[selinux-policy/f17] * Wed May 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-124 - Make systemd unit files less specif
Miroslav Grepl
mgrepl at fedoraproject.org
Wed May 9 14:47:47 UTC 2012
commit 38f0385e5c7bc0c97f2455475400593622f442db
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed May 9 16:47:35 2012 +0200
* Wed May 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-124
- Make systemd unit files less specific
policy-F16.patch | 401 +++++++++++++++++++++++++++------------------------
selinux-policy.spec | 5 +-
2 files changed, 218 insertions(+), 188 deletions(-)
---
diff --git a/policy-F16.patch b/policy-F16.patch
index 192720f..726c4a7 100644
--- a/policy-F16.patch
+++ b/policy-F16.patch
@@ -58440,10 +58440,10 @@ index 63ef90e..a535b31 100644
')
diff --git a/policy/modules/admin/alsa.fc b/policy/modules/admin/alsa.fc
-index d362d9c..a977ac0 100644
+index d362d9c..bd80fc3 100644
--- a/policy/modules/admin/alsa.fc
+++ b/policy/modules/admin/alsa.fc
-@@ -11,10 +11,14 @@ HOME_DIR/\.asoundrc -- gen_context(system_u:object_r:alsa_home_t,s0)
+@@ -11,10 +11,15 @@ HOME_DIR/\.asoundrc -- gen_context(system_u:object_r:alsa_home_t,s0)
/sbin/salsa -- gen_context(system_u:object_r:alsa_exec_t,s0)
/usr/bin/ainit -- gen_context(system_u:object_r:alsa_exec_t,s0)
@@ -58457,7 +58457,8 @@ index d362d9c..a977ac0 100644
/var/lib/alsa(/.*)? gen_context(system_u:object_r:alsa_var_lib_t,s0)
+
-+/lib/systemd/system/alsa-.*\.service -- gen_context(system_u:object_r:alsa_unit_file_t,s0)
++/lib/systemd/system/alsa.* -- gen_context(system_u:object_r:alsa_unit_file_t,s0)
++/usr/lib/systemd/system/alsa.* -- gen_context(system_u:object_r:alsa_unit_file_t,s0)
diff --git a/policy/modules/admin/alsa.if b/policy/modules/admin/alsa.if
index 1392679..25e02df 100644
--- a/policy/modules/admin/alsa.if
@@ -59370,19 +59371,19 @@ index c4d8998..bd59f2e 100644
+ xserver_stream_connect(firstboot_t)
')
diff --git a/policy/modules/admin/kdump.fc b/policy/modules/admin/kdump.fc
-index c66934f..b1d31d0 100644
+index c66934f..6b92a91 100644
--- a/policy/modules/admin/kdump.fc
+++ b/policy/modules/admin/kdump.fc
@@ -1,5 +1,13 @@
/etc/kdump\.conf -- gen_context(system_u:object_r:kdump_etc_t,s0)
/etc/rc\.d/init\.d/kdump -- gen_context(system_u:object_r:kdump_initrc_exec_t,s0)
-+/lib/systemd/system/kdump.service -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
++/lib/systemd/system/kdump.* -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
+
/sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0)
/sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0)
+
-+/usr/lib/systemd/system/kdump.service -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
++/usr/lib/systemd/system/kdump.* -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
+
+/usr/sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0)
+/usr/sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0)
@@ -83766,15 +83767,16 @@ index e88b95f..9b6536a 100644
-#gen_user(xguest_u,, xguest_r, s0, s0)
+gen_user(xguest_u, user, xguest_r, s0, s0)
diff --git a/policy/modules/services/abrt.fc b/policy/modules/services/abrt.fc
-index 1bd5812..d17ee73 100644
+index 1bd5812..537d005 100644
--- a/policy/modules/services/abrt.fc
+++ b/policy/modules/services/abrt.fc
-@@ -1,13 +1,16 @@
+@@ -1,13 +1,17 @@
