[selinux-policy: 1875/3172] trunk: several fc updates from dan.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:47:08 UTC 2010 

commit 02d968c58148368d81e03a611d776275b7ee74d9
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Dec 12 15:55:21 2007 +0000

    trunk: several fc updates from dan.

 policy/modules/kernel/corecommands.fc |   19 +++++++++++++++++--
 policy/modules/kernel/corecommands.te |    2 +-
 policy/modules/kernel/devices.fc      |    4 ++++
 policy/modules/kernel/devices.te      |    2 +-
 policy/modules/kernel/terminal.fc     |    3 ++-
 policy/modules/kernel/terminal.te     |    2 +-
 policy/modules/system/authlogin.fc    |    1 +
 policy/modules/system/authlogin.te    |    2 +-
 policy/modules/system/ipsec.fc        |    2 ++
 policy/modules/system/ipsec.te        |    2 +-
 policy/modules/system/libraries.fc    |   32 ++++++++++++++++++++++++++------
 policy/modules/system/libraries.te    |    2 +-
 policy/modules/system/logging.fc      |    9 +++++++++
 policy/modules/system/logging.te      |    2 +-
 policy/modules/system/lvm.fc          |    1 +
 policy/modules/system/lvm.te          |    2 +-
 policy/modules/system/sysnetwork.fc   |    3 +--
 policy/modules/system/sysnetwork.te   |    2 +-
 18 files changed, 72 insertions(+), 20 deletions(-)
---
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 6182ce3..26cae44 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -32,6 +32,14 @@ ifdef(`distro_redhat',`
 #
 # /etc
 #
+/etc/apcupsd/apccontrol		--	gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/changeme		--	gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/commfailure	--	gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/commok		--	gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/masterconnect	--	gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/mastertimeout	--	gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/offbattery		--	gen_context(system_u:object_r:bin_t,s0)
+/etc/apcupsd/onbattery		--	gen_context(system_u:object_r:bin_t,s0)
 
 /etc/cipe/ip-up.*		--	gen_context(system_u:object_r:bin_t,s0)
 /etc/cipe/ip-down.*		--	gen_context(system_u:object_r:bin_t,s0)
@@ -91,6 +99,11 @@ ifdef(`distro_gentoo',`
 /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
 ')
 
+ifdef(`distro_redhat',`
+/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
+/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
+')
+
 #
 # /sbin
 #
@@ -168,8 +181,10 @@ ifdef(`distro_gentoo',`
 /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
 
 /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
-/usr/local/Brother/lpd(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/local/Brother/Printer/[^/]*/cupswrapper(/.*)?      gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Brother(/.*)?/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Brother(/.*)?/lpd(/.*)?	gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
+/usr/local/Printer/[^/]*/lpd(/.*)?     	gen_context(system_u:object_r:bin_t,s0)
 
 /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
 
diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index 318185b..e233c4a 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,5 +1,5 @@
 
-policy_module(corecommands,1.8.4)
+policy_module(corecommands,1.8.5)
 
 ########################################
 #
diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc
index 98b8424..d55a50c 100644
--- a/policy/modules/kernel/devices.fc
+++ b/policy/modules/kernel/devices.fc
@@ -3,6 +3,7 @@
 /dev/.*				gen_context(system_u:object_r:device_t,s0)
 
 /dev/.*mouse.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
+/dev/admmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/adsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/(misc/)?agpgart	-c	gen_context(system_u:object_r:agp_device_t,s0)
 /dev/aload.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
@@ -13,6 +14,7 @@
 /dev/audio.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/beep		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/dmfm		-c	gen_context(system_u:object_r:sound_device_t,s0)
+/dev/dmmidi.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/dsp.*		-c	gen_context(system_u:object_r:sound_device_t,s0)
 /dev/efirtc		-c	gen_context(system_u:object_r:clock_device_t,s0)
 /dev/em8300.*		-c	gen_context(system_u:object_r:v4l_device_t,s0)
@@ -22,6 +24,7 @@
 /dev/full		-c	gen_context(system_u:object_r:null_device_t,s0)
 /dev/fw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
 /dev/hiddev.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
+/dev/hidraw.*		-c	gen_context(system_u:object_r:usb_device_t,s0)
 /dev/hpet		-c	gen_context(system_u:object_r:clock_device_t,s0)
 /dev/hw_random		-c	gen_context(system_u:object_r:random_device_t,s0)
 /dev/hwrng		-c	gen_context(system_u:object_r:random_device_t,s0)
@@ -30,6 +33,7 @@
 /dev/js.*		-c	gen_context(system_u:object_r:mouse_device_t,s0)
 /dev/kmem		-c	gen_context(system_u:object_r:memory_device_t,mls_systemhigh)
 /dev/kmsg		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
+/dev/lircm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
 /dev/logibm		-c	gen_context(system_u:object_r:mouse_device_t,s0)
 /dev/lp.*		-c	gen_context(system_u:object_r:printer_device_t,s0)
 /dev/mcelog		-c	gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh)
diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te
index 1a89be4..97006ae 100644
--- a/policy/modules/kernel/devices.te
+++ b/policy/modules/kernel/devices.te
@@ -1,5 +1,5 @@
 
