[gentoo-commits] proj/hardened-refpolicy:usrmerge commit in: policy/modules/system/

Jason Zaman Sun, 05 Feb 2017 07:14:08 -0800

commit:     a22e9f51496b244924b7103da65925d57e8603df
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sun Feb  5 08:58:28 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb  5 15:10:31 2017 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a22e9f51


usrmerge: Add gentoo-specific /usr fcontexts

 policy/modules/system/fstools.fc    | 1 -
 policy/modules/system/init.fc       | 6 +++---
 policy/modules/system/lvm.fc        | 4 ++--
 policy/modules/system/sysnetwork.fc | 2 +-
 policy/modules/system/tmpfiles.fc   | 4 ++--
 policy/modules/system/udev.fc       | 7 ++-----
 6 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/policy/modules/system/fstools.fc b/policy/modules/system/fstools.fc
index 5249a70..4dca3ed 100644
--- a/policy/modules/system/fstools.fc
+++ b/policy/modules/system/fstools.fc
@@ -61,6 +61,5 @@
 /run/fsck(/.*)?                gen_context(system_u:object_r:fsadm_run_t,s0)
 
 ifdef(`distro_gentoo',`
-/sbin/mkfs\.f2fs       --      gen_context(system_u:object_r:fsadm_exec_t,s0)
 /usr/sbin/mkfs\.f2fs   --      gen_context(system_u:object_r:fsadm_exec_t,s0)
 ')

diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc
index 3e1365c..19a953f 100644
--- a/policy/modules/system/init.fc
+++ b/policy/modules/system/init.fc
@@ -81,13 +81,13 @@ ifdef(`distro_gentoo',`
 #
 # /lib
 #
-/lib/rc/console(/.*)?          gen_context(system_u:object_r:initrc_state_t,s0)
-/lib/rc/cache(/.*)?            gen_context(system_u:object_r:initrc_state_t,s0)
+/usr/lib/rc/console(/.*)?              
gen_context(system_u:object_r:initrc_state_t,s0)
+/usr/lib/rc/cache(/.*)?                
gen_context(system_u:object_r:initrc_state_t,s0)
 
 #
 # /sbin
 #
-/sbin/openrc           --      gen_context(system_u:object_r:rc_exec_t,s0)
+/usr/sbin/openrc               --      
gen_context(system_u:object_r:rc_exec_t,s0)
 
 #
 # /var

diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
index 8f4988e..3fc24cc 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -100,9 +100,9 @@ ifdef(`distro_gentoo',`
 
 ifdef(`distro_gentoo',`
 # Bug 529430 comment 7
-/sbin/lvmetad          --      gen_context(system_u:object_r:lvm_exec_t,s0)
+/usr/sbin/lvmetad              --      
gen_context(system_u:object_r:lvm_exec_t,s0)
 /var/run/lvm(/.*)?             gen_context(system_u:object_r:lvm_var_run_t,s0)
 
 # Bug 529430 comment 8
-/sbin/dmeventd         --      gen_context(system_u:object_r:lvm_exec_t,s0)
+/usr/sbin/dmeventd             --      
gen_context(system_u:object_r:lvm_exec_t,s0)
 ')

diff --git a/policy/modules/system/sysnetwork.fc 
b/policy/modules/system/sysnetwork.fc
index a295f46..2c93c41 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -72,7 +72,7 @@ ifdef(`distro_debian',`
 ')
 
 ifdef(`distro_gentoo',`
-/lib/dhcpcd/dhcpcd-run-hooks   --      
gen_context(system_u:object_r:dhcpc_script_exec_t,s0)
+/usr/lib/dhcpcd/dhcpcd-run-hooks       --      
gen_context(system_u:object_r:dhcpc_script_exec_t,s0)
 /var/run/dhcpcd\.sock  -s      
gen_context(system_u:object_r:dhcpc_var_run_t,s0)
 /var/run/dhcpcd\.unpriv\.sock  -s      
gen_context(system_u:object_r:dhcpc_var_run_t,s0)
 ')

diff --git a/policy/modules/system/tmpfiles.fc 
b/policy/modules/system/tmpfiles.fc
index 12fd30a..3f9b2b8 100644
--- a/policy/modules/system/tmpfiles.fc
+++ b/policy/modules/system/tmpfiles.fc
@@ -2,6 +2,6 @@
 /etc/tmpfiles.d(/.*)?                          
gen_context(system_u:object_r:tmpfiles_conf_t,s0)
 /var/run/tmpfiles.d(/.*)?                      
gen_context(system_u:object_r:tmpfiles_var_run_t,s0)
 
-/lib/rc/bin/checkpath                  --      
gen_context(system_u:object_r:tmpfiles_exec_t,s0)
-/lib/rc/sh/tmpfiles.sh                 --      
gen_context(system_u:object_r:tmpfiles_exec_t,s0)
+/usr/lib/rc/bin/checkpath                      --      
gen_context(system_u:object_r:tmpfiles_exec_t,s0)
+/usr/lib/rc/sh/tmpfiles.sh                     --      
gen_context(system_u:object_r:tmpfiles_exec_t,s0)
 

diff --git a/policy/modules/system/udev.fc b/policy/modules/system/udev.fc
index 6801d63..de64670 100644
--- a/policy/modules/system/udev.fc
+++ b/policy/modules/system/udev.fc
@@ -42,11 +42,8 @@ ifdef(`distro_debian',`
 ')
 
 ifdef(`distro_gentoo',`
-/bin/udevadm   --      gen_context(system_u:object_r:udev_exec_t,s0)
-
-/lib/udev/udevd        --      gen_context(system_u:object_r:udev_exec_t,s0)
-/lib/udev/rules\.d(/.*)?       gen_context(system_u:object_r:udev_rules_t,s0)
-/lib/systemd/systemd-udevd  --  gen_context(system_u:object_r:udev_exec_t,s0)
+/usr/lib/udev/udevd    --      gen_context(system_u:object_r:udev_exec_t,s0)
+/usr/lib/udev/rules\.d(/.*)?   gen_context(system_u:object_r:udev_rules_t,s0)
 
 /usr/bin/udevadm       --      gen_context(system_u:object_r:udev_exec_t,s0)

[gentoo-commits] proj/hardened-refpolicy:usrmerge commit in: policy/modules/system/

Reply via email to