[selinux-policy: 189/3172] add context template to support mls
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:21:19 UTC 2010
commit bee546bfd4558d42921c1045ff445198f21ba308
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed May 18 21:02:15 2005 +0000
add context template to support mls
refpolicy/policy/modules/admin/consoletype.fc | 2 +-
refpolicy/policy/modules/admin/netutils.fc | 18 ++--
refpolicy/policy/modules/admin/usermanage.fc | 46 ++++----
refpolicy/policy/modules/apps/gpg.fc | 12 +-
refpolicy/policy/modules/kernel/bootloader.fc | 26 ++--
refpolicy/policy/modules/kernel/corenetwork.fc | 8 +-
refpolicy/policy/modules/kernel/devices.fc | 136 +++++++++++-----------
refpolicy/policy/modules/kernel/storage.fc | 98 ++++++++--------
refpolicy/policy/modules/kernel/terminal.fc | 30 +++---
refpolicy/policy/modules/services/mta.fc | 18 ++--
refpolicy/policy/modules/system/authlogin.fc | 46 ++++----
refpolicy/policy/modules/system/clock.fc | 4 +-
refpolicy/policy/modules/system/corecommands.fc | 74 ++++++------
refpolicy/policy/modules/system/files.fc | 108 +++++++++---------
refpolicy/policy/modules/system/getty.fc | 4 +-
refpolicy/policy/modules/system/hostname.fc | 2 +-
refpolicy/policy/modules/system/hotplug.fc | 14 +-
refpolicy/policy/modules/system/init.fc | 44 ++++----
refpolicy/policy/modules/system/iptables.fc | 12 +-
refpolicy/policy/modules/system/libraries.fc | 44 ++++----
refpolicy/policy/modules/system/locallogin.fc | 2 +-
refpolicy/policy/modules/system/logging.fc | 28 +++---
refpolicy/policy/modules/system/lvm.fc | 120 ++++++++++----------
refpolicy/policy/modules/system/miscfiles.fc | 40 ++++----
refpolicy/policy/modules/system/modutils.fc | 20 ++--
refpolicy/policy/modules/system/mount.fc | 4 +-
refpolicy/policy/modules/system/selinux.fc | 30 +++---
refpolicy/policy/modules/system/selinuxutil.fc | 30 +++---
refpolicy/policy/modules/system/sysnetwork.fc | 48 ++++----
refpolicy/policy/modules/system/udev.fc | 22 ++--
30 files changed, 545 insertions(+), 545 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/consoletype.fc b/refpolicy/policy/modules/admin/consoletype.fc
index cf7eb6e..242ca19 100644
--- a/refpolicy/policy/modules/admin/consoletype.fc
+++ b/refpolicy/policy/modules/admin/consoletype.fc
@@ -1,3 +1,3 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/sbin/consoletype -- system_u:object_r:consoletype_exec_t
+/sbin/consoletype -- context_template(system_u:object_r:consoletype_exec_t,s0)
diff --git a/refpolicy/policy/modules/admin/netutils.fc b/refpolicy/policy/modules/admin/netutils.fc
index 30e4697..25fa1a9 100644
--- a/refpolicy/policy/modules/admin/netutils.fc
+++ b/refpolicy/policy/modules/admin/netutils.fc
@@ -1,14 +1,14 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/bin/ping.* -- system_u:object_r:ping_exec_t
-/bin/traceroute.* -- system_u:object_r:traceroute_exec_t
+/bin/ping.* -- context_template(system_u:object_r:ping_exec_t,s0)
+/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
-/sbin/arping -- system_u:object_r:netutils_exec_t
+/sbin/arping -- context_template(system_u:object_r:netutils_exec_t,s0)
-/usr/bin/lft -- system_u:object_r:traceroute_exec_t
-/usr/bin/nmap -- system_u:object_r:traceroute_exec_t
-/usr/bin/traceroute.* -- system_u:object_r:traceroute_exec_t
+/usr/bin/lft -- context_template(system_u:object_r:traceroute_exec_t,s0)
+/usr/bin/nmap -- context_template(system_u:object_r:traceroute_exec_t,s0)
+/usr/bin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
-/usr/sbin/traceroute.* -- system_u:object_r:traceroute_exec_t
-/usr/sbin/hping2 -- system_u:object_r:ping_exec_t
-/usr/sbin/tcpdump -- system_u:object_r:netutils_exec_t
+/usr/sbin/traceroute.* -- context_template(system_u:object_r:traceroute_exec_t,s0)
+/usr/sbin/hping2 -- context_template(system_u:object_r:ping_exec_t,s0)
+/usr/sbin/tcpdump -- context_template(system_u:object_r:netutils_exec_t,s0)
diff --git a/refpolicy/policy/modules/admin/usermanage.fc b/refpolicy/policy/modules/admin/usermanage.fc
index 695d17a..5514373 100644
--- a/refpolicy/policy/modules/admin/usermanage.fc
+++ b/refpolicy/policy/modules/admin/usermanage.fc
@@ -1,28 +1,28 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/usr/bin/chage -- system_u:object_r:passwd_exec_t
-/usr/bin/chfn -- system_u:object_r:chfn_exec_t
-/usr/bin/chsh -- system_u:object_r:chfn_exec_t
-/usr/bin/gpasswd -- system_u:object_r:groupadd_exec_t
-/usr/bin/passwd -- system_u:object_r:passwd_exec_t
-/usr/bin/vigr -- system_u:object_r:admin_passwd_exec_t
-/usr/bin/vipw -- system_u:object_r:admin_passwd_exec_t
+/usr/bin/chage -- context_template(system_u:object_r:passwd_exec_t,s0)
+/usr/bin/chfn -- context_template(system_u:object_r:chfn_exec_t,s0)
+/usr/bin/chsh -- context_template(system_u:object_r:chfn_exec_t,s0)
+/usr/bin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0)
+/usr/bin/passwd -- context_template(system_u:object_r:passwd_exec_t,s0)
+/usr/bin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
+/usr/bin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
-/usr/lib(64)?/cracklib_dict.* -- system_u:object_r:crack_db_t
+/usr/lib(64)?/cracklib_dict.* -- context_template(system_u:object_r:crack_db_t,s0)
-/usr/sbin/crack_[a-z]* -- system_u:object_r:crack_exec_t
-/usr/sbin/gpasswd -- system_u:object_r:groupadd_exec_t
-/usr/sbin/groupadd -- system_u:object_r:groupadd_exec_t
-/usr/sbin/groupdel -- system_u:object_r:groupadd_exec_t
-/usr/sbin/groupmod -- system_u:object_r:groupadd_exec_t
-/usr/sbin/grpconv -- system_u:object_r:admin_passwd_exec_t
-/usr/sbin/grpunconv -- system_u:object_r:admin_passwd_exec_t
-/usr/sbin/pwconv -- system_u:object_r:admin_passwd_exec_t
-/usr/sbin/pwunconv -- system_u:object_r:admin_passwd_exec_t
-/usr/sbin/useradd -- system_u:object_r:useradd_exec_t
-/usr/sbin/userdel -- system_u:object_r:useradd_exec_t
-/usr/sbin/usermod -- system_u:object_r:useradd_exec_t
-/usr/sbin/vigr -- system_u:object_r:admin_passwd_exec_t
-/usr/sbin/vipw -- system_u:object_r:admin_passwd_exec_t
+/usr/sbin/crack_[a-z]* -- context_template(system_u:object_r:crack_exec_t,s0)
+/usr/sbin/gpasswd -- context_template(system_u:object_r:groupadd_exec_t,s0)
+/usr/sbin/groupadd -- context_template(system_u:object_r:groupadd_exec_t,s0)
+/usr/sbin/groupdel -- context_template(system_u:object_r:groupadd_exec_t,s0)
+/usr/sbin/groupmod -- context_template(system_u:object_r:groupadd_exec_t,s0)
+/usr/sbin/grpconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
+/usr/sbin/grpunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
+/usr/sbin/pwconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
+/usr/sbin/pwunconv -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
+/usr/sbin/useradd -- context_template(system_u:object_r:useradd_exec_t,s0)
+/usr/sbin/userdel -- context_template(system_u:object_r:useradd_exec_t,s0)
+/usr/sbin/usermod -- context_template(system_u:object_r:useradd_exec_t,s0)
+/usr/sbin/vigr -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
+/usr/sbin/vipw -- context_template(system_u:object_r:admin_passwd_exec_t,s0)
-/var/cache/cracklib(/.*)? system_u:object_r:crack_db_t
+/var/cache/cracklib(/.*)? context_template(system_u:object_r:crack_db_t,s0)
diff --git a/refpolicy/policy/modules/apps/gpg.fc b/refpolicy/policy/modules/apps/gpg.fc
index bbcec5b..9d2c6be 100644
--- a/refpolicy/policy/modules/apps/gpg.fc
+++ b/refpolicy/policy/modules/apps/gpg.fc
@@ -1,10 +1,10 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/usr/bin/gpg -- system_u:object_r:gpg_exec_t
-/usr/bin/gpg-agent -- system_u:object_r:gpg_agent_exec_t
-/usr/bin/kgpg -- system_u:object_r:gpg_exec_t
-/usr/bin/pinentry.* -- system_u:object_r:pinentry_exec_t
+/usr/bin/gpg -- context_template(system_u:object_r:gpg_exec_t,s0)
+/usr/bin/gpg-agent -- context_template(system_u:object_r:gpg_agent_exec_t,s0)
+/usr/bin/kgpg -- context_template(system_u:object_r:gpg_exec_t,s0)
+/usr/bin/pinentry.* -- context_template(system_u:object_r:pinentry_exec_t,s0)
-/usr/lib/gnupg/gpgkeys.* -- system_u:object_r:gpg_helper_exec_t
+/usr/lib/gnupg/gpgkeys.* -- context_template(system_u:object_r:gpg_helper_exec_t,s0)
-#HOME_DIR/\.gnupg(/.+)? system_u:object_r:ROLE_gpg_secret_t
+#HOME_DIR/\.gnupg(/.+)? context_template(system_u:object_r:ROLE_gpg_secret_t,s0)
diff --git a/refpolicy/policy/modules/kernel/bootloader.fc b/refpolicy/policy/modules/kernel/bootloader.fc
index f4dd277..ee74701 100644
--- a/refpolicy/policy/modules/kernel/bootloader.fc
+++ b/refpolicy/policy/modules/kernel/bootloader.fc
@@ -1,21 +1,21 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/vmlinuz.* -l system_u:object_r:boot_t
-/initrd\.img.* -l system_u:object_r:boot_t
+/vmlinuz.* -l context_template(system_u:object_r:boot_t,s0)
+/initrd\.img.* -l context_template(system_u:object_r:boot_t,s0)
-/boot(/.*)? system_u:object_r:boot_t
-/boot/System\.map-.* -- system_u:object_r:system_map_t
+/boot(/.*)? context_template(system_u:object_r:boot_t,s0)
+/boot/System\.map-.* -- context_template(system_u:object_r:system_map_t,s0)
-/etc/lilo\.conf.* -- system_u:object_r:bootloader_etc_t
-/etc/yaboot\.conf.* -- system_u:object_r:bootloader_etc_t
+/etc/lilo\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0)
+/etc/yaboot\.conf.* -- context_template(system_u:object_r:bootloader_etc_t,s0)
-/etc/mkinitrd/scripts/.* -- system_u:object_r:bootloader_exec_t
+/etc/mkinitrd/scripts/.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
-/lib(64)?/modules(/.*)? system_u:object_r:modules_object_t
+/lib(64)?/modules(/.*)? context_template(system_u:object_r:modules_object_t,s0)
-/usr/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t
+/usr/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0)
-/sbin/grub.* -- system_u:object_r:bootloader_exec_t
-/sbin/lilo.* -- system_u:object_r:bootloader_exec_t
-/sbin/mkinitrd -- system_u:object_r:bootloader_exec_t
-/sbin/ybin.* -- system_u:object_r:bootloader_exec_t
+/sbin/grub.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
+/sbin/lilo.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
+/sbin/mkinitrd -- context_template(system_u:object_r:bootloader_exec_t,s0)
+/sbin/ybin.* -- context_template(system_u:object_r:bootloader_exec_t,s0)
diff --git a/refpolicy/policy/modules/kernel/corenetwork.fc b/refpolicy/policy/modules/kernel/corenetwork.fc
index 1906949..e567bba 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.fc
+++ b/refpolicy/policy/modules/kernel/corenetwork.fc