-policy_module(devices,1.6.1)
+policy_module(devices,1.6.2)
 
 ########################################
 #
diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc
index 9799153..592a1ac 100644
--- a/policy/modules/kernel/terminal.fc
+++ b/policy/modules/kernel/terminal.fc
@@ -14,7 +14,8 @@
 /dev/isdn.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
 /dev/ptmx		-c	gen_context(system_u:object_r:ptmx_t,s0)
 /dev/rfcomm[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
-/dev/tty			-c	gen_context(system_u:object_r:devtty_t,s0)
+/dev/slamr[0-9]+	-c	gen_context(system_u:object_r:tty_device_t,s0)
+/dev/tty		-c	gen_context(system_u:object_r:devtty_t,s0)
 /dev/ttySG.*		-c	gen_context(system_u:object_r:tty_device_t,s0)
 /dev/xvc[^/]*		-c	gen_context(system_u:object_r:tty_device_t,s0)
 
diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te
index 1d87526..7679592 100644
--- a/policy/modules/kernel/terminal.te
+++ b/policy/modules/kernel/terminal.te
@@ -1,5 +1,5 @@
 
-policy_module(terminal,1.6.2)
+policy_module(terminal,1.6.3)
 
 ########################################
 #
diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc
index 2cb9e78..1b315f5 100644
--- a/policy/modules/system/authlogin.fc
+++ b/policy/modules/system/authlogin.fc
@@ -29,6 +29,7 @@ ifdef(`distro_gentoo', `
 /var/db/shadow.*	--	gen_context(system_u:object_r:shadow_t,s0)
 
 /var/lib/abl(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
+/var/lib/pam_ssh(/.*)?		gen_context(system_u:object_r:var_auth_t,s0)
 
 /var/log/btmp.*		--	gen_context(system_u:object_r:faillog_t,s0)
 /var/log/dmesg		--	gen_context(system_u:object_r:var_log_t,s0)
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 1d1c2ed..526c239 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
 
-policy_module(authlogin,1.8.2)
+policy_module(authlogin,1.8.3)
 
 ########################################
 #
diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc
index a850b14..bb3b6a1 100644
--- a/policy/modules/system/ipsec.fc
+++ b/policy/modules/system/ipsec.fc
@@ -32,3 +32,5 @@
 /var/racoon(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
 
 /var/run/pluto(/.*)?			gen_context(system_u:object_r:ipsec_var_run_t,s0)
+
+/var/run/racoon.pid		--	gen_context(system_u:object_r:ipsec_var_run_t,s0)
diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te
index 054783d..c8c4a07 100644
--- a/policy/modules/system/ipsec.te
+++ b/policy/modules/system/ipsec.te
@@ -1,5 +1,5 @@
 
-policy_module(ipsec,1.4.5)
+policy_module(ipsec,1.4.6)
 
 ########################################
 #
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc
index 9ffd9fc..30f34d8 100644
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -65,11 +65,6 @@ ifdef(`distro_gentoo',`
 /opt/(.*/)?java/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
 /opt/(.*/)?jre.*/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /opt/(.*/)?jre/.+\.jar			--	gen_context(system_u:object_r:lib_t,s0)
-/opt/cisco-vpnclient/lib/libvpnapi\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/cxoffice/lib/wine/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/f-secure/fspms/libexec/librapi.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
-/opt/ibm/java2-ppc64-50/jre/bin/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 ifdef(`distro_gentoo',`
 # despite the extensions, they are actually libs
@@ -87,6 +82,17 @@ ifdef(`distro_gentoo',`
 /opt/RealPlayer/plugins(/.*)?			gen_context(system_u:object_r:lib_t,s0)
 ')
 
+ifdef(`distro_redhat',`
+/opt/Adobe(/.*?)/nppdf\.so 		-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/Adobe/Reader8/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/cisco-vpnclient/lib/libvpnapi\.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/cxoffice/lib/wine/.+\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/ibm/java.*/jre/.+\.jar		--	gen_context(system_u:object_r:lib_t,s0)
+/opt/ibm/java.*/jre/.+\.so(\.[^/]*)*	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
+')
+
 #
 # /sbin
 #
@@ -158,6 +164,17 @@ ifdef(`distro_redhat',`
 # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv
 # 	HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php
 /usr/lib(64)?/gstreamer-.*/[^/]*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+HOME_DIR/.*/\.gstreamer-.*/plugins/*\.so.* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+/usr/lib/firefox-[^/]*/plugins/nppdf.so	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/libFLAC\.so.*			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/mozilla/plugins/nppdf\.so 	-- 	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/maxima/[^/]+/binary-gcl/maxima	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/mozilla/plugins/libvlcplugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/nx/libXcomp\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/nx/libjpeg\.so.* 		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib/VBoxVMM\.so			--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib64/mozilla/plugins/libvlcplugin\.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -213,6 +230,7 @@ ifdef(`distro_redhat',`
 
 # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame
 /usr/lib(64)?.*/libmpg123\.so		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libpostproc\.so.*		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libavcodec.*\.so(\.[^/]*)* --	gen_context(system_u:object_r:textrel_shlib_t,s0)
@@ -236,7 +254,9 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* --	gen_context(system_u:object_r:textrel_
 /usr/lib(64)?/libdivxdecore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 /usr/lib(64)?/libdivxencore\.so\.0	--	gen_context(system_u:object_r:textrel_shlib_t,s0)
 
-/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so --	gen_context(system_u:object_r:textrel_shlib_t,s0)
+/usr/lib(64)?/libdvdcss\.so.*  		--	gen_context(system_u:object_r:textrel_shlib_t,s0)
+
+/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0)
 
 # vmware 
 /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0)
diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te
index 34a88de..795874b 100644
--- a/policy/modules/system/libraries.te
+++ b/policy/modules/system/libraries.te
@@ -1,5 +1,5 @@
 
-policy_module(libraries,1.7.2)
+policy_module(libraries,1.7.3)
 
 ########################################
 #
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
index f931d69..b797ef7 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
@@ -29,6 +29,11 @@ ifdef(`distro_suse', `
 
 /var/log		-d	gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh)
 /var/log/.*			gen_context(system_u:object_r:var_log_t,s0)
+/var/log/messages[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
+/var/log/secure[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
+/var/log/cron[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
+/var/log/maillog[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
+/var/log/spooler[^/]*		gen_context(system_u:object_r:var_log_t,mls_systemhigh)
 /var/log/audit(/.*)?		gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
 /var/log/syslog-ng(/.*)? --	gen_context(system_u:object_r:syslogd_var_run_t,s0)
 
@@ -36,6 +41,10 @@ ifndef(`distro_gentoo',`
 /var/log/audit\.log	--	gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
 ')
 
+ifdef(`distro_redhat',`
+/var/named/chroot/var/log -d	gen_context(system_u:object_r:var_log_t,s0)
+')
+
 /var/run/audit_events	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
 /var/run/audispd_events	-s	gen_context(system_u:object_r:auditd_var_run_t,s0)
 /var/run/auditd\.pid	--	gen_context(system_u:object_r:auditd_var_run_t,s0)
diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te
index d97a0f9..8f7bc86 100644
--- a/policy/modules/system/logging.te
+++ b/policy/modules/system/logging.te
@@ -1,5 +1,5 @@
 
-policy_module(logging,1.8.2)
+policy_module(logging,1.8.3)
 
 ########################################
 #
diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc
index 57da9cd..0048738 100644
--- a/policy/modules/system/lvm.fc
+++ b/policy/modules/system/lvm.fc
@@ -15,6 +15,7 @@ ifdef(`distro_gentoo',`
 #
 /etc/lvm(/.*)?			gen_context(system_u:object_r:lvm_etc_t,s0)
 /etc/lvm/\.cache	--	gen_context(system_u:object_r:lvm_metadata_t,s0)
+/etc/lvm/cache(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
 /etc/lvm/archive(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
 /etc/lvm/backup(/.*)?		gen_context(system_u:object_r:lvm_metadata_t,s0)
 /etc/lvm/lock(/.*)?		gen_context(system_u:object_r:lvm_lock_t,s0)
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index 2518e0d..6a16131 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
 
-policy_module(lvm,1.7.3)
+policy_module(lvm,1.7.4)
 
 ########################################
 #
diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc
index eb2e4df..5a4f576 100644
--- a/policy/modules/system/sysnetwork.fc
+++ b/policy/modules/system/sysnetwork.fc
@@ -52,8 +52,7 @@ ifdef(`distro_redhat',`
 /var/lib/dhcpcd(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
 /var/lib/dhclient(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
 
-/var/run/dhclient.*\.pid --	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-/var/run/dhclient.*\.leases --	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
+/var/run/dhclient.*	--	gen_context(system_u:object_r:dhcpc_var_run_t,s0)
 
 ifdef(`distro_gentoo',`
 /var/lib/dhcpc(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index f62664c..056ff4f 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -1,5 +1,5 @@
 
-policy_module(sysnetwork,1.4.1)
+policy_module(sysnetwork,1.4.2)
 
 ########################################
 #

More information about the scm-commits mailing list