commit: 3ad3fd938f3a06d4170286f9e14bbcd0765e8fb6 Author: Jason Zaman <perfinion <AT> gentoo <DOT> org> AuthorDate: Tue Dec 17 04:17:02 2019 +0000 Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> CommitDate: Tue Dec 24 09:58:27 2019 +0000 URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=3ad3fd93
Fix gentoo-specific lint issues Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> .travis.yml | 2 +- policy/modules/admin/portage.fc | 2 +- policy/modules/apps/java.fc | 2 +- policy/modules/apps/qemu.fc | 4 ++-- policy/modules/contrib/android.fc | 2 +- policy/modules/contrib/dirsrv.fc | 4 ++-- policy/modules/contrib/openrc.fc | 2 +- policy/modules/contrib/phpfpm.fc | 8 ++++---- policy/modules/contrib/resolvconf.fc | 2 +- policy/modules/contrib/rtorrent.fc | 6 +++--- policy/modules/contrib/uwsgi.fc | 2 +- policy/modules/contrib/vde.fc | 2 +- policy/modules/kernel/corecommands.fc | 8 ++++---- policy/modules/services/ntp.fc | 2 +- policy/modules/system/lvm.fc | 5 ----- policy/modules/system/miscfiles.fc | 6 ++---- policy/modules/system/tmpfiles.fc | 6 +++--- 17 files changed, 29 insertions(+), 36 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8be908cc..5dfbe090 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,7 +25,7 @@ env: matrix: include: - python: 3.7 - env: LINT=true TYPE=standard + env: LINT=true TYPE=standard DISTRO=gentoo sudo: false dist: bionic diff --git a/policy/modules/admin/portage.fc b/policy/modules/admin/portage.fc index 8a41cfff..26850f9d 100644 --- a/policy/modules/admin/portage.fc +++ b/policy/modules/admin/portage.fc @@ -23,7 +23,7 @@ /usr/portage(/.*)? gen_context(system_u:object_r:portage_ebuild_t,s0) /usr/portage/distfiles/cvs-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) /usr/portage/distfiles/egit-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) -/usr/portage/distfiles/git.?-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) +/usr/portage/distfiles/git[0-9]-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) /usr/portage/distfiles/go-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) /usr/portage/distfiles/hg-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) /usr/portage/distfiles/svn-src(/.*)? gen_context(system_u:object_r:portage_srcrepo_t,s0) diff --git a/policy/modules/apps/java.fc b/policy/modules/apps/java.fc index e8804805..d0476be2 100644 --- a/policy/modules/apps/java.fc +++ b/policy/modules/apps/java.fc @@ -34,5 +34,5 @@ HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:java_home_t,s0) ifdef(`distro_gentoo',` # Running maven (mvn) command needs read access to this, yet the file is marked as bin_t otherwise -/usr/share/maven-bin-[^/]*/bin/m2.conf -- gen_context(system_u:object_r:usr_t,s0) +/usr/share/maven-bin-[^/]*/bin/m2\.conf -- gen_context(system_u:object_r:usr_t,s0) ') diff --git a/policy/modules/apps/qemu.fc b/policy/modules/apps/qemu.fc index df3aa2d3..59dcb78b 100644 --- a/policy/modules/apps/qemu.fc +++ b/policy/modules/apps/qemu.fc @@ -12,8 +12,8 @@ ifdef(`distro_gentoo',` /usr/bin/qemu-ga -- gen_context(system_u:object_r:qemu_ga_exec_t,s0) -/var/log/qemu-ga.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0) +/var/log/qemu-ga\.log -- gen_context(system_u:object_r:qemu_ga_log_t,s0) /var/log/qemu-ga(/.*)? -- gen_context(system_u:object_r:qemu_ga_log_t,s0) -/run/qemu-ga.