@@ -1,7 +1,7 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/dev/ippp.* -c system_u:object_r:ppp_device_t
-/dev/ppp -c system_u:object_r:ppp_device_t
-/dev/pppox.* -c system_u:object_r:ppp_device_t
+/dev/ippp.* -c context_template(system_u:object_r:ppp_device_t,s0)
+/dev/ppp -c context_template(system_u:object_r:ppp_device_t,s0)
+/dev/pppox.* -c context_template(system_u:object_r:ppp_device_t,s0)
-/dev/net/.* -c system_u:object_r:tun_tap_device_t
+/dev/net/.* -c context_template(system_u:object_r:tun_tap_device_t,s0)
diff --git a/refpolicy/policy/modules/kernel/devices.fc b/refpolicy/policy/modules/kernel/devices.fc
index 7f5345e..3479046 100644
--- a/refpolicy/policy/modules/kernel/devices.fc
+++ b/refpolicy/policy/modules/kernel/devices.fc
@@ -1,80 +1,80 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/dev(/.*)? system_u:object_r:device_t
+/dev(/.*)? context_template(system_u:object_r:device_t,s0)
-/dev/.*mouse.* -c system_u:object_r:mouse_device_t
-/dev/adsp -c system_u:object_r:sound_device_t
-/dev/agpgart -c system_u:object_r:agp_device_t
-/dev/aload.* -c system_u:object_r:sound_device_t
-/dev/amidi.* -c system_u:object_r:sound_device_t
-/dev/amixer.* -c system_u:object_r:sound_device_t
-/dev/apm_bios -c system_u:object_r:apm_bios_t
-/dev/atibm -c system_u:object_r:mouse_device_t
-/dev/audio.* -c system_u:object_r:sound_device_t
-/dev/beep -c system_u:object_r:sound_device_t
-/dev/console -c system_u:object_r:console_device_t
-/dev/dsp.* -c system_u:object_r:sound_device_t
-/dev/fb[0-9]* -c system_u:object_r:framebuf_device_t
-/dev/full -c system_u:object_r:null_device_t
-/dev/irlpt[0-9]+ -c system_u:object_r:printer_device_t
-/dev/js.* -c system_u:object_r:mouse_device_t
-/dev/kmem -c system_u:object_r:memory_device_t
-/dev/logibm -c system_u:object_r:mouse_device_t
-/dev/lp.* -c system_u:object_r:printer_device_t
-/dev/mem -c system_u:object_r:memory_device_t
-/dev/microcode -c system_u:object_r:cpu_device_t
-/dev/midi.* -c system_u:object_r:sound_device_t
-/dev/mixer.* -c system_u:object_r:sound_device_t
-/dev/mmetfgrab -c system_u:object_r:scanner_device_t
-/dev/mpu401.* -c system_u:object_r:sound_device_t
-/dev/null -c system_u:object_r:null_device_t
-/dev/nvidia.* -c system_u:object_r:xserver_misc_device_t
-/dev/nvram -c system_u:object_r:memory_device_t
-/dev/par.* -c system_u:object_r:printer_device_t
-/dev/patmgr[01] -c system_u:object_r:sound_device_t
-/dev/pmu -c system_u:object_r:power_device_t
-/dev/port -c system_u:object_r:memory_device_t
-/dev/psaux -c system_u:object_r:mouse_device_t
-/dev/rmidi.* -c system_u:object_r:sound_device_t
-/dev/radeon -c system_u:object_r:dri_device_t
-/dev/radio.* -c system_u:object_r:v4l_device_t
-/dev/random -c system_u:object_r:random_device_t
-/dev/rtc -c system_u:object_r:clock_device_t
-/dev/sequencer -c system_u:object_r:sound_device_t
-/dev/sequencer2 -c system_u:object_r:sound_device_t
-/dev/smpte.* -c system_u:object_r:sound_device_t
-/dev/srnd[0-7] -c system_u:object_r:sound_device_t
-/dev/sndstat -c system_u:object_r:sound_device_t
-/dev/tlk[0-3] -c system_u:object_r:v4l_device_t
-/dev/urandom -c system_u:object_r:urandom_device_t
-/dev/usblp.* -c system_u:object_r:printer_device_t
+/dev/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0)
+/dev/adsp -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/agpgart -c context_template(system_u:object_r:agp_device_t,s0)
+/dev/aload.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/amidi.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/amixer.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/apm_bios -c context_template(system_u:object_r:apm_bios_t,s0)
+/dev/atibm -c context_template(system_u:object_r:mouse_device_t,s0)
+/dev/audio.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/beep -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/console -c context_template(system_u:object_r:console_device_t,s0)
+/dev/dsp.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/fb[0-9]* -c context_template(system_u:object_r:framebuf_device_t,s0)
+/dev/full -c context_template(system_u:object_r:null_device_t,s0)
+/dev/irlpt[0-9]+ -c context_template(system_u:object_r:printer_device_t,s0)
+/dev/js.* -c context_template(system_u:object_r:mouse_device_t,s0)
+/dev/kmem -c context_template(system_u:object_r:memory_device_t,s0)
+/dev/logibm -c context_template(system_u:object_r:mouse_device_t,s0)
+/dev/lp.* -c context_template(system_u:object_r:printer_device_t,s0)
+/dev/mem -c context_template(system_u:object_r:memory_device_t,s0)
+/dev/microcode -c context_template(system_u:object_r:cpu_device_t,s0)
+/dev/midi.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/mixer.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/mmetfgrab -c context_template(system_u:object_r:scanner_device_t,s0)
+/dev/mpu401.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/null -c context_template(system_u:object_r:null_device_t,s0)
+/dev/nvidia.* -c context_template(system_u:object_r:xserver_misc_device_t,s0)
+/dev/nvram -c context_template(system_u:object_r:memory_device_t,s0)
+/dev/par.* -c context_template(system_u:object_r:printer_device_t,s0)
+/dev/patmgr[01] -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/pmu -c context_template(system_u:object_r:power_device_t,s0)
+/dev/port -c context_template(system_u:object_r:memory_device_t,s0)
+/dev/psaux -c context_template(system_u:object_r:mouse_device_t,s0)
+/dev/rmidi.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/radeon -c context_template(system_u:object_r:dri_device_t,s0)
+/dev/radio.* -c context_template(system_u:object_r:v4l_device_t,s0)
+/dev/random -c context_template(system_u:object_r:random_device_t,s0)
+/dev/rtc -c context_template(system_u:object_r:clock_device_t,s0)
+/dev/sequencer -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/sequencer2 -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/smpte.* -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/srnd[0-7] -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/sndstat -c context_template(system_u:object_r:sound_device_t,s0)
+/dev/tlk[0-3] -c context_template(system_u:object_r:v4l_device_t,s0)
+/dev/urandom -c context_template(system_u:object_r:urandom_device_t,s0)
+/dev/usblp.* -c context_template(system_u:object_r:printer_device_t,s0)
ifdef(`distro_suse', `
-/dev/usbscanner -c system_u:object_r:scanner_device_t
+/dev/usbscanner -c context_template(system_u:object_r:scanner_device_t,s0)
')
-/dev/vbi.* -c system_u:object_r:v4l_device_t
-/dev/video.* -c system_u:object_r:v4l_device_t
-/dev/vttuner -c system_u:object_r:v4l_device_t
-/dev/vtx.* -c system_u:object_r:v4l_device_t
-/dev/winradio. -c system_u:object_r:v4l_device_t
-/dev/zero -c system_u:object_r:zero_device_t
+/dev/vbi.* -c context_template(system_u:object_r:v4l_device_t,s0)
+/dev/video.* -c context_template(system_u:object_r:v4l_device_t,s0)
+/dev/vttuner -c context_template(system_u:object_r:v4l_device_t,s0)
+/dev/vtx.* -c context_template(system_u:object_r:v4l_device_t,s0)
+/dev/winradio. -c context_template(system_u:object_r:v4l_device_t,s0)
+/dev/zero -c context_template(system_u:object_r:zero_device_t,s0)
-/dev/cpu/.* -c system_u:object_r:cpu_device_t
-/dev/cpu/mtrr -c system_u:object_r:mtrr_device_t
+/dev/cpu/.* -c context_template(system_u:object_r:cpu_device_t,s0)
+/dev/cpu/mtrr -c context_template(system_u:object_r:mtrr_device_t,s0)
-/dev/dri/.+ -c system_u:object_r:dri_device_t
+/dev/dri/.+ -c context_template(system_u:object_r:dri_device_t,s0)
-/dev/input/.*mouse.* -c system_u:object_r:mouse_device_t
-/dev/input/event.* -c system_u:object_r:event_device_t
-/dev/input/mice -c system_u:object_r:mouse_device_t
-/dev/input/js.* -c system_u:object_r:mouse_device_t
+/dev/input/.*mouse.* -c context_template(system_u:object_r:mouse_device_t,s0)
+/dev/input/event.* -c context_template(system_u:object_r:event_device_t,s0)
+/dev/input/mice -c context_template(system_u:object_r:mouse_device_t,s0)
+/dev/input/js.* -c context_template(system_u:object_r:mouse_device_t,s0)
-/dev/mapper/control -c system_u:object_r:lvm_control_t
+/dev/mapper/control -c context_template(system_u:object_r:lvm_control_t,s0)
-/dev/pts(/.*)? <<none>>
+/dev/pts(/.*)? <<none>>
-/dev/snd/.* -c system_u:object_r:sound_device_t
+/dev/snd/.* -c context_template(system_u:object_r:sound_device_t,s0)
-/dev/usb/dc2xx.* -c system_u:object_r:scanner_device_t
-/dev/usb/lp.* -c system_u:object_r:printer_device_t
-/dev/usb/mdc800.* -c system_u:object_r:scanner_device_t
-/dev/usb/scanner.* -c system_u:object_r:scanner_device_t
+/dev/usb/dc2xx.* -c context_template(system_u:object_r:scanner_device_t,s0)
+/dev/usb/lp.* -c context_template(system_u:object_r:printer_device_t,s0)
+/dev/usb/mdc800.* -c context_template(system_u:object_r:scanner_device_t,s0)
+/dev/usb/scanner.* -c context_template(system_u:object_r:scanner_device_t,s0)
diff --git a/refpolicy/policy/modules/kernel/storage.fc b/refpolicy/policy/modules/kernel/storage.fc
index b5b0068..2be19b2 100644
--- a/refpolicy/policy/modules/kernel/storage.fc
+++ b/refpolicy/policy/modules/kernel/storage.fc
@@ -1,61 +1,61 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/dev/n?(raw)?[qr]ft[0-3] -c system_u:object_r:tape_device_t
-/dev/n?[hs]t[0-9].* -c system_u:object_r:tape_device_t
-/dev/n?z?qft[0-3] -c system_u:object_r:tape_device_t
-/dev/n?osst[0-3].* -c system_u:object_r:tape_device_t
-/dev/n?pt[0-9]+ -c system_u:object_r:tape_device_t
-/dev/n?tpqic[12].* -c system_u:object_r:tape_device_t
-/dev/[shmx]d[^/]* -b system_u:object_r:fixed_disk_device_t
-/dev/aztcd -b system_u:object_r:removable_device_t
-/dev/bpcd -b system_u:object_r:removable_device_t
-/dev/cdu.* -b system_u:object_r:removable_device_t
-/dev/cm20.* -b system_u:object_r:removable_device_t
-/dev/dasd[^/]* -b system_u:object_r:fixed_disk_device_t
-/dev/dm-[0-9]+ -b system_u:object_r:fixed_disk_device_t
-/dev/fd[^/]+ -b system_u:object_r:removable_device_t
-/dev/flash[^/]* -b system_u:object_r:fixed_disk_device_t
-/dev/gscd -b system_u:object_r:removable_device_t
-/dev/hitcd -b system_u:object_r:removable_device_t
-/dev/ht[0-1] -b system_u:object_r:tape_device_t
-/dev/initrd -b system_u:object_r:fixed_disk_device_t
-/dev/jsfd -b system_u:object_r:fixed_disk_device_t
-/dev/jsflash -c system_u:object_r:fixed_disk_device_t
-/dev/loop.* -b system_u:object_r:fixed_disk_device_t
-/dev/lvm -c system_u:object_r:fixed_disk_device_t
-/dev/mcdx? -b system_u:object_r:removable_device_t
