/modules/contrib/clamav.te
@@ -1,4 +1,4 @@
-policy_module(clamav, 1.12.0)
+policy_module(clamav, 1.12.1)
## <desc>
## <p>
@@ -41,6 +41,9 @@ init_script_file(clamd_initrc_exec_t)
type clamd_tmp_t;
files_tmp_file(clamd_tmp_t)
+type clamd_unit_t;
+init_unit_file(clamd_unit_t)
+
type clamd_var_log_t;
logging_log_file(clamd_var_log_t)
diff --git a/policy/modules/contrib/consolekit.fc
b/policy/modules/contrib/consolekit.fc
index 0ce1e53..3ce852a 100644
--- a/policy/modules/contrib/consolekit.fc
+++ b/policy/modules/contrib/consolekit.fc
@@ -1,3 +1,5 @@
+/usr/lib/systemd/system/console-kit.*\.service --
gen_context(system_u:object_r:consolekit_unit_t,s0)
+
/usr/sbin/console-kit-daemon --
gen_context(system_u:object_r:consolekit_exec_t,s0)
/var/log/ConsoleKit(/.*)?
gen_context(system_u:object_r:consolekit_log_t,s0)
diff --git a/policy/modules/contrib/consolekit.te
b/policy/modules/contrib/consolekit.te
index a3fd0bf..80c18fa 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -1,4 +1,4 @@
-policy_module(consolekit, 1.10.1)
+policy_module(consolekit, 1.10.2)
########################################
#
@@ -15,6 +15,9 @@ logging_log_file(consolekit_log_t)
type consolekit_tmpfs_t;
files_tmpfs_file(consolekit_tmpfs_t)
+type consolekit_unit_t;
+init_unit_file(consolekit_unit_t)
+
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
init_daemon_pid_file(consolekit_var_run_t, dir, "ConsoleKit")
diff --git a/policy/modules/contrib/cron.fc b/policy/modules/contrib/cron.fc
index cbb19b7..21ca917 100644
--- a/policy/modules/contrib/cron.fc
+++ b/policy/modules/contrib/cron.fc
@@ -6,6 +6,9 @@
/usr/bin/(f)?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0)
+/usr/lib/systemd/system/atd.*\.service --
gen_context(system_u:object_r:crond_unit_t,s0)
+/usr/lib/systemd/system/crond.*\.service --
gen_context(system_u:object_r:crond_unit_t,s0)
+
/usr/libexec/fcron -- gen_context(system_u:object_r:crond_exec_t,s0)
/usr/libexec/fcronsighup --
gen_context(system_u:object_r:crontab_exec_t,s0)
diff --git a/policy/modules/contrib/cron.te b/policy/modules/contrib/cron.te
index d26bdb2..0125df0 100644
--- a/policy/modules/contrib/cron.te
+++ b/policy/modules/contrib/cron.te
@@ -1,4 +1,4 @@
-policy_module(cron, 2.9.1)
+policy_module(cron, 2.9.2)
gen_require(`
class passwd rootok;
@@ -76,6 +76,9 @@ files_tmp_file(crond_tmp_t)
files_poly_parent(crond_tmp_t)
mta_system_content(crond_tmp_t)
+type crond_unit_t;
+init_unit_file(crond_unit_t)
+
type crond_var_run_t;
files_pid_file(crond_var_run_t)
mta_system_content(crond_var_run_t)
diff --git a/policy/modules/contrib/cups.fc b/policy/modules/contrib/cups.fc
index 949011e..ecea069 100644
--- a/policy/modules/contrib/cups.fc
+++ b/policy/modules/contrib/cups.fc
@@ -34,6 +34,7 @@
/usr/lib/cups/daemon/cups-lpd --
gen_context(system_u:object_r:cupsd_lpd_exec_t,s0)
/usr/lib/cups/backend/cups-pdf --
gen_context(system_u:object_r:cups_pdf_exec_t,s0)
/usr/lib/cups/backend/hp.* --
gen_context(system_u:object_r:hplip_exec_t,s0)
+/usr/lib/systemd/system/cups.*\.service --
gen_context(system_u:object_r:cupsd_unit_t,s0)
/usr/lib/udev/udev-configure-printer --
gen_context(system_u:object_r:cupsd_config_exec_t,s0)
/usr/libexec/cups-pk-helper-mechanism --
gen_context(system_u:object_r:cupsd_config_exec_t,s0)
