[selinux-policy: 495/3172] fix to use context_template()

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 19:47:26 UTC 2010 

commit 9f103ce14bb60f66a8cf5bca47b37ea0a59fb662
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Jul 18 14:25:05 2005 +0000

    fix to use context_template()

 refpolicy/policy/modules/admin/dmesg.fc       |    2 +-
 refpolicy/policy/modules/admin/logrotate.fc   |   16 +++---
 refpolicy/policy/modules/admin/rpm.fc         |   38 +++++++-------
 refpolicy/policy/modules/services/cron.fc     |   50 +++++++++---------
 refpolicy/policy/modules/services/inetd.fc    |   14 +++---
 refpolicy/policy/modules/services/kerberos.fc |   22 ++++----
 refpolicy/policy/modules/services/nis.fc      |    6 +-
 refpolicy/policy/modules/services/ssh.fc      |   20 ++++----
 refpolicy/policy/modules/system/fstools.fc    |   68 ++++++++++++------------
 refpolicy/policy/modules/system/unconfined.fc |    2 +-
 10 files changed, 118 insertions(+), 120 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/dmesg.fc b/refpolicy/policy/modules/admin/dmesg.fc
index 1969a01..232c7e7 100644
--- a/refpolicy/policy/modules/admin/dmesg.fc
+++ b/refpolicy/policy/modules/admin/dmesg.fc
@@ -1,2 +1,2 @@
 
-/bin/dmesg		--		system_u:object_r:dmesg_exec_t
+/bin/dmesg		--		context_template(system_u:object_r:dmesg_exec_t,s0)
diff --git a/refpolicy/policy/modules/admin/logrotate.fc b/refpolicy/policy/modules/admin/logrotate.fc
index 618ff00..f95e91a 100644
--- a/refpolicy/policy/modules/admin/logrotate.fc
+++ b/refpolicy/policy/modules/admin/logrotate.fc
@@ -1,16 +1,16 @@
-/etc/cron\.(daily|weekly)/sysklogd -- system_u:object_r:logrotate_exec_t
+/etc/cron\.(daily|weekly)/sysklogd -- context_template(system_u:object_r:logrotate_exec_t,s0)
 
-/usr/sbin/logcheck	--	system_u:object_r:logrotate_exec_t
-/usr/sbin/logrotate	--	system_u:object_r:logrotate_exec_t
+/usr/sbin/logcheck	--	context_template(system_u:object_r:logrotate_exec_t,s0)
+/usr/sbin/logrotate	--	context_template(system_u:object_r:logrotate_exec_t,s0)
 
-/var/lib/logcheck(/.*)?		system_u:object_r:logrotate_var_lib_t
+/var/lib/logcheck(/.*)?		context_template(system_u:object_r:logrotate_var_lib_t,s0)
 
 # using a hard-coded name under /var/tmp is a bug - new version fixes it
-/var/tmp/logcheck	-d	system_u:object_r:logrotate_tmp_t
+/var/tmp/logcheck	-d	context_template(system_u:object_r:logrotate_tmp_t,s0)
 
 ifdef(`distro_debian', `
-/usr/bin/savelog	--	system_u:object_r:logrotate_exec_t
-/var/lib/logrotate(/.*)?	system_u:object_r:logrotate_var_lib_t
+/usr/bin/savelog	--	context_template(system_u:object_r:logrotate_exec_t,s0)
+/var/lib/logrotate(/.*)?	context_template(system_u:object_r:logrotate_var_lib_t,s0)
 ', `
-/var/lib/logrotate\.status --	system_u:object_r:logrotate_var_lib_t
+/var/lib/logrotate\.status --	context_template(system_u:object_r:logrotate_var_lib_t,s0)
 ')
diff --git a/refpolicy/policy/modules/admin/rpm.fc b/refpolicy/policy/modules/admin/rpm.fc
index d45164b..c7b02a4 100644
--- a/refpolicy/policy/modules/admin/rpm.fc
+++ b/refpolicy/policy/modules/admin/rpm.fc
@@ -1,32 +1,32 @@
 
-/bin/rpm 			--	system_u:object_r:rpm_exec_t
+/bin/rpm 			--	context_template(system_u:object_r:rpm_exec_t,s0)
 