-/dev/nb[^/]+ -b system_u:object_r:fixed_disk_device_t
-/dev/optcd -b system_u:object_r:removable_device_t
-/dev/p[fg][0-3] -b system_u:object_r:removable_device_t
-/dev/pcd[0-3] -b system_u:object_r:removable_device_t
-/dev/pd[a-d][^/]* -b system_u:object_r:removable_device_t
-/dev/pg[0-3] -c system_u:object_r:removable_device_t
-/dev/ram.* -b system_u:object_r:fixed_disk_device_t
-/dev/rawctl -c system_u:object_r:fixed_disk_device_t
-/dev/rd.* -b system_u:object_r:fixed_disk_device_t
+/dev/n?(raw)?[qr]ft[0-3] -c context_template(system_u:object_r:tape_device_t,s0)
+/dev/n?[hs]t[0-9].* -c context_template(system_u:object_r:tape_device_t,s0)
+/dev/n?z?qft[0-3] -c context_template(system_u:object_r:tape_device_t,s0)
+/dev/n?osst[0-3].* -c context_template(system_u:object_r:tape_device_t,s0)
+/dev/n?pt[0-9]+ -c context_template(system_u:object_r:tape_device_t,s0)
+/dev/n?tpqic[12].* -c context_template(system_u:object_r:tape_device_t,s0)
+/dev/[shmx]d[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/aztcd -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/bpcd -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/cdu.* -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/cm20.* -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/dasd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/dm-[0-9]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/fd[^/]+ -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/flash[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/gscd -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/hitcd -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/ht[0-1] -b context_template(system_u:object_r:tape_device_t,s0)
+/dev/initrd -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/jsfd -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/jsflash -c context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/loop.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/lvm -c context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/mcdx? -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/nb[^/]+ -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/optcd -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/p[fg][0-3] -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/pcd[0-3] -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/pd[a-d][^/]* -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/pg[0-3] -c context_template(system_u:object_r:removable_device_t,s0)
+/dev/ram.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/rawctl -c context_template(system_u:object_r:fixed_disk_device_t,s0)
+/dev/rd.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
ifdef(`distro_redhat', `
-/dev/root -b system_u:object_r:fixed_disk_device_t
+/dev/root -b context_template(system_u:object_r:fixed_disk_device_t,s0)
')
-/dev/s(cd|r)[^/]* -b system_u:object_r:removable_device_t
-/dev/sbpcd.* -b system_u:object_r:removable_device_t
-/dev/sg[0-9]+ -c system_u:object_r:scsi_generic_device_t
-/dev/sjcd -b system_u:object_r:removable_device_t
-/dev/sonycd -b system_u:object_r:removable_device_t
-/dev/tape.* -c system_u:object_r:tape_device_t
-/dev/ubd[^/]* -b system_u:object_r:fixed_disk_device_t
+/dev/s(cd|r)[^/]* -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/sbpcd.* -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/sg[0-9]+ -c context_template(system_u:object_r:scsi_generic_device_t,s0)
+/dev/sjcd -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/sonycd -b context_template(system_u:object_r:removable_device_t,s0)
+/dev/tape.* -c context_template(system_u:object_r:tape_device_t,s0)
+/dev/ubd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/ataraid/.* -b system_u:object_r:fixed_disk_device_t
+/dev/ataraid/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/cciss/[^/]* -b system_u:object_r:fixed_disk_device_t
+/dev/cciss/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/i2o/hd[^/]* -b system_u:object_r:fixed_disk_device_t
+/dev/i2o/hd[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/ida/[^/]* -b system_u:object_r:fixed_disk_device_t
+/dev/ida/[^/]* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/mapper/.* -b system_u:object_r:fixed_disk_device_t
+/dev/mapper/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/raw/raw[0-9]+ -c system_u:object_r:fixed_disk_device_t
+/dev/raw/raw[0-9]+ -c context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/scramdisk/.* -b system_u:object_r:fixed_disk_device_t
+/dev/scramdisk/.* -b context_template(system_u:object_r:fixed_disk_device_t,s0)
-/dev/usb/rio500 -c system_u:object_r:removable_device_t
+/dev/usb/rio500 -c context_template(system_u:object_r:removable_device_t,s0)
diff --git a/refpolicy/policy/modules/kernel/terminal.fc b/refpolicy/policy/modules/kernel/terminal.fc
index 322511c..a4883ab 100644
--- a/refpolicy/policy/modules/kernel/terminal.fc
+++ b/refpolicy/policy/modules/kernel/terminal.fc
@@ -1,18 +1,18 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/dev/.*tty[^/]* -c system_u:object_r:tty_device_t
-/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c system_u:object_r:bsdpty_device_t
-/dev/capi.* -c system_u:object_r:tty_device_t
-/dev/cu.* -c system_u:object_r:tty_device_t
-/dev/dcbri[0-9]+ -c system_u:object_r:tty_device_t
-/dev/hvc.* -c system_u:object_r:tty_device_t
-/dev/hvsi.* -c system_u:object_r:tty_device_t
-/dev/ircomm[0-9]+ -c system_u:object_r:tty_device_t
-/dev/ip2[^/]* -c system_u:object_r:tty_device_t
-/dev/isdn.* -c system_u:object_r:tty_device_t
-/dev/ptmx -c system_u:object_r:ptmx_t
-/dev/tty -c system_u:object_r:devtty_t
-/dev/ttySG.* -c system_u:object_r:tty_device_t
-/dev/vcs[^/]* -c system_u:object_r:tty_device_t
+/dev/.*tty[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/[pt]ty[abcdepqrstuvwxyz][0-9a-f] -c context_template(system_u:object_r:bsdpty_device_t,s0)
+/dev/capi.* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/cu.* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/dcbri[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/hvc.* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/hvsi.* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/ircomm[0-9]+ -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/ip2[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/isdn.* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/ptmx -c context_template(system_u:object_r:ptmx_t,s0)
+/dev/tty -c context_template(system_u:object_r:devtty_t,s0)
+/dev/ttySG.* -c context_template(system_u:object_r:tty_device_t,s0)
+/dev/vcs[^/]* -c context_template(system_u:object_r:tty_device_t,s0)
-/dev/usb/tty.* -c system_u:object_r:usbtty_device_t
+/dev/usb/tty.* -c context_template(system_u:object_r:usbtty_device_t,s0)
diff --git a/refpolicy/policy/modules/services/mta.fc b/refpolicy/policy/modules/services/mta.fc
index cd0b54c..38323da 100644
--- a/refpolicy/policy/modules/services/mta.fc
+++ b/refpolicy/policy/modules/services/mta.fc
@@ -1,21 +1,21 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/etc/aliases -- system_u:object_r:etc_aliases_t
-/etc/aliases\.db -- system_u:object_r:etc_aliases_t
+/etc/aliases -- context_template(system_u:object_r:etc_aliases_t,s0)
+/etc/aliases\.db -- context_template(system_u:object_r:etc_aliases_t,s0)
ifdef(`sendmail.te',`',`
-/usr/lib(64)?/sendmail -- system_u:object_r:sendmail_exec_t
+/usr/lib(64)?/sendmail -- context_template(system_u:object_r:sendmail_exec_t,s0)
-/usr/sbin/sendmail(.sendmail)? -- system_u:object_r:sendmail_exec_t
+/usr/sbin/sendmail(.sendmail)? -- context_template(system_u:object_r:sendmail_exec_t,s0)
')
-/var/mail(/.*)? system_u:object_r:mail_spool_t
+/var/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
-/var/spool/(client)?mqueue(/.*)? system_u:object_r:mqueue_spool_t
+/var/spool/(client)?mqueue(/.*)? context_template(system_u:object_r:mqueue_spool_t,s0)
-/var/spool/mail(/.*)? system_u:object_r:mail_spool_t
+/var/spool/mail(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
ifdef(`postfix.te', `', `
-/usr/sbin/sendmail.postfix -- system_u:object_r:sendmail_exec_t
-/var/spool/postfix(/.*)? system_u:object_r:mail_spool_t
+/usr/sbin/sendmail.postfix -- context_template(system_u:object_r:sendmail_exec_t,s0)
+/var/spool/postfix(/.*)? context_template(system_u:object_r:mail_spool_t,s0)
')
diff --git a/refpolicy/policy/modules/system/authlogin.fc b/refpolicy/policy/modules/system/authlogin.fc
index 22384ce..0673869 100644
--- a/refpolicy/policy/modules/system/authlogin.fc
+++ b/refpolicy/policy/modules/system/authlogin.fc
@@ -1,36 +1,36 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/bin/login -- system_u:object_r:login_exec_t
+/bin/login -- context_template(system_u:object_r:login_exec_t,s0)
-/etc/\.pwd\.lock -- system_u:object_r:shadow_t
-/etc/group\.lock -- system_u:object_r:shadow_t
-/etc/gshadow.* -- system_u:object_r:shadow_t
-/etc/passwd\.lock -- system_u:object_r:shadow_t
-/etc/shadow.* -- system_u:object_r:shadow_t
+/etc/\.pwd\.lock -- context_template(system_u:object_r:shadow_t,s0)
+/etc/group\.lock -- context_template(system_u:object_r:shadow_t,s0)
+/etc/gshadow.* -- context_template(system_u:object_r:shadow_t,s0)
+/etc/passwd\.lock -- context_template(system_u:object_r:shadow_t,s0)
+/etc/shadow.* -- context_template(system_u:object_r:shadow_t,s0)
-/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- system_u:object_r:pam_exec_t
+/lib(64)?/security/pam_krb5/pam_krb5_storetmp -- context_template(system_u:object_r:pam_exec_t,s0)
-/sbin/pam_console_apply -- system_u:object_r:pam_console_exec_t
-/sbin/pam_timestamp_check -- system_u:object_r:pam_exec_t
-/sbin/unix_chkpwd -- system_u:object_r:chkpwd_exec_t
-/sbin/unix_verify -- system_u:object_r:chkpwd_exec_t
+/sbin/pam_console_apply -- context_template(system_u:object_r:pam_console_exec_t,s0)
+/sbin/pam_timestamp_check -- context_template(system_u:object_r:pam_exec_t,s0)
+/sbin/unix_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0)
+/sbin/unix_verify -- context_template(system_u:object_r:chkpwd_exec_t,s0)
ifdef(`distro_suse', `
-/sbin/unix2_chkpwd -- system_u:object_r:chkpwd_exec_t
+/sbin/unix2_chkpwd -- context_template(system_u:object_r:chkpwd_exec_t,s0)
')
-/usr/kerberos/sbin/login\.krb5 -- system_u:object_r:login_exec_t
+/usr/kerberos/sbin/login\.krb5 -- context_template(system_u:object_r:login_exec_t,s0)
-/usr/sbin/utempter -- system_u:object_r:utempter_exec_t
+/usr/sbin/utempter -- context_template(system_u:object_r:utempter_exec_t,s0)