/etc/abrt(/.*)? gen_context(system_u:object_r:abrt_etc_t,s0)
/etc/rc\.d/init\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0)
-/usr/bin/abrt-pyhook-helper -- gen_context(system_u:object_r:abrt_helper_exec_t,s0)
-+/lib/systemd/system/abrt.*\.service -- gen_context(system_u:object_r:abrt_unit_file_t,s0)
++/lib/systemd/system/abrt.* -- gen_context(system_u:object_r:abrt_unit_file_t,s0)
++/usr/lib/systemd/system/abrt.* -- gen_context(system_u:object_r:abrt_unit_file_t,s0)
-/usr/libexec/abrt-pyhook-helper -- gen_context(system_u:object_r:abrt_helper_exec_t,s0)
-/usr/libexec/abrt-hook-python -- gen_context(system_u:object_r:abrt_helper_exec_t,s0)
@@ -83789,7 +83791,7 @@ index 1bd5812..d17ee73 100644
/var/cache/abrt(/.*)? gen_context(system_u:object_r:abrt_var_cache_t,s0)
/var/cache/abrt-di(/.*)? gen_context(system_u:object_r:abrt_var_cache_t,s0)
-@@ -15,6 +18,19 @@
+@@ -15,6 +19,19 @@
/var/run/abrt\.pid -- gen_context(system_u:object_r:abrt_var_run_t,s0)
/var/run/abrtd?\.lock -- gen_context(system_u:object_r:abrt_var_run_t,s0)
@@ -84501,11 +84503,12 @@ index 30861ec..ec4a1db 100644
+
+miscfiles_read_localization(abrt_domain)
diff --git a/policy/modules/services/accountsd.fc b/policy/modules/services/accountsd.fc
-index 1adca53..e79b798 100644
+index 1adca53..55984af 100644
--- a/policy/modules/services/accountsd.fc
+++ b/policy/modules/services/accountsd.fc
-@@ -1,3 +1,5 @@
-+/lib/systemd/system/accountsd\.service -- gen_context(system_u:object_r:accountsd_unit_file_t,s0)
+@@ -1,3 +1,6 @@
++/lib/systemd/system/accountsd.* -- gen_context(system_u:object_r:accountsd_unit_file_t,s0)
++/usr/lib/systemd/system/accountsd.* -- gen_context(system_u:object_r:accountsd_unit_file_t,s0)
+
/usr/libexec/accounts-daemon -- gen_context(system_u:object_r:accountsd_exec_t,s0)
@@ -85127,10 +85130,10 @@ index deca9d3..ac92fce 100644
')
diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc
-index 9e39aa5..35b5872 100644
+index 9e39aa5..4a3ea78 100644
--- a/policy/modules/services/apache.fc
+++ b/policy/modules/services/apache.fc
-@@ -1,39 +1,55 @@
+@@ -1,39 +1,54 @@
HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_user_content_t,s0)
+HOME_DIR/((www)|(web)|(public_html))/cgi-bin(/.+)? gen_context(system_u:object_r:httpd_user_script_exec_t,s0)
+HOME_DIR/((www)|(web)|(public_html))(/.*)?/\.htaccess -- gen_context(system_u:object_r:httpd_user_htaccess_t,s0)
@@ -85156,10 +85159,9 @@ index 9e39aa5..35b5872 100644
+/etc/WebCalendar(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
/etc/zabbix/web(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
-+/lib/systemd/system/httpd.*\.service -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
-+/lib/systemd/system/jetty.*\.service -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
++/usr/lib/systemd/system/httpd.* -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
++/usr/lib/systemd/system/jetty.* -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
+
-+/usr/lib/systemd/system/httpd.?\.service -- gen_context(system_u:object_r:httpd_unit_file_t,s0)
+/usr/libexec/httpd-ssl-pass-dialog -- gen_context(system_u:object_r:httpd_passwd_exec_t,s0)
+
/srv/([^/]*/)?www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -85194,7 +85196,7 @@ index 9e39aa5..35b5872 100644
/usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/lighttpd -- gen_context(system_u:object_r:httpd_exec_t,s0)
/usr/sbin/rotatelogs -- gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0)
-@@ -43,8 +59,9 @@ ifdef(`distro_suse', `
+@@ -43,8 +58,9 @@ ifdef(`distro_suse', `
/usr/sbin/httpd2-.* -- gen_context(system_u:object_r:httpd_exec_t,s0)
')
@@ -85206,7 +85208,7 @@ index 9e39aa5..35b5872 100644
/usr/share/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/icecast(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/mythweb(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
-@@ -54,9 +71,12 @@ ifdef(`distro_suse', `
+@@ -54,9 +70,12 @@ ifdef(`distro_suse', `
/usr/share/ntop/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/openca/htdocs(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
/usr/share/selinux-policy[^/]*/html(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -85219,7 +85221,7 @@ index 9e39aa5..35b5872 100644
/var/cache/httpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
/var/cache/lighttpd(/.*)? gen_context(system_u:object_r:httpd_cache_t,s0)
-@@ -73,25 +93,35 @@ ifdef(`distro_suse', `
+@@ -73,25 +92,35 @@ ifdef(`distro_suse', `
/var/cache/ssl.*\.sem -- gen_context(system_u:object_r:httpd_cache_t,s0)
/var/lib/cacti/rra(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -85259,7 +85261,7 @@ index 9e39aa5..35b5872 100644
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-@@ -104,8 +134,29 @@ ifdef(`distro_debian', `
+@@ -104,8 +133,29 @@ ifdef(`distro_debian', `
/var/spool/viewvc(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t, s0)
/var/www(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0)
@@ -87336,13 +87338,14 @@ index 3136c6a..044e417 100644
+')
+
diff --git a/policy/modules/services/apcupsd.fc b/policy/modules/services/apcupsd.fc
-index cd07b96..f5298af 100644
+index cd07b96..cfeb0b7 100644
--- a/policy/modules/services/apcupsd.fc
+++ b/policy/modules/services/apcupsd.fc
-@@ -1,9 +1,13 @@
+@@ -1,9 +1,14 @@
/etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0)
-+/lib/systemd/system/apcupsd\.service -- gen_context(system_u:object_r:apcupsd_unit_file_t,s0)
++/lib/systemd/system/apcupsd.* -- gen_context(system_u:object_r:apcupsd_unit_file_t,s0)
++/usr/lib/systemd/system/apcupsd.* -- gen_context(system_u:object_r:apcupsd_unit_file_t,s0)
+
/sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0)
@@ -87353,7 +87356,7 @@ index cd07b96..f5298af 100644
/var/log/apcupsd\.events.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
/var/log/apcupsd\.status.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
-@@ -13,3 +17,4 @@
+@@ -13,3 +18,4 @@
/var/www/apcupsd/upsfstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsimage\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
@@ -87461,11 +87464,12 @@ index d052bf0..77e6e19 100644
mta_system_content(apcupsd_tmp_t)
')
diff --git a/policy/modules/services/apm.fc b/policy/modules/services/apm.fc
-index 0123777..cb3f8a0 100644
+index 0123777..80ebf5e 100644
--- a/policy/modules/services/apm.fc
+++ b/policy/modules/services/apm.fc
-@@ -1,3 +1,4 @@
-+/lib/systemd/system/apmd\.service -- gen_context(system_u:object_r:apmd_unit_file_t,s0)
+@@ -1,3 +1,5 @@
++/lib/systemd/system/apmd.* -- gen_context(system_u:object_r:apmd_unit_file_t,s0)