-/usr/bin/apt-get 		--	system_u:object_r:rpm_exec_t
-/usr/bin/apt-shell   	 	-- 	system_u:object_r:rpm_exec_t
-/usr/bin/synaptic		--    	system_u:object_r:rpm_exec_t 
-/usr/bin/yum 			--	system_u:object_r:rpm_exec_t
+/usr/bin/apt-get 		--	context_template(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/apt-shell   	 	-- 	context_template(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/synaptic		--    	context_template(system_u:object_r:rpm_exec_t,s0)
+/usr/bin/yum 			--	context_template(system_u:object_r:rpm_exec_t,s0)
 
-/usr/lib(64)?/rpm/rpmd		-- 	system_u:object_r:bin_t
-/usr/lib(64)?/rpm/rpmq		-- 	system_u:object_r:bin_t
-/usr/lib(64)?/rpm/rpmk		-- 	system_u:object_r:bin_t
-/usr/lib(64)?/rpm/rpmv		-- 	system_u:object_r:bin_t
+/usr/lib(64)?/rpm/rpmd		-- 	context_template(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/rpm/rpmq		-- 	context_template(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/rpm/rpmk		-- 	context_template(system_u:object_r:bin_t,s0)
+/usr/lib(64)?/rpm/rpmv		-- 	context_template(system_u:object_r:bin_t,s0)
 
 ifdef(`distro_redhat', `
-/usr/sbin/up2date		--	system_u:object_r:rpm_exec_t
-/usr/sbin/rhn_check		--	system_u:object_r:rpm_exec_t
+/usr/sbin/up2date		--	context_template(system_u:object_r:rpm_exec_t,s0)
+/usr/sbin/rhn_check		--	context_template(system_u:object_r:rpm_exec_t,s0)
 ')
 
-/var/lib/alternatives(/.*)?		system_u:object_r:rpm_var_lib_t
+/var/lib/alternatives(/.*)?		context_template(system_u:object_r:rpm_var_lib_t,s0)
 
-/var/lib/rpm(/.*)?			system_u:object_r:rpm_var_lib_t
+/var/lib/rpm(/.*)?			context_template(system_u:object_r:rpm_var_lib_t,s0)
 
-/var/log/rpmpkgs.*		--	system_u:object_r:rpm_log_t
-/var/log/yum\.log		--	system_u:object_r:rpm_log_t
+/var/log/rpmpkgs.*		--	context_template(system_u:object_r:rpm_log_t,s0)
+/var/log/yum\.log		--	context_template(system_u:object_r:rpm_log_t,s0)
 
 # SuSE
 ifdef(`distro_suse', `
-/usr/bin/online_update		--	system_u:object_r:rpm_exec_t
-/sbin/yast2			--	system_u:object_r:rpm_exec_t
-/var/lib/YaST2(/.*)?			system_u:object_r:rpm_var_lib_t
-/var/log/YaST2(/.*)?			system_u:object_r:rpm_log_t
+/usr/bin/online_update		--	context_template(system_u:object_r:rpm_exec_t,s0)
+/sbin/yast2			--	context_template(system_u:object_r:rpm_exec_t,s0)
+/var/lib/YaST2(/.*)?			context_template(system_u:object_r:rpm_var_lib_t,s0)
+/var/log/YaST2(/.*)?			context_template(system_u:object_r:rpm_log_t,s0)
 ')
diff --git a/refpolicy/policy/modules/services/cron.fc b/refpolicy/policy/modules/services/cron.fc
index 2a07a13..a9e2714 100644
--- a/refpolicy/policy/modules/services/cron.fc
+++ b/refpolicy/policy/modules/services/cron.fc
@@ -1,40 +1,38 @@
 
-/etc/cron\.d(/.*)?			system_u:object_r:system_cron_spool_t
-/etc/crontab			--	system_u:object_r:system_cron_spool_t
+/etc/cron\.d(/.*)?			context_template(system_u:object_r:system_cron_spool_t,s0)
+/etc/crontab			--	context_template(system_u:object_r:system_cron_spool_t,s0)
 