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) +/run/qemu-ga\.pid -- gen_context(system_u:object_r:qemu_ga_run_t,s0) ') diff --git a/policy/modules/contrib/android.fc b/policy/modules/contrib/android.fc index af983112..a72f5d9f 100644 --- a/policy/modules/contrib/android.fc +++ b/policy/modules/contrib/android.fc @@ -2,7 +2,7 @@ HOME_DIR/\.AndroidStudio.*(/.*)? gen_context(system_u:object_r:android_home_t,s HOME_DIR/\.android(/.*)? gen_context(system_u:object_r:android_home_t,s0) HOME_DIR/\.gradle(/.*)? gen_context(system_u:object_r:android_home_t,s0) -/opt/android-studio/bin/studio.sh gen_context(system_u:object_r:android_java_exec_t,s0) +/opt/android-studio/bin/studio\.sh gen_context(system_u:object_r:android_java_exec_t,s0) /opt/android-sdk-update-manager/platform-tools/adb -- gen_context(system_u:object_r:android_tools_exec_t,s0) /opt/android-sdk-update-manager/platform-tools/fastboot -- gen_context(system_u:object_r:android_tools_exec_t,s0) diff --git a/policy/modules/contrib/dirsrv.fc b/policy/modules/contrib/dirsrv.fc index 3a33d632..a675110f 100644 --- a/policy/modules/contrib/dirsrv.fc +++ b/policy/modules/contrib/dirsrv.fc @@ -5,8 +5,8 @@ /var/lib/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lib_t,s0) /var/lock/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_lock_t,s0) /var/log/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_var_log_t,s0) -/var/log/dirsrv/ldap-agent.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0) +/var/log/dirsrv/ldap-agent\.log gen_context(system_u:object_r:dirsrv_snmp_var_log_t,s0) /run/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_runtime_t,s0) -/run/ldap-agent.pid gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0) +/run/ldap-agent\.pid gen_context(system_u:object_r:dirsrv_snmp_runtime_t,s0) /etc/dirsrv(/.*)? gen_context(system_u:object_r:dirsrv_config_t,s0) diff --git a/policy/modules/contrib/openrc.fc b/policy/modules/contrib/openrc.fc index 7d62191c..11bfd461 100644 --- a/policy/modules/contrib/openrc.fc +++ b/policy/modules/contrib/openrc.fc @@ -1 +1 @@ -/usr/lib/rc/sh/cgroup-release-agent.sh -- gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0) +/usr/lib/rc/sh/cgroup-release-agent\.sh -- gen_context(system_u:object_r:openrc_cgroup_release_exec_t,s0) diff --git a/policy/modules/contrib/phpfpm.fc b/policy/modules/contrib/phpfpm.fc index da28e772..5592e409 100644 --- a/policy/modules/contrib/phpfpm.fc +++ b/policy/modules/contrib/phpfpm.fc @@ -1,5 +1,5 @@ -/usr/lib/php.*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0) -/run/php*-fpm/*.sock gen_context(system_u:object_r:phpfpm_runtime_t,s0) +/usr/lib/php[^/]*/bin/php-fpm gen_context(system_u:object_r:phpfpm_exec_t,s0) +/run/php[^/]*-fpm/[^/]*\.sock gen_context(system_u:object_r:phpfpm_runtime_t,s0) -/var/log/php-fpm.log gen_context(system_u:object_r:phpfpm_log_t,s0) -/run/php-fpm.pid gen_context(system_u:object_r:phpfpm_runtime_t,s0) +/var/log/php-fpm\.log gen_context(system_u:object_r:phpfpm_log_t,s0) +/run/php-fpm\.pid gen_context(system_u:object_r:phpfpm_runtime_t,s0) diff --git a/policy/modules/contrib/resolvconf.fc b/policy/modules/contrib/resolvconf.fc index 4e5df895..51383c24 100644 --- a/policy/modules/contrib/resolvconf.fc +++ b/policy/modules/contrib/resolvconf.fc @@ -1,4 +1,4 @@ -/etc/resolvconf.conf -- gen_context(system_u:object_r:resolvconf_conf_t,s0) +/etc/resolvconf\.conf -- gen_context(system_u:object_r:resolvconf_conf_t,s0) /usr/lib/resolvconf(/.