++/usr/lib/systemd/system/apmd.* -- gen_context(system_u:object_r:apmd_unit_file_t,s0)
#
# /usr
@@ -87683,13 +87687,14 @@ index 1c8c27e..1fbabf7 100644
')
diff --git a/policy/modules/services/arpwatch.fc b/policy/modules/services/arpwatch.fc
-index a86a6c7..a29212e 100644
+index a86a6c7..9589871 100644
--- a/policy/modules/services/arpwatch.fc
+++ b/policy/modules/services/arpwatch.fc
-@@ -1,5 +1,7 @@
+@@ -1,5 +1,8 @@
/etc/rc\.d/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0)
-+/lib/systemd/system/arpwatch.service -- gen_context(system_u:object_r:arpwatch_unit_file_t,s0)
++/lib/systemd/system/arpwatch.* -- gen_context(system_u:object_r:arpwatch_unit_file_t,s0)
++/usr/lib/systemd/system/arpwatch.* -- gen_context(system_u:object_r:arpwatch_unit_file_t,s0)
+
#
# /usr
@@ -87983,14 +87988,15 @@ index 2b348c7..0000000
- udev_read_db(entropyd_t)
-')
diff --git a/policy/modules/services/automount.fc b/policy/modules/services/automount.fc
-index f16ab68..4dfe0ed 100644
+index f16ab68..c7cdabd 100644
--- a/policy/modules/services/automount.fc
+++ b/policy/modules/services/automount.fc
-@@ -4,6 +4,8 @@
+@@ -4,6 +4,9 @@
/etc/apm/event\.d/autofs -- gen_context(system_u:object_r:automount_exec_t,s0)
/etc/rc\.d/init\.d/autofs -- gen_context(system_u:object_r:automount_initrc_exec_t,s0)
-+/lib/systemd/system/autofs\.service -- gen_context(system_u:object_r:automount_unit_file_t,s0)
++/lib/systemd/system/autofs.* -- gen_context(system_u:object_r:automount_unit_file_t,s0)
++/usr/lib/systemd/system/autofs.* -- gen_context(system_u:object_r:automount_unit_file_t,s0)
+
#
# /usr
@@ -88131,13 +88137,14 @@ index 39799db..fe1653e 100644
')
diff --git a/policy/modules/services/avahi.fc b/policy/modules/services/avahi.fc
-index 7e36549..150bd76 100644
+index 7e36549..b85d8c5 100644
--- a/policy/modules/services/avahi.fc
+++ b/policy/modules/services/avahi.fc
-@@ -1,5 +1,7 @@
+@@ -1,5 +1,8 @@
/etc/rc\.d/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
-+/lib/systemd/system/avahi.*\.service -- gen_context(system_u:object_r:avahi_unit_file_t,s0)
++/lib/systemd/system/avahi.* -- gen_context(system_u:object_r:avahi_unit_file_t,s0)
++/usr/lib/systemd/system/avahi.* -- gen_context(system_u:object_r:avahi_unit_file_t,s0)
+
/usr/sbin/avahi-daemon -- gen_context(system_u:object_r:avahi_exec_t,s0)
/usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0)
@@ -88247,13 +88254,13 @@ index a7a0e71..3b01eed 100644
diff --git a/policy/modules/services/bcfg2.fc b/policy/modules/services/bcfg2.fc
new file mode 100644
-index 0000000..6befaac
+index 0000000..53a6f26
--- /dev/null
+++ b/policy/modules/services/bcfg2.fc
@@ -0,0 +1,9 @@
+/etc/rc\.d/init\.d/bcfg2 -- gen_context(system_u:object_r:bcfg2_initrc_exec_t,s0)
+
-+/usr/lib/systemd/system/bcfg2-server.service -- gen_context(system_u:object_r:bcfg2_unit_file_t,s0)
++/usr/lib/systemd/system/bcfg2-server.* -- gen_context(system_u:object_r:bcfg2_unit_file_t,s0)
+
+/usr/sbin/bcfg2-server -- gen_context(system_u:object_r:bcfg2_exec_t,s0)
+
@@ -88513,7 +88520,7 @@ index 0000000..7c301dc
+
+miscfiles_read_localization(bcfg2_t)
diff --git a/policy/modules/services/bind.fc b/policy/modules/services/bind.fc
-index 59aa54f..d5d9ca1 100644
+index 59aa54f..0bee346 100644
--- a/policy/modules/services/bind.fc
+++ b/policy/modules/services/bind.fc