-/usr/bin/at			--	system_u:object_r:crontab_exec_t
-/usr/bin/(f)?crontab		--	system_u:object_r:crontab_exec_t
+/usr/bin/at			--	context_template(system_u:object_r:crontab_exec_t,s0)
+/usr/bin/(f)?crontab		--	context_template(system_u:object_r:crontab_exec_t,s0)
 
-/usr/sbin/anacron		--	system_u:object_r:anacron_exec_t
-/usr/sbin/atd			--	system_u:object_r:crond_exec_t
-/usr/sbin/cron(d)?		--	system_u:object_r:crond_exec_t
-/usr/sbin/fcron			--	system_u:object_r:crond_exec_t
+/usr/sbin/anacron		--	context_template(system_u:object_r:anacron_exec_t,s0)
+/usr/sbin/atd			--	context_template(system_u:object_r:crond_exec_t,s0)
+/usr/sbin/cron(d)?		--	context_template(system_u:object_r:crond_exec_t,s0)
+/usr/sbin/fcron			--	context_template(system_u:object_r:crond_exec_t,s0)
 
-/var/log/cron.*			--	system_u:object_r:crond_log_t
+/var/log/cron.*			--	context_template(system_u:object_r:crond_log_t,s0)
 
-/var/run/atd\.pid		--	system_u:object_r:crond_var_run_t
-/var/run/crond?\.pid		--	system_u:object_r:crond_var_run_t
-/var/run/crond\.reboot		--	system_u:object_r:crond_var_run_t
-/var/run/fcron\.fifo		-s	system_u:object_r:crond_var_run_t
-/var/run/fcron\.pid		--	system_u:object_r:crond_var_run_t
+/var/run/atd\.pid		--	context_template(system_u:object_r:crond_var_run_t,s0)
+/var/run/crond?\.pid		--	context_template(system_u:object_r:crond_var_run_t,s0)
+/var/run/crond\.reboot		--	context_template(system_u:object_r:crond_var_run_t,s0)
+/var/run/fcron\.fifo		-s	context_template(system_u:object_r:crond_var_run_t,s0)
+/var/run/fcron\.pid		--	context_template(system_u:object_r:crond_var_run_t,s0)
 
-/var/spool/at			-d	system_u:object_r:cron_spool_t
-/var/spool/at/spool		-d	system_u:object_r:cron_spool_t
+/var/spool/at			-d	context_template(system_u:object_r:cron_spool_t,s0)
+/var/spool/at/spool		-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/at/[^/]*		--	<<none>>
 
-/var/spool/cron			-d	system_u:object_r:cron_spool_t
-/var/spool/cron/root		--	system_u:object_r:sysadm_cron_spool_t
+/var/spool/cron			-d	context_template(system_u:object_r:cron_spool_t,s0)
+/var/spool/cron/root		--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
 
 /var/spool/cron/[^/]*		--	<<none>>
 
-/var/spool/cron/crontabs 	-d	system_u:object_r:cron_spool_t
+/var/spool/cron/crontabs 	-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/cron/crontabs/.*	--	<<none>>
-/var/spool/cron/crontabs/root	--	system_u:object_r:sysadm_cron_spool_t
+/var/spool/cron/crontabs/root	--	context_template(system_u:object_r:sysadm_cron_spool_t,s0)
 
-/var/spool/fcron		-d	system_u:object_r:cron_spool_t
+/var/spool/fcron		-d	context_template(system_u:object_r:cron_spool_t,s0)
 /var/spool/fcron/.*			<<none>>
-/var/spool/fcron/systab\.orig	--	system_u:object_r:system_cron_spool_t
-/var/spool/fcron/systab		--	system_u:object_r:system_cron_spool_t
-/var/spool/fcron/new\.systab	--	system_u:object_r:system_cron_spool_t
-
-
+/var/spool/fcron/systab\.orig	--	context_template(system_u:object_r:system_cron_spool_t,s0)
+/var/spool/fcron/systab		--	context_template(system_u:object_r:system_cron_spool_t,s0)
+/var/spool/fcron/new\.systab	--	context_template(system_u:object_r:system_cron_spool_t,s0)
diff --git a/refpolicy/policy/modules/services/inetd.fc b/refpolicy/policy/modules/services/inetd.fc
index bd8d9a1..eb76afb 100644
--- a/refpolicy/policy/modules/services/inetd.fc
+++ b/refpolicy/policy/modules/services/inetd.fc
@@ -1,10 +1,10 @@
 