diff --git a/policy/modules/contrib/cups.te b/policy/modules/contrib/cups.te
index 1edccbe..6fd2ee5 100644
--- a/policy/modules/contrib/cups.te
+++ b/policy/modules/contrib/cups.te
@@ -1,4 +1,4 @@
-policy_module(cups, 1.19.0)
+policy_module(cups, 1.19.1)
########################################
#
@@ -58,6 +58,9 @@ files_tmp_file(cups_pdf_tmp_t)
type cupsd_tmp_t;
files_tmp_file(cupsd_tmp_t)
+type cupsd_unit_t;
+init_unit_file(cupsd_unit_t)
+
type cupsd_var_run_t;
files_pid_file(cupsd_var_run_t)
init_daemon_pid_file(cupsd_var_run_t, dir, "cups")
diff --git a/policy/modules/contrib/dhcp.fc b/policy/modules/contrib/dhcp.fc
index 8182c48..bf65642 100644
--- a/policy/modules/contrib/dhcp.fc
+++ b/policy/modules/contrib/dhcp.fc
@@ -1,5 +1,7 @@
/etc/rc\.d/init\.d/dhcpd(6)? --
gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0)
+/usr/lib/systemd/system/dhcpcd.*\.service --
gen_context(system_u:object_r:dhcpd_unit_t,s0)
+
/usr/sbin/dhcpd.* -- gen_context(system_u:object_r:dhcpd_exec_t,s0)
/var/lib/dhcpd(/.*)? gen_context(system_u:object_r:dhcpd_state_t,s0)
diff --git a/policy/modules/contrib/dhcp.te b/policy/modules/contrib/dhcp.te
index 2d64a81..927e1d9 100644
--- a/policy/modules/contrib/dhcp.te
+++ b/policy/modules/contrib/dhcp.te
@@ -1,4 +1,4 @@
-policy_module(dhcp, 1.12.0)
+policy_module(dhcp, 1.12.1)
########################################
#
@@ -26,6 +26,9 @@ files_type(dhcpd_state_t)
type dhcpd_tmp_t;
files_tmp_file(dhcpd_tmp_t)
+type dhcpd_unit_t;
+init_unit_file(dhcpd_unit_t)
+
type dhcpd_var_run_t;
files_pid_file(dhcpd_var_run_t)
diff --git a/policy/modules/contrib/ftp.fc b/policy/modules/contrib/ftp.fc
index fa132af..366809a 100644
--- a/policy/modules/contrib/ftp.fc
+++ b/policy/modules/contrib/ftp.fc
@@ -9,6 +9,9 @@
/usr/kerberos/sbin/ftpd --
gen_context(system_u:object_r:ftpd_exec_t,s0)
+/usr/lib/systemd/system/proftpd.*\.service --
gen_context(system_u:object_r:ftpd_unit_t,s0)
+/usr/lib/systemd/system/vsftpd.*\.service --
gen_context(system_u:object_r:ftpd_unit_t,s0)
+
/usr/sbin/ftpwho -- gen_context(system_u:object_r:ftpd_exec_t,s0)
/usr/sbin/in\.ftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
/usr/sbin/muddleftpd -- gen_context(system_u:object_r:ftpd_exec_t,s0)
diff --git a/policy/modules/contrib/ftp.te b/policy/modules/contrib/ftp.te
index d143280..8b83ad7 100644
--- a/policy/modules/contrib/ftp.te
+++ b/policy/modules/contrib/ftp.te
@@ -1,4 +1,4 @@
-policy_module(ftp, 1.18.1)
+policy_module(ftp, 1.18.2)
########################################
#
@@ -136,6 +136,9 @@ files_tmp_file(ftpd_tmp_t)
type ftpd_tmpfs_t;
files_tmpfs_file(ftpd_tmpfs_t)
+type ftpd_unit_t;
+init_unit_file(ftpd_unit_t)
+
type ftpd_var_run_t;
files_pid_file(ftpd_var_run_t)
diff --git a/policy/modules/contrib/kdump.fc b/policy/modules/contrib/kdump.fc
index a49ae4e..d5ec077 100644
--- a/policy/modules/contrib/kdump.fc
+++ b/policy/modules/contrib/kdump.fc
@@ -6,6 +6,8 @@
/usr/bin/kdumpctl --
gen_context(system_u:object_r:kdumpctl_exec_t,s0)
+/usr/lib/systemd/system/kdump.*\.service --
gen_context(system_u:object_r:kdump_unit_t,s0)
+
/sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0)
/sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0)