-/var/db/shadow.* -- system_u:object_r:shadow_t
+/var/db/shadow.* -- context_template(system_u:object_r:shadow_t,s0)
-/var/log/btmp.* -- system_u:object_r:faillog_t
-/var/log/dmesg -- system_u:object_r:var_log_t
-/var/log/faillog -- system_u:object_r:faillog_t
-/var/log/lastlog -- system_u:object_r:lastlog_t
-/var/log/syslog -- system_u:object_r:var_log_t
-/var/log/wtmp.* -- system_u:object_r:wtmp_t
+/var/log/btmp.* -- context_template(system_u:object_r:faillog_t,s0)
+/var/log/dmesg -- context_template(system_u:object_r:var_log_t,s0)
+/var/log/faillog -- context_template(system_u:object_r:faillog_t,s0)
+/var/log/lastlog -- context_template(system_u:object_r:lastlog_t,s0)
+/var/log/syslog -- context_template(system_u:object_r:var_log_t,s0)
+/var/log/wtmp.* -- context_template(system_u:object_r:wtmp_t,s0)
-/var/run/console(/.*)? system_u:object_r:pam_var_console_t
+/var/run/console(/.*)? context_template(system_u:object_r:pam_var_console_t,s0)
-/var/run/sudo(/.*)? system_u:object_r:pam_var_run_t
+/var/run/sudo(/.*)? context_template(system_u:object_r:pam_var_run_t,s0)
diff --git a/refpolicy/policy/modules/system/clock.fc b/refpolicy/policy/modules/system/clock.fc
index 1783155..9f4c567 100644
--- a/refpolicy/policy/modules/system/clock.fc
+++ b/refpolicy/policy/modules/system/clock.fc
@@ -1,6 +1,6 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/etc/adjtime -- system_u:object_r:adjtime_t
+/etc/adjtime -- context_template(system_u:object_r:adjtime_t,s0)
-/sbin/hwclock -- system_u:object_r:hwclock_exec_t
+/sbin/hwclock -- context_template(system_u:object_r:hwclock_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/corecommands.fc b/refpolicy/policy/modules/system/corecommands.fc
index 67b7ef6..f5257f2 100644
--- a/refpolicy/policy/modules/system/corecommands.fc
+++ b/refpolicy/policy/modules/system/corecommands.fc
@@ -3,84 +3,84 @@
#
# /bin
#
-/bin(/.*)? system_u:object_r:bin_t
-/bin/d?ash -- system_u:object_r:shell_exec_t
-/bin/bash -- system_u:object_r:shell_exec_t
-/bin/bash2 -- system_u:object_r:shell_exec_t
-/bin/ls -- system_u:object_r:ls_exec_t
-/bin/sash -- system_u:object_r:shell_exec_t
-/bin/tcsh -- system_u:object_r:shell_exec_t
-/bin/zsh.* -- system_u:object_r:shell_exec_t
+/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
+/bin/d?ash -- context_template(system_u:object_r:shell_exec_t,s0)
+/bin/bash -- context_template(system_u:object_r:shell_exec_t,s0)
+/bin/bash2 -- context_template(system_u:object_r:shell_exec_t,s0)
+/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0)
+/bin/sash -- context_template(system_u:object_r:shell_exec_t,s0)
+/bin/tcsh -- context_template(system_u:object_r:shell_exec_t,s0)
+/bin/zsh.* -- context_template(system_u:object_r:shell_exec_t,s0)
#
# /dev
#
-/dev/MAKEDEV -- system_u:object_r:sbin_t
+/dev/MAKEDEV -- context_template(system_u:object_r:sbin_t,s0)
#
# /etc
#
-/etc/hotplug/.*agent -- system_u:object_r:sbin_t
-/etc/hotplug/.*rc -- system_u:object_r:sbin_t
+/etc/hotplug/.*agent -- context_template(system_u:object_r:sbin_t,s0)
+/etc/hotplug/.*rc -- context_template(system_u:object_r:sbin_t,s0)
-/etc/hotplug/hotplug\.functions -- system_u:object_r:sbin_t
+/etc/hotplug/hotplug\.functions -- context_template(system_u:object_r:sbin_t,s0)
-/etc/hotplug\.d/default/default.* system_u:object_r:sbin_t
+/etc/hotplug\.d/default/default.* context_template(system_u:object_r:sbin_t,s0)
-/etc/netplug\.d(/.*)? system_u:object_r:sbin_t
+/etc/netplug\.d(/.*)? context_template(system_u:object_r:sbin_t,s0)
ifdef(`targeted_policy', `
-/etc/X11/prefdm -- system_u:object_r:bin_t
+/etc/X11/prefdm -- context_template(system_u:object_r:bin_t,s0)
')
#
# /sbin
#
-/sbin(/.*)? system_u:object_r:sbin_t
-/sbin/insmod_ksymoops_clean -- system_u:object_r:sbin_t
+/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
+/sbin/insmod_ksymoops_clean -- context_template(system_u:object_r:sbin_t,s0)
#
# /opt
#
-/opt/.*/bin(/.*)? system_u:object_r:bin_t
+/opt/.*/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
-/opt/.*/libexec(/.*)? system_u:object_r:bin_t
+/opt/.*/libexec(/.*)? context_template(system_u:object_r:bin_t,s0)
-/opt/.*/sbin(/.*)? system_u:object_r:sbin_t
+/opt/.*/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
#
# /usr
#
ifdef(`distro_gentoo', `
-/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? system_u:object_r:bin_t
+/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? context_template(system_u:object_r:bin_t,s0)
')
-/usr(/.*)?/Bin(/.*)? system_u:object_r:bin_t
+/usr(/.*)?/Bin(/.*)? context_template(system_u:object_r:bin_t,s0)
-/usr(/.*)?/bin(/.*)? system_u:object_r:bin_t
+/usr(/.*)?/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
-/usr(/.*)?/sbin(/.*)? system_u:object_r:sbin_t
+/usr(/.*)?/sbin(/.*)? context_template(system_u:object_r:sbin_t,s0)
-/usr/lib(64)?/emacsen-common/.* system_u:object_r:bin_t
+/usr/lib(64)?/emacsen-common/.* context_template(system_u:object_r:bin_t,s0)
-/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- system_u:object_r:bin_t
-/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- system_u:object_r:bin_t
-/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- system_u:object_r:bin_t
-/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- system_u:object_r:bin_t
+/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird -- context_template(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/[^/]*thunderbird[^/]*/thunderbird-bin -- context_template(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/[^/]*thunderbird[^/]*/run-mozilla\.sh -- context_template(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/[^/]*thunderbird[^/]*/mozilla-xremote-client -- context_template(system_u:object_r:bin_t,s0)
-/usr/libexec(/.*)? system_u:object_r:bin_t
+/usr/libexec(/.*)? context_template(system_u:object_r:bin_t,s0)
-/usr/sbin/sesh -- system_u:object_r:shell_exec_t
+/usr/sbin/sesh -- context_template(system_u:object_r:shell_exec_t,s0)
-/usr/share/gnucash/finance-quote-check -- system_u:object_r:bin_t
-/usr/share/gnucash/finance-quote-helper -- system_u:object_r:bin_t
+/usr/share/gnucash/finance-quote-check -- context_template(system_u:object_r:bin_t,s0)
+/usr/share/gnucash/finance-quote-helper -- context_template(system_u:object_r:bin_t,s0)
-/usr/share/mc/extfs/.* -- system_u:object_r:bin_t
+/usr/share/mc/extfs/.* -- context_template(system_u:object_r:bin_t,s0)
#
# /var
#
-/var/mailman/bin(/.*)? system_u:object_r:bin_t
+/var/mailman/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
-/var/ftp/bin(/.*)? system_u:object_r:bin_t
-/var/ftp/bin/ls -- system_u:object_r:ls_exec_t
+/var/ftp/bin(/.*)? context_template(system_u:object_r:bin_t,s0)
+/var/ftp/bin/ls -- context_template(system_u:object_r:ls_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/files.fc b/refpolicy/policy/modules/system/files.fc
index 06a2f29..72f6018 100644
--- a/refpolicy/policy/modules/system/files.fc
+++ b/refpolicy/policy/modules/system/files.fc
@@ -3,8 +3,8 @@
#
# /
#
-/.* system_u:object_r:default_t
-/ -d system_u:object_r:root_t
+/.* context_template(system_u:object_r:default_t,s0)
+/ -d context_template(system_u:object_r:root_t,s0)
/\.journal <<none>>
#
@@ -12,75 +12,75 @@
#
/boot/\.journal <<none>>
-/boot/lost\+found(/.*)? system_u:object_r:lost_found_t
+/boot/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
#
# /etc
#
-/etc(/.*)? system_u:object_r:etc_t
-/etc/\.fstab\.hal\..+ -- system_u:object_r:etc_runtime_t
-/etc/asound\.state -- system_u:object_r:etc_runtime_t
-/etc/blkid\.tab.* -- system_u:object_r:etc_runtime_t
-/etc/fstab\.REVOKE -- system_u:object_r:etc_runtime_t
-/etc/HOSTNAME -- system_u:object_r:etc_runtime_t
-/etc/ioctl\.save -- system_u:object_r:etc_runtime_t
-/etc/issue -- system_u:object_r:etc_runtime_t
-/etc/issue\.net -- system_u:object_r:etc_runtime_t
-/etc/localtime -l system_u:object_r:etc_t
-/etc/mtab -- system_u:object_r:etc_runtime_t
-/etc/motd -- system_u:object_r:etc_runtime_t
-/etc/nohotplug -- system_u:object_r:etc_runtime_t
-/etc/nologin.* -- system_u:object_r:etc_runtime_t
+/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
+/etc/\.fstab\.hal\..+ -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/asound\.state -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/blkid\.tab.* -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/fstab\.REVOKE -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/HOSTNAME -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/ioctl\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/issue -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/issue\.net -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/localtime -l context_template(system_u:object_r:etc_t,s0)
+/etc/mtab -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/motd -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/nohotplug -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/nologin.* -- context_template(system_u:object_r:etc_runtime_t,s0)
-/etc/init\.d/functions -- system_u:object_r:etc_t
+/etc/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
-/etc/network/ifstate -- system_u:object_r:etc_runtime_t
+/etc/network/ifstate -- context_template(system_u:object_r:etc_runtime_t,s0)
-/etc/ptal/ptal-printd-like -- system_u:object_r:etc_runtime_t
+/etc/ptal/ptal-printd-like -- context_template(system_u:object_r:etc_runtime_t,s0)
-/etc/rc\.d/init\.d/functions -- system_u:object_r:etc_t
+/etc/rc\.d/init\.d/functions -- context_template(system_u:object_r:etc_t,s0)
-/etc/sysconfig/hwconf -- system_u:object_r:etc_runtime_t
-/etc/sysconfig/iptables\.save -- system_u:object_r:etc_runtime_t
-/etc/sysconfig/firstboot -- system_u:object_r:etc_runtime_t
+/etc/sysconfig/hwconf -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/sysconfig/iptables\.save -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/sysconfig/firstboot -- context_template(system_u:object_r:etc_runtime_t,s0)
ifdef(`distro_gentoo', `
-/etc/profile\.env -- system_u:object_r:etc_runtime_t
-/etc/csh\.env -- system_u:object_r:etc_runtime_t
-/etc/env\.d/.* -- system_u:object_r:etc_runtime_t
+/etc/profile\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/csh\.env -- context_template(system_u:object_r:etc_runtime_t,s0)
+/etc/env\.d/.* -- context_template(system_u:object_r:etc_runtime_t,s0)
')
#
# /initrd
#
# initrd mount point, only used during boot
-/initrd -d system_u:object_r:root_t
+/initrd -d context_template(system_u:object_r:root_t,s0)