-/usr/sbin/identd	--	system_u:object_r:inetd_child_exec_t
-/usr/sbin/in\..*d	--	system_u:object_r:inetd_child_exec_t
-/usr/sbin/inetd		--	system_u:object_r:inetd_exec_t
-/usr/sbin/rlinetd	--	system_u:object_r:inetd_exec_t
-/usr/sbin/xinetd	--	system_u:object_r:inetd_exec_t
+/usr/sbin/identd	--	context_template(system_u:object_r:inetd_child_exec_t,s0)
+/usr/sbin/in\..*d	--	context_template(system_u:object_r:inetd_child_exec_t,s0)
+/usr/sbin/inetd		--	context_template(system_u:object_r:inetd_exec_t,s0)
+/usr/sbin/rlinetd	--	context_template(system_u:object_r:inetd_exec_t,s0)
+/usr/sbin/xinetd	--	context_template(system_u:object_r:inetd_exec_t,s0)
 
-/var/log/(x)?inetd\.log	--	system_u:object_r:inetd_log_t
+/var/log/(x)?inetd\.log	--	context_template(system_u:object_r:inetd_log_t,s0)
 
-/var/run/inetd\.pid	--	system_u:object_r:inetd_var_run_t
+/var/run/inetd\.pid	--	context_template(system_u:object_r:inetd_var_run_t,s0)
diff --git a/refpolicy/policy/modules/services/kerberos.fc b/refpolicy/policy/modules/services/kerberos.fc
index a7eef84..830b095 100644
--- a/refpolicy/policy/modules/services/kerberos.fc
+++ b/refpolicy/policy/modules/services/kerberos.fc
@@ -1,17 +1,17 @@
-/etc/krb5\.conf			--	system_u:object_r:krb5_conf_t
-/etc/krb5\.keytab			system_u:object_r:krb5_keytab_t
+/etc/krb5\.conf			--	context_template(system_u:object_r:krb5_conf_t,s0)
+/etc/krb5\.keytab			context_template(system_u:object_r:krb5_keytab_t,s0)
 
-/usr(/local)?(/kerberos)?/sbin/krb5kdc -- system_u:object_r:krb5kdc_exec_t
-/usr(/local)?(/kerberos)?/sbin/kadmind -- system_u:object_r:kadmind_exec_t
+/usr(/local)?(/kerberos)?/sbin/krb5kdc -- context_template(system_u:object_r:krb5kdc_exec_t,s0)
+/usr(/local)?(/kerberos)?/sbin/kadmind -- context_template(system_u:object_r:kadmind_exec_t,s0)
 
-/usr/local/var/krb5kdc(/.*)?		system_u:object_r:krb5kdc_conf_t
-/usr/local/var/krb5kdc/principal.*	system_u:object_r:krb5kdc_principal_t
+/usr/local/var/krb5kdc(/.*)?		context_template(system_u:object_r:krb5kdc_conf_t,s0)
+/usr/local/var/krb5kdc/principal.*	context_template(system_u:object_r:krb5kdc_principal_t,s0)
 
-/var/kerberos/krb5kdc(/.*)?		system_u:object_r:krb5kdc_conf_t
-/var/kerberos/krb5kdc/principal.*	system_u:object_r:krb5kdc_principal_t
+/var/kerberos/krb5kdc(/.*)?		context_template(system_u:object_r:krb5kdc_conf_t,s0)
+/var/kerberos/krb5kdc/principal.*	context_template(system_u:object_r:krb5kdc_principal_t,s0)
 
-/var/log/krb5kdc\.log			system_u:object_r:krb5kdc_log_t
-/var/log/kadmind\.log			system_u:object_r:kadmind_log_t
+/var/log/krb5kdc\.log			context_template(system_u:object_r:krb5kdc_log_t,s0)
+/var/log/kadmind\.log			context_template(system_u:object_r:kadmind_log_t,s0)
 