diff --git a/policy/modules/contrib/kdump.te b/policy/modules/contrib/kdump.te
index ac37ce9..215a680 100644
--- a/policy/modules/contrib/kdump.te
+++ b/policy/modules/contrib/kdump.te
@@ -1,4 +1,4 @@
-policy_module(kdump, 1.4.1)
+policy_module(kdump, 1.4.2)
#######################################
#
diff --git a/policy/modules/contrib/ldap.fc b/policy/modules/contrib/ldap.fc
index b7e5679..cafa486 100644
--- a/policy/modules/contrib/ldap.fc
+++ b/policy/modules/contrib/ldap.fc
@@ -8,6 +8,7 @@
/usr/lib/openldap/slapd --
gen_context(system_u:object_r:slapd_exec_t,s0)
/usr/lib/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
+/usr/lib/systemd/system/slapd.*\.service --
gen_context(system_u:object_r:slapd_unit_t,s0)
/var/lib/ldap(/.*)? gen_context(system_u:object_r:slapd_db_t,s0)
/var/lib/ldap/replog(/.*)? gen_context(system_u:object_r:slapd_replog_t,s0)
diff --git a/policy/modules/contrib/ldap.te b/policy/modules/contrib/ldap.te
index 70bc151..5abf625 100644
--- a/policy/modules/contrib/ldap.te
+++ b/policy/modules/contrib/ldap.te
@@ -1,4 +1,4 @@
-policy_module(ldap, 1.13.0)
+policy_module(ldap, 1.13.1)
########################################
#
@@ -39,6 +39,9 @@ files_tmp_file(slapd_tmp_t)
type slapd_tmpfs_t;
files_tmpfs_file(slapd_tmpfs_t)
+type slapd_unit_t;
+init_unit_file(slapd_unit_t)
+
type slapd_var_run_t;
files_pid_file(slapd_var_run_t)
diff --git a/policy/modules/contrib/mysql.fc b/policy/modules/contrib/mysql.fc
index 1d258c1..fb9b2d8 100644
--- a/policy/modules/contrib/mysql.fc
+++ b/policy/modules/contrib/mysql.fc
@@ -10,6 +10,8 @@ HOME_DIR/\.my\.cnf --
gen_context(system_u:object_r:mysqld_home_t,s0)
/usr/bin/mysqld_safe --
gen_context(system_u:object_r:mysqld_safe_exec_t,s0)
/usr/bin/mysql_upgrade -- gen_context(system_u:object_r:mysqld_exec_t,s0)
+/usr/lib/systemd/system/mysqld.*\.service --
gen_context(system_u:object_r:mysqld_unit_t,s0)
+
/usr/libexec/mysqld -- gen_context(system_u:object_r:mysqld_exec_t,s0)
/usr/sbin/mysqld(-max)? --
gen_context(system_u:object_r:mysqld_exec_t,s0)
diff --git a/policy/modules/contrib/mysql.te b/policy/modules/contrib/mysql.te
index 0db8319..455fd81 100644
--- a/policy/modules/contrib/mysql.te
+++ b/policy/modules/contrib/mysql.te
@@ -1,4 +1,4 @@
-policy_module(mysql, 1.17.0)
+policy_module(mysql, 1.17.1)
########################################
#
@@ -47,6 +47,9 @@ logging_log_file(mysqld_log_t)
type mysqld_tmp_t;
files_tmp_file(mysqld_tmp_t)
+type mysqld_unit_t;
+init_unit_file(mysqld_unit_t)
+
type mysqlmanagerd_t;
type mysqlmanagerd_exec_t;
init_daemon_domain(mysqlmanagerd_t, mysqlmanagerd_exec_t)
diff --git a/policy/modules/contrib/nis.fc b/policy/modules/contrib/nis.fc
index 8aa1bfa..b7f173c 100644
--- a/policy/modules/contrib/nis.fc
+++ b/policy/modules/contrib/nis.fc
@@ -9,6 +9,11 @@
/usr/lib/yp/ypxfr -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
+/usr/lib/systemd/system/ypbind.*\.service --
gen_context(system_u:object_r:ypbind_unit_t,s0)
+/usr/lib/systemd/system/yppasswdd.*\.service --
gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/ypserv.*\.service --
gen_context(system_u:object_r:nis_unit_t,s0)
+/usr/lib/systemd/system/ypxfrd.*\.service --
gen_context(system_u:object_r:nis_unit_t,s0)
+
/usr/sbin/rpc\.yppasswdd --
gen_context(system_u:object_r:yppasswdd_exec_t,s0)