#
# /lost+found
#
-/lost\+found(/.*)? system_u:object_r:lost_found_t
+/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
#
# /media
#
# Mount points; do not relabel subdirectories, since
# we don't want to change any removable media by default.
-/media(/[^/]*)? -d system_u:object_r:mnt_t
+/media(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
/media/[^/]*/.* <<none>>
#
# /mnt
#
-/mnt(/[^/]*)? -d system_u:object_r:mnt_t
+/mnt(/[^/]*)? -d context_template(system_u:object_r:mnt_t,s0)
/mnt/[^/]*/.* <<none>>
#
# /opt
#
-/opt(/.*)? system_u:object_r:usr_t
+/opt(/.*)? context_template(system_u:object_r:usr_t,s0)
-/opt/.*/var/lib(64)?(/.*)? system_u:object_r:var_lib_t
+/opt/.*/var/lib(64)?(/.*)? context_template(system_u:object_r:var_lib_t,s0)
#
# /proc
@@ -100,60 +100,60 @@ ifdef(`distro_gentoo', `
#
# /tmp
#
-/tmp -d system_u:object_r:tmp_t
+/tmp -d context_template(system_u:object_r:tmp_t,s0)
/tmp/.* <<none>>
/tmp/\.journal <<none>>
-/tmp/lost\+found(/.*)? system_u:object_r:lost_found_t
+/tmp/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
#
# /usr
#
-/usr(/.*)? system_u:object_r:usr_t
+/usr(/.*)? context_template(system_u:object_r:usr_t,s0)
/usr/\.journal <<none>>
-/usr/lost\+found(/.*)? system_u:object_r:lost_found_t
+/usr/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
-/usr/etc(/.*)? system_u:object_r:etc_t
+/usr/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
-/usr/inclu.e(/.*)? system_u:object_r:usr_t
+/usr/inclu.e(/.*)? context_template(system_u:object_r:usr_t,s0)
/usr/local/\.journal <<none>>
-/usr/local/lost\+found(/.*)? system_u:object_r:lost_found_t
+/usr/local/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
-/usr/share(/.*)?/lib(64)?(/.*)? system_u:object_r:usr_t
+/usr/share(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:usr_t,s0)
-/usr/src(/.*)? system_u:object_r:src_t
+/usr/src(/.*)? context_template(system_u:object_r:src_t,s0)
-/usr/tmp -d system_u:object_r:tmp_t
+/usr/tmp -d context_template(system_u:object_r:tmp_t,s0)
/usr/tmp/.* <<none>>
#
# /var
#
-/var(/.*)? system_u:object_r:var_t
+/var(/.*)? context_template(system_u:object_r:var_t,s0)
/var/\.journal <<none>>
-/var/lost\+found(/.*)? system_u:object_r:lost_found_t
+/var/lost\+found(/.*)? context_template(system_u:object_r:lost_found_t,s0)
-/var/db/.*\.db -- system_u:object_r:etc_t
+/var/db/.*\.db -- context_template(system_u:object_r:etc_t,s0)
-/var/ftp/etc(/.*)? system_u:object_r:etc_t
+/var/ftp/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
/var/lib/nfs/rpc_pipefs(/.*)? <<none>>
-/usr/local/etc(/.*)? system_u:object_r:etc_t
+/usr/local/etc(/.*)? context_template(system_u:object_r:etc_t,s0)
-/usr/local/src(/.*)? system_u:object_r:src_t
+/usr/local/src(/.*)? context_template(system_u:object_r:src_t,s0)
-/var/lock(/.*)? system_u:object_r:var_lock_t
+/var/lock(/.*)? context_template(system_u:object_r:var_lock_t,s0)
-/var/run(/.*)? system_u:object_r:var_run_t
+/var/run(/.*)? context_template(system_u:object_r:var_run_t,s0)
/var/run/.*\.*pid <<none>>
-/var/spool(/.*)? system_u:object_r:var_spool_t
+/var/spool(/.*)? context_template(system_u:object_r:var_spool_t,s0)
-/var/tmp -d system_u:object_r:tmp_t
+/var/tmp -d context_template(system_u:object_r:tmp_t,s0)
/var/tmp/.* <<none>>
-/var/tmp/vi\.recover -d system_u:object_r:tmp_t
+/var/tmp/vi\.recover -d context_template(system_u:object_r:tmp_t,s0)
diff --git a/refpolicy/policy/modules/system/getty.fc b/refpolicy/policy/modules/system/getty.fc
index 0ec39d2..57dc23e 100644
--- a/refpolicy/policy/modules/system/getty.fc
+++ b/refpolicy/policy/modules/system/getty.fc
@@ -1,5 +1,5 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/etc/mgetty(/.*)? system_u:object_r:getty_etc_t
+/etc/mgetty(/.*)? context_template(system_u:object_r:getty_etc_t,s0)
-/sbin/.*getty -- system_u:object_r:getty_exec_t
+/sbin/.*getty -- context_template(system_u:object_r:getty_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/hostname.fc b/refpolicy/policy/modules/system/hostname.fc
index 3248411..8a6d93d 100644
--- a/refpolicy/policy/modules/system/hostname.fc
+++ b/refpolicy/policy/modules/system/hostname.fc
@@ -1,3 +1,3 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/bin/hostname -- system_u:object_r:hostname_exec_t
+/bin/hostname -- context_template(system_u:object_r:hostname_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/hotplug.fc b/refpolicy/policy/modules/system/hotplug.fc
index 62fa976..212c6f7 100644
--- a/refpolicy/policy/modules/system/hotplug.fc
+++ b/refpolicy/policy/modules/system/hotplug.fc
@@ -1,12 +1,12 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/etc/hotplug(/.*)? system_u:object_r:hotplug_etc_t
-/etc/hotplug/firmware.agent -- system_u:object_r:hotplug_exec_t
+/etc/hotplug(/.*)? context_template(system_u:object_r:hotplug_etc_t,s0)
+/etc/hotplug/firmware.agent -- context_template(system_u:object_r:hotplug_exec_t,s0)
-/etc/hotplug\.d/.* -- system_u:object_r:hotplug_exec_t
+/etc/hotplug\.d/.* -- context_template(system_u:object_r:hotplug_exec_t,s0)
-/sbin/hotplug -- system_u:object_r:hotplug_exec_t
-/sbin/netplugd -- system_u:object_r:hotplug_exec_t
+/sbin/hotplug -- context_template(system_u:object_r:hotplug_exec_t,s0)
+/sbin/netplugd -- context_template(system_u:object_r:hotplug_exec_t,s0)
-/var/run/usb(/.*)? system_u:object_r:hotplug_var_run_t
-/var/run/hotplug(/.*)? system_u:object_r:hotplug_var_run_t
+/var/run/usb(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0)
+/var/run/hotplug(/.*)? context_template(system_u:object_r:hotplug_var_run_t,s0)
diff --git a/refpolicy/policy/modules/system/init.fc b/refpolicy/policy/modules/system/init.fc
index 7d63f25..05917a0 100644
--- a/refpolicy/policy/modules/system/init.fc
+++ b/refpolicy/policy/modules/system/init.fc
@@ -4,60 +4,60 @@
# /
#
ifdef(`distro_redhat', `
-/\.autofsck -- system_u:object_r:etc_runtime_t
-/halt -- system_u:object_r:etc_runtime_t
+/\.autofsck -- context_template(system_u:object_r:etc_runtime_t,s0)
+/halt -- context_template(system_u:object_r:etc_runtime_t,s0)
')
#
# /etc
#
-/etc/init\.d/.* -- system_u:object_r:initrc_exec_t
+/etc/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0)
-/etc/rc\.d/rc -- system_u:object_r:initrc_exec_t
-/etc/rc\.d/rc\.sysinit -- system_u:object_r:initrc_exec_t
-/etc/rc\.d/rc\.local -- system_u:object_r:initrc_exec_t
+/etc/rc\.d/rc -- context_template(system_u:object_r:initrc_exec_t,s0)
+/etc/rc\.d/rc\.sysinit -- context_template(system_u:object_r:initrc_exec_t,s0)
+/etc/rc\.d/rc\.local -- context_template(system_u:object_r:initrc_exec_t,s0)
-/etc/rc\.d/init\.d/.* -- system_u:object_r:initrc_exec_t
+/etc/rc\.d/init\.d/.* -- context_template(system_u:object_r:initrc_exec_t,s0)
ifdef(`targeted_policy', `', `
-/etc/X11/prefdm -- system_u:object_r:initrc_exec_t
+/etc/X11/prefdm -- context_template(system_u:object_r:initrc_exec_t,s0)
')
#
# /dev
#
-/dev/initctl -p system_u:object_r:initctl_t
+/dev/initctl -p context_template(system_u:object_r:initctl_t,s0)
#
# /sbin
#
-/sbin/init -- system_u:object_r:init_exec_t
+/sbin/init -- context_template(system_u:object_r:init_exec_t,s0)
ifdef(`distro_gentoo', `
-/sbin/rc -- system_u:object_r:initrc_exec_t
-/sbin/runscript -- system_u:object_r:initrc_exec_t
-/sbin/runscript\.sh -- system_u:object_r:initrc_exec_t
+/sbin/rc -- context_template(system_u:object_r:initrc_exec_t,s0)
+/sbin/runscript -- context_template(system_u:object_r:initrc_exec_t,s0)
+/sbin/runscript\.sh -- context_template(system_u:object_r:initrc_exec_t,s0)
')
#
# /usr
#
-/usr/sbin/open_init_pty -- system_u:object_r:initrc_exec_t
+/usr/sbin/open_init_pty -- context_template(system_u:object_r:initrc_exec_t,s0)
#
# /var
#
ifdef(`distro_gentoo', `
-/var/lib/init\.d(/.*)? system_u:object_r:initrc_state_t
+/var/lib/init\.d(/.*)? context_template(system_u:object_r:initrc_state_t,s0)
')
-/var/run/utmp -- system_u:object_r:initrc_var_run_t
-/var/run/runlevel\.dir system_u:object_r:initrc_var_run_t
-/var/run/random-seed -- system_u:object_r:initrc_var_run_t
-/var/run/setmixer_flag -- system_u:object_r:initrc_var_run_t
+/var/run/utmp -- context_template(system_u:object_r:initrc_var_run_t,s0)
+/var/run/runlevel\.dir context_template(system_u:object_r:initrc_var_run_t,s0)
+/var/run/random-seed -- context_template(system_u:object_r:initrc_var_run_t,s0)
+/var/run/setmixer_flag -- context_template(system_u:object_r:initrc_var_run_t,s0)
ifdef(`distro_suse', `
-/var/run/sysconfig(/.*)? system_u:object_r:initrc_var_run_t
-/var/run/keymap -- system_u:object_r:initrc_var_run_t
-/var/run/numlock-on -- system_u:object_r:initrc_var_run_t
+/var/run/sysconfig(/.*)? context_template(system_u:object_r:initrc_var_run_t,s0)
+/var/run/keymap -- context_template(system_u:object_r:initrc_var_run_t,s0)
+/var/run/numlock-on -- context_template(system_u:object_r:initrc_var_run_t,s0)
')
diff --git a/refpolicy/policy/modules/system/iptables.fc b/refpolicy/policy/modules/system/iptables.fc
index 6957600..93a4d92 100644
--- a/refpolicy/policy/modules/system/iptables.fc
+++ b/refpolicy/policy/modules/system/iptables.fc
@@ -1,9 +1,9 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t
-/sbin/ipchains.* -- system_u:object_r:iptables_exec_t