@@ -4,6 +4,14 @@
@@ -88523,11 +88530,11 @@ index 59aa54f..d5d9ca1 100644
+/etc/unbound/.*\.key -- gen_context(system_u:object_r:dnssec_t,s0)
+/etc/dnssec-trigger/dnssec_trigger_server\.key -- gen_context(system_u:object_r:dnssec_t,s0)
+
-+/lib/systemd/system/unbound.service -- gen_context(system_u:object_r:named_unit_file_t,s0)
-+/lib/systemd/system/unbound-keygen.service -- gen_context(system_u:object_r:named_unit_file_t,s0)
-+/lib/systemd/system/named.service -- gen_context(system_u:object_r:named_unit_file_t,s0)
++/lib/systemd/system/unbound.* -- gen_context(system_u:object_r:named_unit_file_t,s0)
++/lib/systemd/system/named.* -- gen_context(system_u:object_r:named_unit_file_t,s0)
+
-+/usr/lib/systemd/system/named.service -- gen_context(system_u:object_r:named_unit_file_t,s0)
++/usr/lib/systemd/system/unbound.* -- gen_context(system_u:object_r:named_unit_file_t,s0)
++/usr/lib/systemd/system/named.* -- gen_context(system_u:object_r:named_unit_file_t,s0)
/usr/sbin/lwresd -- gen_context(system_u:object_r:named_exec_t,s0)
/usr/sbin/named -- gen_context(system_u:object_r:named_exec_t,s0)
@@ -89129,14 +89136,15 @@ index 0000000..d5b66f6
+ gnome_search_gconf(blueman_t)
+')
diff --git a/policy/modules/services/bluetooth.fc b/policy/modules/services/bluetooth.fc
-index dc687e6..40b43c3 100644
+index dc687e6..02abd9a 100644
--- a/policy/modules/services/bluetooth.fc
+++ b/policy/modules/services/bluetooth.fc
-@@ -7,6 +7,8 @@
+@@ -7,6 +7,9 @@
/etc/rc\.d/init\.d/dund -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
/etc/rc\.d/init\.d/pand -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0)
-+/lib/systemd/system/bluetooth\.service -- gen_context(system_u:object_r:bluetooth_unit_file_t,s0)
++/lib/systemd/system/bluetooth.* -- gen_context(system_u:object_r:bluetooth_unit_file_t,s0)
++/usr/lib/systemd/system/bluetooth.* -- gen_context(system_u:object_r:bluetooth_unit_file_t,s0)
+
#
# /usr
@@ -91621,20 +91629,15 @@ index fa82327..898d0db 100644
gpsd_rw_shm(chronyd_t)
')
diff --git a/policy/modules/services/clamav.fc b/policy/modules/services/clamav.fc
-index e8e9a21..45cdeaf 100644
+index e8e9a21..eb0b83c 100644
--- a/policy/modules/services/clamav.fc
+++ b/policy/modules/services/clamav.fc
-@@ -8,9 +8,19 @@
+@@ -8,9 +8,14 @@
/usr/sbin/clamd -- gen_context(system_u:object_r:clamd_exec_t,s0)
/usr/sbin/clamav-milter -- gen_context(system_u:object_r:clamd_exec_t,s0)
-+/lib/systemd/system/clamd at scan\.service -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
-+/lib/systemd/system/clamd@\.service -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
-+/lib/systemd/system/clamd\.clamav\.service -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
-+
-+/usr/lib/systemd/system/clamd at scan\.service -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
-+/usr/lib/systemd/system/clamd@\.service -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
-+/usr/lib/systemd/system/clamd\.clamav\.service -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
++/lib/systemd/system/clamd.* -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
++/usr/lib/systemd/system/clamd.* -- gen_context(system_u:object_r:clamd_unit_file_t,s0)
+
/var/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
/var/lib/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