*)? gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/contrib/rtorrent.fc b/policy/modules/contrib/rtorrent.fc index 65a77bf0..5e248d1e 100644 --- a/policy/modules/contrib/rtorrent.fc +++ b/policy/modules/contrib/rtorrent.fc @@ -1,5 +1,5 @@ -HOME_DIR/.rtorrent.rc -- gen_context(system_u:object_r:rtorrent_home_t,s0) -HOME_DIR/.rtsession(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) -HOME_DIR/.rtorrent(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) +HOME_DIR/\.rtorrent\.rc -- gen_context(system_u:object_r:rtorrent_home_t,s0) +HOME_DIR/\.rtsession(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) +HOME_DIR/\.rtorrent(/.*)? gen_context(system_u:object_r:rtorrent_session_t,s0) /usr/bin/rtorrent -- gen_context(system_u:object_r:rtorrent_exec_t,s0) diff --git a/policy/modules/contrib/uwsgi.fc b/policy/modules/contrib/uwsgi.fc index 2cf031c1..49580994 100644 --- a/policy/modules/contrib/uwsgi.fc +++ b/policy/modules/contrib/uwsgi.fc @@ -1,4 +1,4 @@ -/etc/uwsgi.d(/.*)? gen_context(system_u:object_r:uwsgi_conf_t,s0) +/etc/uwsgi\.d(/.*)? gen_context(system_u:object_r:uwsgi_conf_t,s0) /usr/bin/uwsgi.* -- gen_context(system_u:object_r:uwsgi_exec_t,s0) diff --git a/policy/modules/contrib/vde.fc b/policy/modules/contrib/vde.fc index bea4fd72..6ba4cc75 100644 --- a/policy/modules/contrib/vde.fc +++ b/policy/modules/contrib/vde.fc @@ -2,4 +2,4 @@ /usr/bin/vde_switch -- gen_context(system_u:object_r:vde_exec_t,s0) /usr/sbin/vde_tunctl -- gen_context(system_u:object_r:vde_exec_t,s0) /run/vde\.ctl(/.*)? gen_context(system_u:object_r:vde_runtime_t,s0) -/tmp/vde.[0-9-]* -s gen_context(system_u:object_r:vde_tmp_t,s0) +/tmp/vde\.[^/]* -s gen_context(system_u:object_r:vde_tmp_t,s0) diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 68944c05..9369157b 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -101,7 +101,7 @@ ifdef(`distro_redhat',` /etc/vmware-tools(/.*)? gen_context(system_u:object_r:bin_t,s0) -/etc/wpa_supplicant/wpa_cli.sh -- gen_context(system_u:object_r:bin_t,s0) +/etc/wpa_supplicant/wpa_cli\.sh -- gen_context(system_u:object_r:bin_t,s0) /etc/X11/xdm/GiveConsole -- gen_context(system_u:object_r:bin_t,s0) /etc/X11/xdm/TakeConsole -- gen_context(system_u:object_r:bin_t,s0) @@ -268,7 +268,7 @@ ifdef(`distro_gentoo',` /usr/lib/[^/]*/run-mozilla\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/[^/]*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/thunderbird.*/mozilla-xremote-client -- gen_context(system_u:object_r:bin_t,s0) -/usr/lib/nspluginwrapper/i386/linux/npviewer.bin -- gen_context(system_u:object_r:bin_t,s0) +/usr/lib/nspluginwrapper/i386/linux/npviewer\.bin -- gen_context(system_u:object_r:bin_t,s0) /usr/lib/nspluginwrapper/i386/linux/npviewer -- gen_context(system_u:object_r:shell_exec_t,s0) /usr/lib/xulrunner-.*/plugin-container -- gen_context(system_u:object_r:bin_t,s0) @@ -301,7 +301,7 @@ ifdef(`distro_gentoo',` /usr/share/apr(-[0-9])?/build/libtool -- gen_context(system_u:object_r:bin_t,s0) /usr/share/build-1/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/share/build-1/libtool -- gen_context(system_u:object_r:bin_t,s0) -/usr/share/build-1/mkdir.sh -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/build-1/mkdir\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/share/dayplanner/dayplanner -- gen_context(system_u:object_r:bin_t,s0) /usr/share/debconf/.