-/sbin/iptables.* -- system_u:object_r:iptables_exec_t
+/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
+/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0)
+/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
-/usr/sbin/ip6tables.* -- system_u:object_r:iptables_exec_t
-/usr/sbin/ipchains.* -- system_u:object_r:iptables_exec_t
-/usr/sbin/iptables.* -- system_u:object_r:iptables_exec_t
+/usr/sbin/ip6tables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
+/usr/sbin/ipchains.* -- context_template(system_u:object_r:iptables_exec_t,s0)
+/usr/sbin/iptables.* -- context_template(system_u:object_r:iptables_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/libraries.fc b/refpolicy/policy/modules/system/libraries.fc
index a4bab59..d7efff8 100644
--- a/refpolicy/policy/modules/system/libraries.fc
+++ b/refpolicy/policy/modules/system/libraries.fc
@@ -3,48 +3,48 @@
#
# /etc
#
-/etc/ld\.so\.cache -- system_u:object_r:ld_so_cache_t
-/etc/ld\.so\.preload -- system_u:object_r:ld_so_cache_t
+/etc/ld\.so\.cache -- context_template(system_u:object_r:ld_so_cache_t,s0)
+/etc/ld\.so\.preload -- context_template(system_u:object_r:ld_so_cache_t,s0)
#
# /lib(64)?
#
-/lib(64)?(/.*)? system_u:object_r:lib_t
-/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
-/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t
+/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
+/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
+/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0)
#
# /opt
#
-/opt/.*/lib(64)?(/.*)? system_u:object_r:lib_t
-/opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
+/opt/.*/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
+/opt/.*/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
#
# /usr
#
-/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t
+/usr(/.*)?/HelixPlayer/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
-/usr(/.*)?/java/.*\.so(\.[^/]*)* -- system_u:object_r:texrel_shlib_t
-/usr(/.*)?/java/.*\.jar -- system_u:object_r:shlib_t
-/usr(/.*)?/java/.*\.jsa -- system_u:object_r:shlib_t
+/usr(/.*)?/java/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:texrel_shlib_t,s0)
+/usr(/.*)?/java/.*\.jar -- context_template(system_u:object_r:shlib_t,s0)
+/usr(/.*)?/java/.*\.jsa -- context_template(system_u:object_r:shlib_t,s0)
-/usr(/.*)?/lib(64)?(/.*)? system_u:object_r:lib_t
-/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
+/usr(/.*)?/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
+/usr(/.*)?/lib(64)?/.*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
-/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* system_u:object_r:ld_so_t
+/usr(/.*)?/lib(64)?(/.*)?/ld-[^/]*\.so(\.[^/]*)* context_template(system_u:object_r:ld_so_t,s0)
-/usr(/.*)?/nvidia/.*\.so(\..*)? -- system_u:object_r:texrel_shlib_t
+/usr(/.*)?/nvidia/.*\.so(\..*)? -- context_template(system_u:object_r:texrel_shlib_t,s0)
-/usr/lib/win32/.* -- system_u:object_r:shlib_t
+/usr/lib/win32/.* -- context_template(system_u:object_r:shlib_t,s0)
-/usr/X11R6/lib/libGL\.so.* -- system_u:object_r:texrel_shlib_t
-/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- system_u:object_r:texrel_shlib_t
+/usr/X11R6/lib/libGL\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0)
+/usr/X11R6/lib/libXvMCNVIDIA\.so.* -- context_template(system_u:object_r:texrel_shlib_t,s0)
#
# /var
#
-/var/ftp/lib(64)?(/.*)? system_u:object_r:lib_t
-/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- system_u:object_r:ld_so_t
-/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- system_u:object_r:shlib_t
+/var/ftp/lib(64)?(/.*)? context_template(system_u:object_r:lib_t,s0)
+/var/ftp/lib(64)?/ld[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:ld_so_t,s0)
+/var/ftp/lib(64)?/lib[^/]*\.so(\.[^/]*)* -- context_template(system_u:object_r:shlib_t,s0)
-/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- system_u:object_r:shlib_t
+/var/mailman/pythonlib(/.*)?/.*\.so(\..*)? -- context_template(system_u:object_r:shlib_t,s0)
diff --git a/refpolicy/policy/modules/system/locallogin.fc b/refpolicy/policy/modules/system/locallogin.fc
index f30b68a..22189de 100644
--- a/refpolicy/policy/modules/system/locallogin.fc
+++ b/refpolicy/policy/modules/system/locallogin.fc
@@ -1,3 +1,3 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/sbin/sulogin -- system_u:object_r:sulogin_exec_t
+/sbin/sulogin -- context_template(system_u:object_r:sulogin_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/logging.fc b/refpolicy/policy/modules/system/logging.fc
index 133039e..b322e0c 100644
--- a/refpolicy/policy/modules/system/logging.fc
+++ b/refpolicy/policy/modules/system/logging.fc
@@ -1,23 +1,23 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/dev/log -s system_u:object_r:devlog_t
+/dev/log -s context_template(system_u:object_r:devlog_t,s0)
-/sbin/klogd -- system_u:object_r:klogd_exec_t
-/sbin/minilogd -- system_u:object_r:syslogd_exec_t
-/sbin/syslogd -- system_u:object_r:syslogd_exec_t
-/sbin/syslog-ng -- system_u:object_r:syslogd_exec_t
+/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0)
+/sbin/minilogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
+/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
+/sbin/syslog-ng -- context_template(system_u:object_r:syslogd_exec_t,s0)
-/usr/sbin/klogd -- system_u:object_r:klogd_exec_t
-/usr/sbin/metalog -- system_u:object_r:syslogd_exec_t
-/usr/sbin/syslogd -- system_u:object_r:syslogd_exec_t
+/usr/sbin/klogd -- context_template(system_u:object_r:klogd_exec_t,s0)
+/usr/sbin/metalog -- context_template(system_u:object_r:syslogd_exec_t,s0)
+/usr/sbin/syslogd -- context_template(system_u:object_r:syslogd_exec_t,s0)
ifdef(`distro_suse', `
-/var/lib/stunnel/dev/log -s system_u:object_r:devlog_t
+/var/lib/stunnel/dev/log -s context_template(system_u:object_r:devlog_t,s0)
')
-/var/log(/.*)? system_u:object_r:var_log_t
+/var/log(/.*)? context_template(system_u:object_r:var_log_t,s0)
-/var/run/klogd\.pid -- system_u:object_r:klogd_var_run_t
-/var/run/log -s system_u:object_r:devlog_t
-/var/run/metalog\.pid -- system_u:object_r:syslogd_var_run_t
-/var/run/syslogd\.pid -- system_u:object_r:syslogd_var_run_t
+/var/run/klogd\.pid -- context_template(system_u:object_r:klogd_var_run_t,s0)
+/var/run/log -s context_template(system_u:object_r:devlog_t,s0)
+/var/run/metalog\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0)
+/var/run/syslogd\.pid -- context_template(system_u:object_r:syslogd_var_run_t,s0)
diff --git a/refpolicy/policy/modules/system/lvm.fc b/refpolicy/policy/modules/system/lvm.fc
index d31ccfe..a648e4c 100644
--- a/refpolicy/policy/modules/system/lvm.fc
+++ b/refpolicy/policy/modules/system/lvm.fc
@@ -7,85 +7,85 @@
#
# /etc
#
-/etc/lvm(/.*)? system_u:object_r:lvm_etc_t
-/etc/lvm/\.cache -- system_u:object_r:lvm_metadata_t
+/etc/lvm(/.*)? context_template(system_u:object_r:lvm_etc_t,s0)
+/etc/lvm/\.cache -- context_template(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvm/archive(/.*)? system_u:object_r:lvm_metadata_t
+/etc/lvm/archive(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvm/backup(/.*)? system_u:object_r:lvm_metadata_t
+/etc/lvm/backup(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvm/lock(/.*)? system_u:object_r:lvm_lock_t
+/etc/lvm/lock(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)
-/etc/lvmtab(/.*)? system_u:object_r:lvm_metadata_t
+/etc/lvmtab(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
-/etc/lvmtab\.d(/.*)? system_u:object_r:lvm_metadata_t
+/etc/lvmtab\.d(/.*)? context_template(system_u:object_r:lvm_metadata_t,s0)
#
# /lib
#
-/lib/lvm-10(/.*) -- system_u:object_r:lvm_exec_t
+/lib/lvm-10(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0)
-/lib/lvm-200(/.*) -- system_u:object_r:lvm_exec_t
+/lib/lvm-200(/.*) -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /sbin
#
-/sbin/cryptsetup -- system_u:object_r:lvm_exec_t
-/sbin/dmsetup -- system_u:object_r:lvm_exec_t
-/sbin/dmsetup\.static -- system_u:object_r:lvm_exec_t
-/sbin/e2fsadm -- system_u:object_r:lvm_exec_t
-/sbin/lvchange -- system_u:object_r:lvm_exec_t
-/sbin/lvcreate -- system_u:object_r:lvm_exec_t
-/sbin/lvdisplay -- system_u:object_r:lvm_exec_t
-/sbin/lvextend -- system_u:object_r:lvm_exec_t
-/sbin/lvm -- system_u:object_r:lvm_exec_t
-/sbin/lvm\.static -- system_u:object_r:lvm_exec_t
-/sbin/lvmchange -- system_u:object_r:lvm_exec_t
-/sbin/lvmdiskscan -- system_u:object_r:lvm_exec_t
-/sbin/lvmiopversion -- system_u:object_r:lvm_exec_t
-/sbin/lvmsadc -- system_u:object_r:lvm_exec_t
-/sbin/lvmsar -- system_u:object_r:lvm_exec_t
-/sbin/lvreduce -- system_u:object_r:lvm_exec_t
-/sbin/lvremove -- system_u:object_r:lvm_exec_t
-/sbin/lvrename -- system_u:object_r:lvm_exec_t
-/sbin/lvresize -- system_u:object_r:lvm_exec_t
-/sbin/lvs -- system_u:object_r:lvm_exec_t
-/sbin/lvscan -- system_u:object_r:lvm_exec_t
-/sbin/pvchange -- system_u:object_r:lvm_exec_t
-/sbin/pvcreate -- system_u:object_r:lvm_exec_t
-/sbin/pvdata -- system_u:object_r:lvm_exec_t
-/sbin/pvdisplay -- system_u:object_r:lvm_exec_t
-/sbin/pvmove -- system_u:object_r:lvm_exec_t
-/sbin/pvremove -- system_u:object_r:lvm_exec_t