@@ -92406,10 +92409,10 @@ index f8463c0..126b293 100644
domain_system_change_exemption($1)
role_transition $2 cmirrord_initrc_exec_t system_r;
diff --git a/policy/modules/services/cobbler.fc b/policy/modules/services/cobbler.fc
-index 1cf6c4e..bd284a4 100644
+index 1cf6c4e..a3cb6c3 100644
--- a/policy/modules/services/cobbler.fc
+++ b/policy/modules/services/cobbler.fc
-@@ -1,7 +1,35 @@
+@@ -1,7 +1,37 @@
-/etc/cobbler(/.*)? gen_context(system_u:object_r:cobbler_etc_t, s0)
-/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0)
@@ -92418,7 +92421,9 @@ index 1cf6c4e..bd284a4 100644
+
+/etc/rc\.d/init\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t,s0)
+
-+/lib/systemd/system/cobblerd.*.service -- gen_context(system_u:object_r:cobblerd_unit_file_t,s0)
++/lib/systemd/system/cobblerd.* -- gen_context(system_u:object_r:cobblerd_unit_file_t,s0)
++
++/usr/lib/systemd/system/cobblerd.* -- gen_context(system_u:object_r:cobblerd_unit_file_t,s0)
+
+/usr/bin/cobblerd -- gen_context(system_u:object_r:cobblerd_exec_t,s0)
+
@@ -92916,14 +92921,15 @@ index 0258b48..5f685a0 100644
manage_files_pattern(cobblerd_t, httpd_cobbler_content_rw_t, httpd_cobbler_content_rw_t)
diff --git a/policy/modules/services/collectd.fc b/policy/modules/services/collectd.fc
new file mode 100644
-index 0000000..498643a
+index 0000000..7f89824
--- /dev/null
+++ b/policy/modules/services/collectd.fc
-@@ -0,0 +1,13 @@
+@@ -0,0 +1,14 @@
+
+/etc/rc\.d/init\.d/collectd -- gen_context(system_u:object_r:collectd_initrc_exec_t,s0)
+
-+/lib/systemd/system/collectd\.service -- gen_context(system_u:object_r:collectd_unit_file_t,s0)
++/lib/systemd/system/collectd.* -- gen_context(system_u:object_r:collectd_unit_file_t,s0)
++/usr/lib/systemd/system/collectd.* -- gen_context(system_u:object_r:collectd_unit_file_t,s0)
+
+/usr/sbin/collectd -- gen_context(system_u:object_r:collectd_exec_t,s0)
+
@@ -93220,14 +93226,15 @@ index 0000000..e7ca6fc
+')
+
diff --git a/policy/modules/services/colord.fc b/policy/modules/services/colord.fc
-index 78b2fea..c13e863 100644
+index 78b2fea..fe2456c 100644
--- a/policy/modules/services/colord.fc
+++ b/policy/modules/services/colord.fc
-@@ -1,4 +1,7 @@
+@@ -1,4 +1,8 @@
/usr/libexec/colord -- gen_context(system_u:object_r:colord_exec_t,s0)
+/usr/libexec/colord-sane -- gen_context(system_u:object_r:colord_exec_t,s0)
+
-+/lib/systemd/system/colord.*\.service -- gen_context(system_u:object_r:colord_unit_file_t,s0)
++/lib/systemd/system/colord.* -- gen_context(system_u:object_r:colord_unit_file_t,s0)
++/usr/lib/systemd/system/colord.* -- gen_context(system_u:object_r:colord_unit_file_t,s0)
/var/lib/color(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0)
/var/lib/colord(/.*)? gen_context(system_u:object_r:colord_var_lib_t,s0)
@@ -93393,11 +93400,11 @@ index 74505cc..dbd4f7f 100644
+')
diff --git a/policy/modules/services/condor.fc b/policy/modules/services/condor.fc
new file mode 100644
-index 0000000..a9ad037
+index 0000000..f838fdf
--- /dev/null
+++ b/policy/modules/services/condor.fc
@@ -0,0 +1,20 @@
-+/usr/lib/systemd/system/condor.service -- gen_context(system_u:object_r:condor_unit_file_t,s0)
++/usr/lib/systemd/system/condor.* -- gen_context(system_u:object_r:condor_unit_file_t,s0)
+
+/usr/sbin/condor_master -- gen_context(system_u:object_r:condor_master_exec_t,s0)