+ -- gen_context(system_u:object_r:bin_t,s0) /usr/share/denyhosts/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0) @@ -319,7 +319,7 @@ ifdef(`distro_gentoo',` /usr/share/gnome-sound-recorder/org\.gnome\.SoundRecorder -- gen_context(system_u:object_r:bin_t,s0) /usr/share/gnucash/finance-quote-check -- gen_context(system_u:object_r:bin_t,s0) /usr/share/gnucash/finance-quote-helper -- gen_context(system_u:object_r:bin_t,s0) -/usr/share/GNUstep/Makefiles/*\.sh -- gen_context(system_u:object_r:bin_t,s0) +/usr/share/GNUstep/Makefiles/[^/]*\.sh -- gen_context(system_u:object_r:bin_t,s0) /usr/share/GNUstep/Makefiles/mkinstalldirs -- gen_context(system_u:object_r:bin_t,s0) /usr/share/hal/device-manager/hal-device-manager -- gen_context(system_u:object_r:bin_t,s0) /usr/share/hal/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0) diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc index b16c5739..4d014d19 100644 --- a/policy/modules/services/ntp.fc +++ b/policy/modules/services/ntp.fc @@ -42,7 +42,7 @@ /run/ntpd\.sock -s gen_context(system_u:object_r:ntpd_pid_t,s0) ifdef(`distro_gentoo',` -/var/lib/openntpd/ntpd.drift -- gen_context(system_u:object_r:ntp_drift_t,s0) +/var/lib/openntpd/ntpd\.drift -- gen_context(system_u:object_r:ntp_drift_t,s0) # hardlinked to ntpd /usr/sbin/ntpctl -- gen_context(system_u:object_r:ntpd_exec_t,s0) diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index a3c68a97..8d50e1f2 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -2,11 +2,6 @@ # configure LVM to put lockfiles in /etc/lvm/lock instead # for this policy to work (unless you have no separate /var) -# -# /dev -# -/dev/.lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0) - # # /etc # diff --git a/policy/modules/system/miscfiles.fc b/policy/modules/system/miscfiles.fc index 031bb2e0..19c4e2e3 100644 --- a/policy/modules/system/miscfiles.fc +++ b/policy/modules/system/miscfiles.fc @@ -11,11 +11,9 @@ ifdef(`distro_gentoo',` /etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0) /etc/httpd/alias/[^/]*\.db(\.[^/]*)* -- gen_context(system_u:object_r:cert_t,s0) /etc/localtime -- gen_context(system_u:object_r:locale_t,s0) -/etc/pki/certs/(.*)? -- gen_context(system_u:object_r:cert_t,s0) +/etc/pki(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/pki/.*/private(/.*)? gen_context(system_u:object_r:tls_privkey_t,s0) -/etc/pki/private/(.*)? -- gen_context(system_u:object_r:cert_t,s0) -/etc/ssl/certs/(.*)? -- gen_context(system_u:object_r:cert_t,s0) -/etc/ssl/private/(.*)? -- gen_context(system_u:object_r:cert_t,s0) +/etc/ssl(/.*)? gen_context(system_u:object_r:cert_t,s0) /etc/timezone -- gen_context(system_u:object_r:locale_t,s0) ifdef(`distro_debian',` diff --git a/policy/modules/system/tmpfiles.fc b/policy/modules/system/tmpfiles.fc index 5a13949c..a25eaa58 100644 --- a/policy/modules/system/tmpfiles.fc +++ b/policy/modules/system/tmpfiles.fc @@ -1,10 +1,10 @@ ifndef(`init_systemd',` -/etc/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0) -/run/tmpfiles.d(/.*)? gen_context(system_u:object_r:tmpfiles_runtime_t,s0) +/etc/tmpfiles\.d(/.*)? gen_context(system_u:object_r:tmpfiles_conf_t,s0) +/run/tmpfiles\.d(/.*)? gen_context(system_u:object_r:tmpfiles_runtime_t,s0) ') /usr/bin/tmpfiles -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) /usr/lib/rc/bin/checkpath -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) -/usr/lib/rc/sh/tmpfiles.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0) +/usr/lib/rc/sh/tmpfiles\.sh -- gen_context(system_u:object_r:tmpfiles_exec_t,s0)