/usr/sbin/rpc\.ypxfrd -- gen_context(system_u:object_r:ypxfr_exec_t,s0)
/usr/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
diff --git a/policy/modules/contrib/nis.te b/policy/modules/contrib/nis.te
index 77c8282..3d3936d 100644
--- a/policy/modules/contrib/nis.te
+++ b/policy/modules/contrib/nis.te
@@ -1,4 +1,4 @@
-policy_module(nis, 1.13.1)
+policy_module(nis, 1.13.2)
########################################
#
@@ -10,6 +10,9 @@ attribute_role ypbind_roles;
type nis_initrc_exec_t;
init_script_file(nis_initrc_exec_t)
+type nis_unit_t;
+init_unit_file(nis_unit_t)
+
type var_yp_t;
files_type(var_yp_t)
@@ -24,6 +27,9 @@ init_script_file(ypbind_initrc_exec_t)
type ypbind_tmp_t;
files_tmp_file(ypbind_tmp_t)
+type ypbind_unit_t;
+init_unit_file(ypbind_unit_t)
+
type ypbind_var_run_t;
files_pid_file(ypbind_var_run_t)
diff --git a/policy/modules/contrib/nscd.te b/policy/modules/contrib/nscd.te
index 998dcdd..4ba589d 100644
--- a/policy/modules/contrib/nscd.te
+++ b/policy/modules/contrib/nscd.te
@@ -1,4 +1,4 @@
-policy_module(nscd, 1.13.0)
+policy_module(nscd, 1.13.1)
gen_require(`
class nscd all_nscd_perms;
@@ -34,6 +34,9 @@ init_script_file(nscd_initrc_exec_t)
type nscd_log_t;
logging_log_file(nscd_log_t)
+type nscd_unit_t;
+init_unit_file(nscd_unit_t)
+
########################################
#
# Local policy
diff --git a/policy/modules/contrib/ntp.fc b/policy/modules/contrib/ntp.fc
index b58ce47..01ae073 100644
--- a/policy/modules/contrib/ntp.fc
+++ b/policy/modules/contrib/ntp.fc
@@ -13,6 +13,7 @@
# Systemd unit file
/usr/lib/systemd/ntp-units\.d/.* --
gen_context(system_u:object_r:ntpd_unit_t,s0)
+/usr/lib/systemd/system/ntpd.*\.service --
gen_context(system_u:object_r:ntpd_unit_t,s0)
/usr/sbin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/usr/sbin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
diff --git a/policy/modules/contrib/ppp.fc b/policy/modules/contrib/ppp.fc
index efcb653..7d13ee9 100644
--- a/policy/modules/contrib/ppp.fc
+++ b/policy/modules/contrib/ppp.fc
@@ -12,6 +12,8 @@ HOME_DIR/\.ppprc --
gen_context(system_u:object_r:ppp_home_t,s0)
/sbin/ppp-watch -- gen_context(system_u:object_r:pppd_exec_t,s0)
/sbin/pppoe-server -- gen_context(system_u:object_r:pppd_exec_t,s0)
+/usr/lib/systemd/system/ppp.*\.service --
gen_context(system_u:object_r:pppd_unit_t,s0)
+
/usr/sbin/ipppd -- gen_context(system_u:object_r:pppd_exec_t,s0)
/usr/sbin/ppp-watch -- gen_context(system_u:object_r:pppd_exec_t,s0)
/usr/sbin/pppd -- gen_context(system_u:object_r:pppd_exec_t,s0)
diff --git a/policy/modules/contrib/ppp.te b/policy/modules/contrib/ppp.te
index 1d3079f..8473117 100644
--- a/policy/modules/contrib/ppp.te
+++ b/policy/modules/contrib/ppp.te
@@ -1,4 +1,4 @@
-policy_module(ppp, 1.15.0)
+policy_module(ppp, 1.15.1)
########################################
#
@@ -53,6 +53,9 @@ files_lock_file(pppd_lock_t)
type pppd_tmp_t;
files_tmp_file(pppd_tmp_t)
+type pppd_unit_t;
+init_unit_file(pppd_unit_t)
+
type pppd_var_run_t;
files_pid_file(pppd_var_run_t)
diff --git a/policy/modules/contrib/rpc.fc b/policy/modules/contrib/rpc.fc
index a6fb30c..c00b379 100644
--- a/policy/modules/contrib/rpc.fc
+++ b/policy/modules/contrib/rpc.fc
@@ -7,6 +7,9 @@