-/sbin/pvs -- system_u:object_r:lvm_exec_t
-/sbin/pvscan -- system_u:object_r:lvm_exec_t
-/sbin/vgcfgbackup -- system_u:object_r:lvm_exec_t
-/sbin/vgcfgrestore -- system_u:object_r:lvm_exec_t
-/sbin/vgchange -- system_u:object_r:lvm_exec_t
-/sbin/vgchange\.static -- system_u:object_r:lvm_exec_t
-/sbin/vgck -- system_u:object_r:lvm_exec_t
-/sbin/vgcreate -- system_u:object_r:lvm_exec_t
-/sbin/vgdisplay -- system_u:object_r:lvm_exec_t
-/sbin/vgexport -- system_u:object_r:lvm_exec_t
-/sbin/vgextend -- system_u:object_r:lvm_exec_t
-/sbin/vgimport -- system_u:object_r:lvm_exec_t
-/sbin/vgmerge -- system_u:object_r:lvm_exec_t
-/sbin/vgmknodes -- system_u:object_r:lvm_exec_t
-/sbin/vgreduce -- system_u:object_r:lvm_exec_t
-/sbin/vgremove -- system_u:object_r:lvm_exec_t
-/sbin/vgrename -- system_u:object_r:lvm_exec_t
-/sbin/vgs -- system_u:object_r:lvm_exec_t
-/sbin/vgscan -- system_u:object_r:lvm_exec_t
-/sbin/vgscan\.static -- system_u:object_r:lvm_exec_t
-/sbin/vgsplit -- system_u:object_r:lvm_exec_t
-/sbin/vgwrapper -- system_u:object_r:lvm_exec_t
+/sbin/cryptsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/dmsetup -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/dmsetup\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/e2fsadm -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvextend -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvm\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvmchange -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvmdiskscan -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvmiopversion -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvmsadc -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvmsar -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvrename -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvresize -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvs -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/lvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvchange -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvdata -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvmove -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvremove -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvs -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/pvscan -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgcfgbackup -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgcfgrestore -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgchange -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgchange\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgck -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgcreate -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgdisplay -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgexport -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgextend -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgimport -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgmerge -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgmknodes -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgreduce -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgremove -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgrename -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgs -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgscan -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgscan\.static -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgsplit -- context_template(system_u:object_r:lvm_exec_t,s0)
+/sbin/vgwrapper -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /usr
#
-/usr/sbin/lvm -- system_u:object_r:lvm_exec_t
+/usr/sbin/lvm -- context_template(system_u:object_r:lvm_exec_t,s0)
#
# /var
#
-/var/lock/lvm(/.*)? system_u:object_r:lvm_lock_t
+/var/lock/lvm(/.*)? context_template(system_u:object_r:lvm_lock_t,s0)
diff --git a/refpolicy/policy/modules/system/miscfiles.fc b/refpolicy/policy/modules/system/miscfiles.fc
index 2fb5a58..3cea8f6 100644
--- a/refpolicy/policy/modules/system/miscfiles.fc
+++ b/refpolicy/policy/modules/system/miscfiles.fc
@@ -3,53 +3,53 @@
#
# /etc
#
-/etc/localtime -- system_u:object_r:locale_t
+/etc/localtime -- context_template(system_u:object_r:locale_t,s0)
#
# /opt
#
-/opt/.*/man(/.*)? system_u:object_r:man_t
+/opt/.*/man(/.*)? context_template(system_u:object_r:man_t,s0)
#
# /usr
#
-/usr/lib/locale(/.*)? system_u:object_r:locale_t
+/usr/lib/locale(/.*)? context_template(system_u:object_r:locale_t,s0)
-/usr/lib(64)?/perl5/man(/.*)? system_u:object_r:man_t
+/usr/lib(64)?/perl5/man(/.*)? context_template(system_u:object_r:man_t,s0)
-/usr/local/man(/.*)? system_u:object_r:man_t
+/usr/local/man(/.*)? context_template(system_u:object_r:man_t,s0)
-/usr/local/share/fonts(/.*)? system_u:object_r:fonts_t
+/usr/local/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
-/usr/man(/.*)? system_u:object_r:man_t
+/usr/man(/.*)? context_template(system_u:object_r:man_t,s0)
-/usr/share/fonts(/.*)? system_u:object_r:fonts_t
+/usr/share/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
-/usr/share/ghostscript/fonts(/.*)? system_u:object_r:fonts_t
+/usr/share/ghostscript/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
-/usr/share/locale(/.*)? system_u:object_r:locale_t
+/usr/share/locale(/.*)? context_template(system_u:object_r:locale_t,s0)
-/usr/share/man(/.*)? system_u:object_r:man_t
+/usr/share/man(/.*)? context_template(system_u:object_r:man_t,s0)
-/usr/share/zoneinfo(/.*)? system_u:object_r:locale_t
+/usr/share/zoneinfo(/.*)? context_template(system_u:object_r:locale_t,s0)
-/usr/X11R6/lib/X11/fonts(/.*)? system_u:object_r:fonts_t
+/usr/X11R6/lib/X11/fonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
-/usr/X11R6/man(/.*)? system_u:object_r:man_t
+/usr/X11R6/man(/.*)? context_template(system_u:object_r:man_t,s0)
#
# /var
#
ifdef(`distro_debian', `
-/var/lib/msttcorefonts(/.*)? system_u:object_r:fonts_t
+/var/lib/msttcorefonts(/.*)? context_template(system_u:object_r:fonts_t,s0)
')
-/var/lib/texmf(/.*)? system_u:object_r:tetex_data_t
+/var/lib/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
-/var/cache/fonts(/.*)? system_u:object_r:tetex_data_t
+/var/cache/fonts(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
-/var/cache/man(/.*)? system_u:object_r:catman_t
+/var/cache/man(/.*)? context_template(system_u:object_r:catman_t,s0)
-/var/catman(/.*)? system_u:object_r:catman_t
+/var/catman(/.*)? context_template(system_u:object_r:catman_t,s0)
-/var/spool/texmf(/.*)? system_u:object_r:tetex_data_t
+/var/spool/texmf(/.*)? context_template(system_u:object_r:tetex_data_t,s0)
diff --git a/refpolicy/policy/modules/system/modutils.fc b/refpolicy/policy/modules/system/modutils.fc
index 0525164..7cfd037 100644
--- a/refpolicy/policy/modules/system/modutils.fc
+++ b/refpolicy/policy/modules/system/modutils.fc
@@ -1,15 +1,15 @@
# Copyright (C) 2005 Tresys Technology, LLC
-/etc/modules\.conf.* -- system_u:object_r:modules_conf_t
-/etc/modprobe\.conf.* -- system_u:object_r:modules_conf_t
+/etc/modules\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0)
+/etc/modprobe\.conf.* -- context_template(system_u:object_r:modules_conf_t,s0)
-/lib(64)?/modules/[^/]+/modules\..+ -- system_u:object_r:modules_dep_t
+/lib(64)?/modules/[^/]+/modules\..+ -- context_template(system_u:object_r:modules_dep_t,s0)
-/lib(64)?/modules/modprobe\.conf -- system_u:object_r:modules_conf_t
+/lib(64)?/modules/modprobe\.conf -- context_template(system_u:object_r:modules_conf_t,s0)
-/sbin/depmod.* -- system_u:object_r:depmod_exec_t
-/sbin/generate-modprobe\.conf -- system_u:object_r:update_modules_exec_t
-/sbin/insmod.* -- system_u:object_r:insmod_exec_t
-/sbin/modprobe.* -- system_u:object_r:insmod_exec_t
-/sbin/rmmod.* -- system_u:object_r:insmod_exec_t
-/sbin/update-modules -- system_u:object_r:update_modules_exec_t
+/sbin/depmod.* -- context_template(system_u:object_r:depmod_exec_t,s0)
+/sbin/generate-modprobe\.conf -- context_template(system_u:object_r:update_modules_exec_t,s0)
+/sbin/insmod.* -- context_template(system_u:object_r:insmod_exec_t,s0)
+/sbin/modprobe.* -- context_template(system_u:object_r:insmod_exec_t,s0)
+/sbin/rmmod.* -- context_template(system_u:object_r:insmod_exec_t,s0)
+/sbin/update-modules -- context_template(system_u:object_r:update_modules_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/mount.fc b/refpolicy/policy/modules/system/mount.fc
index f1a7684..76ca8ae 100644
--- a/refpolicy/policy/modules/system/mount.fc
+++ b/refpolicy/policy/modules/system/mount.fc
@@ -4,5 +4,5 @@
#
# mount file contexts
#
-/bin/mount.* -- system_u:object_r:mount_exec_t
-/bin/umount.* -- system_u:object_r:mount_exec_t
+/bin/mount.* -- context_template(system_u:object_r:mount_exec_t,s0)
+/bin/umount.* -- context_template(system_u:object_r:mount_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/selinux.fc b/refpolicy/policy/modules/system/selinux.fc
index 2f20d78..2581a8e 100644
--- a/refpolicy/policy/modules/system/selinux.fc
+++ b/refpolicy/policy/modules/system/selinux.fc
@@ -3,39 +3,39 @@
#
# /etc
#
-/etc/selinux(/.*)? system_u:object_r:selinux_config_t
+/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0)