 #this goes to su:
-#/usr(/local)?/bin/ksu		--	system_u:object_r:su_exec_t
+#/usr(/local)?/bin/ksu		--	context_template(system_u:object_r:su_exec_t,s0)
diff --git a/refpolicy/policy/modules/services/nis.fc b/refpolicy/policy/modules/services/nis.fc
index 82cfe93..efa8b7c 100644
--- a/refpolicy/policy/modules/services/nis.fc
+++ b/refpolicy/policy/modules/services/nis.fc
@@ -1,6 +1,6 @@
 
-/etc/ypserv\.conf		--	system_u:object_r:ypserv_conf_t
+/etc/ypserv\.conf		--	context_template(system_u:object_r:ypserv_conf_t,s0)
 
-/sbin/ypbind			--	system_u:object_r:ypbind_exec_t
+/sbin/ypbind			--	context_template(system_u:object_r:ypbind_exec_t,s0)
 
-/usr/sbin/ypserv		--	system_u:object_r:ypserv_exec_t
+/usr/sbin/ypserv		--	context_template(system_u:object_r:ypserv_exec_t,s0)
diff --git a/refpolicy/policy/modules/services/ssh.fc b/refpolicy/policy/modules/services/ssh.fc
index 7dde1fd..46d3cb8 100644
--- a/refpolicy/policy/modules/services/ssh.fc
+++ b/refpolicy/policy/modules/services/ssh.fc
@@ -1,16 +1,16 @@
-/etc/ssh/primes			--	system_u:object_r:sshd_key_t
-/etc/ssh/ssh_host_key 		--	system_u:object_r:sshd_key_t
-/etc/ssh/ssh_host_dsa_key	--	system_u:object_r:sshd_key_t
-/etc/ssh/ssh_host_rsa_key	--	system_u:object_r:sshd_key_t
+/etc/ssh/primes			--	context_template(system_u:object_r:sshd_key_t,s0)
+/etc/ssh/ssh_host_key 		--	context_template(system_u:object_r:sshd_key_t,s0)
+/etc/ssh/ssh_host_dsa_key	--	context_template(system_u:object_r:sshd_key_t,s0)
+/etc/ssh/ssh_host_rsa_key	--	context_template(system_u:object_r:sshd_key_t,s0)
 
-/usr/bin/ssh			--	system_u:object_r:ssh_exec_t
-/usr/bin/ssh-agent		--	system_u:object_r:ssh_agent_exec_t
-/usr/bin/ssh-keygen		--	system_u:object_r:ssh_keygen_exec_t
+/usr/bin/ssh			--	context_template(system_u:object_r:ssh_exec_t,s0)
+/usr/bin/ssh-agent		--	context_template(system_u:object_r:ssh_agent_exec_t,s0)
+/usr/bin/ssh-keygen		--	context_template(system_u:object_r:ssh_keygen_exec_t,s0)
 
-/usr/sbin/sshd			--	system_u:object_r:sshd_exec_t
+/usr/sbin/sshd			--	context_template(system_u:object_r:sshd_exec_t,s0)
 
-/var/run/sshd\.init\.pid	--	system_u:object_r:sshd_var_run_t
+/var/run/sshd\.init\.pid	--	context_template(system_u:object_r:sshd_var_run_t,s0)
 