/sbin/rpc\..* -- gen_context(system_u:object_r:rpcd_exec_t,s0)
/sbin/sm-notify -- gen_context(system_u:object_r:rpcd_exec_t,s0)
+/usr/lib/systemd/system/nfs.*\.service --
gen_context(system_u:object_r:nfsd_unit_t,s0)
+/usr/lib/systemd/system/rpc.*\.service --
gen_context(system_u:object_r:rpcd_unit_t,s0)
+
/usr/sbin/rpc\..* -- gen_context(system_u:object_r:rpcd_exec_t,s0)
/usr/sbin/rpc\.idmapd -- gen_context(system_u:object_r:rpcd_exec_t,s0)
/usr/sbin/rpc\.gssd -- gen_context(system_u:object_r:gssd_exec_t,s0)
diff --git a/policy/modules/contrib/rpc.te b/policy/modules/contrib/rpc.te
index 8849e92..6703f96 100644
--- a/policy/modules/contrib/rpc.te
+++ b/policy/modules/contrib/rpc.te
@@ -1,4 +1,4 @@
-policy_module(rpc, 1.17.0)
+policy_module(rpc, 1.17.1)
########################################
#
@@ -52,6 +52,9 @@ rpc_domain_template(rpcd)
type rpcd_initrc_exec_t;
init_script_file(rpcd_initrc_exec_t)
+type rpcd_unit_t;
+init_unit_file(rpcd_unit_t)
+
rpc_domain_template(nfsd)
type nfsd_initrc_exec_t;
@@ -63,6 +66,9 @@ files_type(nfsd_rw_t)
type nfsd_ro_t;
files_type(nfsd_ro_t)
+type nfsd_unit_t;
+init_unit_file(nfsd_unit_t)
+
type var_lib_nfs_t;
files_mountpoint(var_lib_nfs_t)
diff --git a/policy/modules/contrib/samba.fc b/policy/modules/contrib/samba.fc
index b8b66ff..ef009e0 100644
--- a/policy/modules/contrib/samba.fc
+++ b/policy/modules/contrib/samba.fc
@@ -14,6 +14,8 @@
/usr/bin/smbmount --
gen_context(system_u:object_r:smbmount_exec_t,s0)
/usr/bin/smbmnt --
gen_context(system_u:object_r:smbmount_exec_t,s0)
+/usr/lib/systemd/system/smb.*\.service --
gen_context(system_u:object_r:samba_unit_t,s0)
+
/usr/sbin/swat -- gen_context(system_u:object_r:swat_exec_t,s0)
/usr/sbin/nmbd -- gen_context(system_u:object_r:nmbd_exec_t,s0)
/usr/sbin/smbd -- gen_context(system_u:object_r:smbd_exec_t,s0)
diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index f6e9be3..602be98 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -1,4 +1,4 @@
-policy_module(samba, 1.18.0)
+policy_module(samba, 1.18.1)
#################################
#
@@ -130,6 +130,9 @@ files_type(samba_secrets_t)
type samba_share_t; # customizable
files_type(samba_share_t)
+type samba_unit_t;
+init_unit_file(samba_unit_t)
+
type samba_var_t;
files_type(samba_var_t)
diff --git a/policy/modules/contrib/tor.fc b/policy/modules/contrib/tor.fc
index dce42ec..cbaaa15 100644
--- a/policy/modules/contrib/tor.fc
+++ b/policy/modules/contrib/tor.fc
@@ -5,6 +5,8 @@
/usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
/usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
+/usr/lib/systemd/system/tor.*\.service --
gen_context(system_u:object_r:tor_unit_t,s0)
+
/var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
/var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
diff --git a/policy/modules/contrib/tor.te b/policy/modules/contrib/tor.te
index 418eb29..3c596d8 100644
--- a/policy/modules/contrib/tor.te
+++ b/policy/modules/contrib/tor.te
@@ -1,4 +1,4 @@
-policy_module(tor, 1.11.0)
+policy_module(tor, 1.11.1)
########################################
#
@@ -23,6 +23,9 @@ files_config_file(tor_etc_t)
type tor_initrc_exec_t;
init_script_file(tor_initrc_exec_t)
+type tor_unit_t;
+init_unit_file(tor_unit_t)
+
type tor_var_lib_t;
files_type(tor_var_lib_t)