-/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t
+/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0)
-/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t
+/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0)
-/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t
+/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0)
-/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t
+/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0)
#
# /root
#
-/root/\.default_contexts -- system_u:object_r:default_context_t
+/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0)
#
# /sbin
#
-/sbin/load_policy -- system_u:object_r:load_policy_exec_t
-/sbin/restorecon -- system_u:object_r:restorecon_exec_t
+/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
+/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0)
#
# /usr
#
-/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t
-/usr/bin/newrole -- system_u:object_r:newrole_exec_t
+/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0)
+/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0)
-/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t
+/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
-/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t
-/usr/sbin/run_init -- system_u:object_r:run_init_exec_t
-/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t
+/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
+/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0)
+/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0)
ifdef(`distro_debian', `
-/usr/share/selinux(/.*)? system_u:object_r:policy_src_t
+/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
')
diff --git a/refpolicy/policy/modules/system/selinuxutil.fc b/refpolicy/policy/modules/system/selinuxutil.fc
index 2f20d78..2581a8e 100644
--- a/refpolicy/policy/modules/system/selinuxutil.fc
+++ b/refpolicy/policy/modules/system/selinuxutil.fc
@@ -3,39 +3,39 @@
#
# /etc
#
-/etc/selinux(/.*)? system_u:object_r:selinux_config_t
+/etc/selinux(/.*)? context_template(system_u:object_r:selinux_config_t,s0)
-/etc/selinux/([^/]*/)?contexts(/.*)? system_u:object_r:default_context_t
+/etc/selinux/([^/]*/)?contexts(/.*)? context_template(system_u:object_r:default_context_t,s0)
-/etc/selinux/([^/]*/)?contexts/files(/.*)? system_u:object_r:file_context_t
+/etc/selinux/([^/]*/)?contexts/files(/.*)? context_template(system_u:object_r:file_context_t,s0)
-/etc/selinux/([^/]*/)?policy(/.*)? system_u:object_r:policy_config_t
+/etc/selinux/([^/]*/)?policy(/.*)? context_template(system_u:object_r:policy_config_t,s0)
-/etc/selinux/([^/]*/)?src(/.*)? system_u:object_r:policy_src_t
+/etc/selinux/([^/]*/)?src(/.*)? context_template(system_u:object_r:policy_src_t,s0)
#
# /root
#
-/root/\.default_contexts -- system_u:object_r:default_context_t
+/root/\.default_contexts -- context_template(system_u:object_r:default_context_t,s0)
#
# /sbin
#
-/sbin/load_policy -- system_u:object_r:load_policy_exec_t
-/sbin/restorecon -- system_u:object_r:restorecon_exec_t
+/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
+/sbin/restorecon -- context_template(system_u:object_r:restorecon_exec_t,s0)
#
# /usr
#
-/usr/bin/checkpolicy -- system_u:object_r:checkpolicy_exec_t
-/usr/bin/newrole -- system_u:object_r:newrole_exec_t
+/usr/bin/checkpolicy -- context_template(system_u:object_r:checkpolicy_exec_t,s0)
+/usr/bin/newrole -- context_template(system_u:object_r:newrole_exec_t,s0)
-/usr/lib(64)?/selinux(/.*)? system_u:object_r:policy_src_t
+/usr/lib(64)?/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
-/usr/sbin/load_policy -- system_u:object_r:load_policy_exec_t
-/usr/sbin/run_init -- system_u:object_r:run_init_exec_t
-/usr/sbin/setfiles.* -- system_u:object_r:setfiles_exec_t
+/usr/sbin/load_policy -- context_template(system_u:object_r:load_policy_exec_t,s0)
+/usr/sbin/run_init -- context_template(system_u:object_r:run_init_exec_t,s0)
+/usr/sbin/setfiles.* -- context_template(system_u:object_r:setfiles_exec_t,s0)
ifdef(`distro_debian', `
-/usr/share/selinux(/.*)? system_u:object_r:policy_src_t
+/usr/share/selinux(/.*)? context_template(system_u:object_r:policy_src_t,s0)
')
diff --git a/refpolicy/policy/modules/system/sysnetwork.fc b/refpolicy/policy/modules/system/sysnetwork.fc
index 3327046..65b5c53 100644
--- a/refpolicy/policy/modules/system/sysnetwork.fc
+++ b/refpolicy/policy/modules/system/sysnetwork.fc
@@ -3,45 +3,45 @@
#
# /bin
#
-/bin/ip -- system_u:object_r:ifconfig_exec_t
+/bin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0)
#
# /etc
#
-/etc/dhclient.*conf -- system_u:object_r:dhcp_etc_t
-/etc/dhclient-script -- system_u:object_r:dhcp_etc_t
-/etc/dhcpc.* system_u:object_r:dhcp_etc_t
-/etc/resolv\.conf.* -- system_u:object_r:net_conf_t
-/etc/yp\.conf.* -- system_u:object_r:net_conf_t
+/etc/dhclient.*conf -- context_template(system_u:object_r:dhcp_etc_t,s0)
+/etc/dhclient-script -- context_template(system_u:object_r:dhcp_etc_t,s0)
+/etc/dhcpc.* context_template(system_u:object_r:dhcp_etc_t,s0)
+/etc/resolv\.conf.* -- context_template(system_u:object_r:net_conf_t,s0)
+/etc/yp\.conf.* -- context_template(system_u:object_r:net_conf_t,s0)
-/etc/dhcp3?/dhclient.* system_u:object_r:dhcp_etc_t
+/etc/dhcp3?/dhclient.* context_template(system_u:object_r:dhcp_etc_t,s0)
#
# /sbin
#
-/sbin/dhclient.* -- system_u:object_r:dhcpc_exec_t
-/sbin/dhcpcd -- system_u:object_r:dhcpc_exec_t
-/sbin/ethtool -- system_u:object_r:ifconfig_exec_t
-/sbin/ifconfig -- system_u:object_r:ifconfig_exec_t
-/sbin/ip -- system_u:object_r:ifconfig_exec_t
-/sbin/ipx_configure -- system_u:object_r:ifconfig_exec_t
-/sbin/ipx_interface -- system_u:object_r:ifconfig_exec_t
-/sbin/ipx_internal_net -- system_u:object_r:ifconfig_exec_t
-/sbin/iwconfig -- system_u:object_r:ifconfig_exec_t
-/sbin/mii-tool -- system_u:object_r:ifconfig_exec_t
-/sbin/pump -- system_u:object_r:dhcpc_exec_t
-/sbin/tc -- system_u:object_r:ifconfig_exec_t
+/sbin/dhclient.* -- context_template(system_u:object_r:dhcpc_exec_t,s0)
+/sbin/dhcpcd -- context_template(system_u:object_r:dhcpc_exec_t,s0)
+/sbin/ethtool -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/ifconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/ip -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/ipx_configure -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/ipx_interface -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/ipx_internal_net -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/iwconfig -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/mii-tool -- context_template(system_u:object_r:ifconfig_exec_t,s0)
+/sbin/pump -- context_template(system_u:object_r:dhcpc_exec_t,s0)
+/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0)
#
# /usr
#
-/usr/sbin/tc -- system_u:object_r:ifconfig_exec_t
+/usr/sbin/tc -- context_template(system_u:object_r:ifconfig_exec_t,s0)
#
# /var
#
-/var/lib/dhcp3? -d system_u:object_r:dhcp_state_t
-/var/lib/dhcp3?/dhclient.* system_u:object_r:dhcpc_state_t
+/var/lib/dhcp3? -d context_template(system_u:object_r:dhcp_state_t,s0)
+/var/lib/dhcp3?/dhclient.* context_template(system_u:object_r:dhcpc_state_t,s0)
-/var/run/dhclient.*\.pid -- system_u:object_r:dhcpc_var_run_t
-/var/run/dhclient.*\.leases -- system_u:object_r:dhcpc_var_run_t
+/var/run/dhclient.*\.pid -- context_template(system_u:object_r:dhcpc_var_run_t,s0)
+/var/run/dhclient.*\.leases -- context_template(system_u:object_r:dhcpc_var_run_t,s0)
diff --git a/refpolicy/policy/modules/system/udev.fc b/refpolicy/policy/modules/system/udev.fc
index 732d738..f959a14 100644
--- a/refpolicy/policy/modules/system/udev.fc
+++ b/refpolicy/policy/modules/system/udev.fc
@@ -1,18 +1,18 @@
# udev
-/dev/\.udev\.tdb -- system_u:object_r:udev_tbl_t
-/dev/udev\.tbl -- system_u:object_r:udev_tbl_t
+/dev/\.udev\.tdb -- context_template(system_u:object_r:udev_tbl_t,s0)
+/dev/udev\.tbl -- context_template(system_u:object_r:udev_tbl_t,s0)
-/etc/dev\.d/.+ -- system_u:object_r:udev_helper_exec_t
+/etc/dev\.d/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0)
-/etc/hotplug\.d/default/udev.* -- system_u:object_r:udev_helper_exec_t
+/etc/hotplug\.d/default/udev.* -- context_template(system_u:object_r:udev_helper_exec_t,s0)
-/etc/udev/scripts/.+ -- system_u:object_r:udev_helper_exec_t
+/etc/udev/scripts/.+ -- context_template(system_u:object_r:udev_helper_exec_t,s0)
-/sbin/start_udev -- system_u:object_r:udev_exec_t
-/sbin/udev -- system_u:object_r:udev_exec_t
-/sbin/udevd -- system_u:object_r:udev_exec_t
-/sbin/udevsend -- system_u:object_r:udev_exec_t
-/sbin/wait_for_sysfs -- system_u:object_r:udev_exec_t
+/sbin/start_udev -- context_template(system_u:object_r:udev_exec_t,s0)
+/sbin/udev -- context_template(system_u:object_r:udev_exec_t,s0)
+/sbin/udevd -- context_template(system_u:object_r:udev_exec_t,s0)
+/sbin/udevsend -- context_template(system_u:object_r:udev_exec_t,s0)
+/sbin/wait_for_sysfs -- context_template(system_u:object_r:udev_exec_t,s0)
-/usr/bin/udevinfo -- system_u:object_r:udev_exec_t
+/usr/bin/udevinfo -- context_template(system_u:object_r:udev_exec_t,s0)
More information about the scm-commits
mailing list