 ifdef(`targeted_policy', `', `
-HOME_DIR/\.ssh(/.*)?			system_u:object_r:ROLE_home_ssh_t
+HOME_DIR/\.ssh(/.*)?			context_template(system_u:object_r:ROLE_home_ssh_t,s0)
 ')
diff --git a/refpolicy/policy/modules/system/fstools.fc b/refpolicy/policy/modules/system/fstools.fc
index cc1d414..f24fd8c 100644
--- a/refpolicy/policy/modules/system/fstools.fc
+++ b/refpolicy/policy/modules/system/fstools.fc
@@ -1,36 +1,36 @@
-/sbin/blockdev		--	system_u:object_r:fsadm_exec_t
-/sbin/cfdisk		--	system_u:object_r:fsadm_exec_t
-/sbin/dosfsck		--	system_u:object_r:fsadm_exec_t
-/sbin/dumpe2fs		--	system_u:object_r:fsadm_exec_t
-/sbin/e2fsck		--	system_u:object_r:fsadm_exec_t
-/sbin/e2label		--	system_u:object_r:fsadm_exec_t
-/sbin/fdisk		--	system_u:object_r:fsadm_exec_t
-/sbin/findfs		--	system_u:object_r:fsadm_exec_t
-/sbin/fsck.*		--	system_u:object_r:fsadm_exec_t
-/sbin/hdparm		--	system_u:object_r:fsadm_exec_t
-/sbin/install-mbr	--	system_u:object_r:fsadm_exec_t
-/sbin/jfs_.*		--	system_u:object_r:fsadm_exec_t
-/sbin/losetup.*		--	system_u:object_r:fsadm_exec_t
-/sbin/lsraid		--	system_u:object_r:fsadm_exec_t
-/sbin/mkdosfs		--	system_u:object_r:fsadm_exec_t
-/sbin/mke2fs		--	system_u:object_r:fsadm_exec_t
-/sbin/mkfs.*		--	system_u:object_r:fsadm_exec_t
-/sbin/mkraid		--	system_u:object_r:fsadm_exec_t
-/sbin/mkreiserfs	--	system_u:object_r:fsadm_exec_t
-/sbin/mkswap		--	system_u:object_r:fsadm_exec_t
-/sbin/parted		--	system_u:object_r:fsadm_exec_t
-/sbin/partprobe		--	system_u:object_r:fsadm_exec_t
-/sbin/partx		--	system_u:object_r:fsadm_exec_t
-/sbin/raidstart		--	system_u:object_r:fsadm_exec_t
-/sbin/reiserfs(ck|tune)	--	system_u:object_r:fsadm_exec_t
-/sbin/resize.*fs	--	system_u:object_r:fsadm_exec_t
-/sbin/scsi_info		--	system_u:object_r:fsadm_exec_t
-/sbin/sfdisk		--	system_u:object_r:fsadm_exec_t
-/sbin/swapon.*		--	system_u:object_r:fsadm_exec_t
-/sbin/tune2fs		--	system_u:object_r:fsadm_exec_t
+/sbin/blockdev		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/cfdisk		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/dosfsck		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/dumpe2fs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/e2fsck		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/e2label		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/fdisk		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/findfs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/fsck.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/hdparm		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/install-mbr	--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/jfs_.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/losetup.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/lsraid		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/mkdosfs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/mke2fs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/mkfs.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/mkraid		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/mkreiserfs	--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/mkswap		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/parted		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/partprobe		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/partx		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/raidstart		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/reiserfs(ck|tune)	--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/resize.*fs	--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/scsi_info		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/sfdisk		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/swapon.*		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/sbin/tune2fs		--	context_template(system_u:object_r:fsadm_exec_t,s0)
 
-/usr/bin/partition_uuid	--	system_u:object_r:fsadm_exec_t
-/usr/bin/raw		--	system_u:object_r:fsadm_exec_t
-/usr/bin/scsi_unique_id	--	system_u:object_r:fsadm_exec_t
+/usr/bin/partition_uuid	--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/usr/bin/raw		--	context_template(system_u:object_r:fsadm_exec_t,s0)
+/usr/bin/scsi_unique_id	--	context_template(system_u:object_r:fsadm_exec_t,s0)
 
-/usr/sbin/smartctl	--	system_u:object_r:fsadm_exec_t
+/usr/sbin/smartctl	--	context_template(system_u:object_r:fsadm_exec_t,s0)
diff --git a/refpolicy/policy/modules/system/unconfined.fc b/refpolicy/policy/modules/system/unconfined.fc
index c3a6c12..cc078b1 100644
--- a/refpolicy/policy/modules/system/unconfined.fc
+++ b/refpolicy/policy/modules/system/unconfined.fc
@@ -1,3 +1,3 @@
 # Add programs here which should not be confined by SELinux
 # e.g.:
-# /usr/local/bin/appsrv	--	system_u:object_r:unconfined_exec_t
+# /usr/local/bin/appsrv	--	context_template(system_u:object_r:unconfined_exec_t,s0)

More information about the scm-commits mailing list