+/usr/sbin/condor_collector -- gen_context(system_u:object_r:condor_collector_exec_t,s0)
@@ -93965,11 +93972,12 @@ index 0000000..e1f7dcb
+ unconfined_domain(condor_startd_t)
+')
diff --git a/policy/modules/services/consolekit.fc b/policy/modules/services/consolekit.fc
-index 32233ab..8a073d1 100644
+index 32233ab..42bce81 100644
--- a/policy/modules/services/consolekit.fc
+++ b/policy/modules/services/consolekit.fc
-@@ -1,3 +1,5 @@
-+/lib/systemd/system/console-kit.*\.service -- gen_context(system_u:object_r:consolekit_unit_file_t,s0)
+@@ -1,3 +1,6 @@
++/lib/systemd/system/console-kit.* -- gen_context(system_u:object_r:consolekit_unit_file_t,s0)
++/usr/lib/systemd/system/console-kit.* -- gen_context(system_u:object_r:consolekit_unit_file_t,s0)
+
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
@@ -94206,14 +94214,15 @@ index e67a003..cc813f3 100644
unconfined_stream_connect(consolekit_t)
')
diff --git a/policy/modules/services/corosync.fc b/policy/modules/services/corosync.fc
-index 3a6d7eb..91569e7 100644
+index 3a6d7eb..61eba8f 100644
--- a/policy/modules/services/corosync.fc
+++ b/policy/modules/services/corosync.fc
-@@ -1,12 +1,22 @@
+@@ -1,12 +1,23 @@
/etc/rc\.d/init\.d/corosync -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
+/etc/rc\.d/init\.d/heartbeat -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0)
+
-+/lib/systemd/system/corosync.*\.service -- gen_context(system_u:object_r:corosync_unit_file_t,s0)
++/lib/systemd/system/corosync.* -- gen_context(system_u:object_r:corosync_unit_file_t,s0)
++/usr/lib/systemd/system/corosync.* -- gen_context(system_u:object_r:corosync_unit_file_t,s0)
/usr/sbin/corosync -- gen_context(system_u:object_r:corosync_exec_t,s0)
+/usr/sbin/corosync-notifyd -- gen_context(system_u:object_r:corosync_exec_t,s0)
@@ -94465,7 +94474,7 @@ index 04969e5..bc57217 100644
+
diff --git a/policy/modules/services/couchdb.fc b/policy/modules/services/couchdb.fc
new file mode 100644
-index 0000000..a0c0865
+index 0000000..196461b
--- /dev/null
+++ b/policy/modules/services/couchdb.fc
@@ -0,0 +1,11 @@
@@ -94473,7 +94482,7 @@ index 0000000..a0c0865
+
+/usr/bin/couchdb -- gen_context(system_u:object_r:couchdb_exec_t,s0)
+
-+/usr/lib/systemd/system/couchdb.service -- gen_context(system_u:object_r:couchdb_unit_file_t,s0)
++/usr/lib/systemd/system/couchdb.* -- gen_context(system_u:object_r:couchdb_unit_file_t,s0)
+
+/var/lib/couchdb(/.*)? gen_context(system_u:object_r:couchdb_var_lib_t,s0)
+
@@ -95043,20 +95052,21 @@ index 13d2f63..861fad7 100644
')
diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc
-index 2eefc08..d520976 100644
+index 2eefc08..a1af527 100644
--- a/policy/modules/services/cron.fc
+++ b/policy/modules/services/cron.fc
-@@ -2,6 +2,9 @@
+@@ -2,6 +2,10 @@
/etc/cron\.d(/.*)? gen_context(system_u:object_r:system_cron_spool_t,s0)
/etc/crontab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
-+/lib/systemd/system/atd\.service -- gen_context(system_u:object_r:crond_unit_file_t,s0)
-+/lib/systemd/system/crond\.service -- gen_context(system_u:object_r:crond_unit_file_t,s0)
-+/usr/lib/systemd/system/crond\.service -- gen_context(system_u:object_r:crond_unit_file_t,s0)
++/lib/systemd/system/atd.* -- gen_context(system_u:object_r:crond_unit_file_t,s0)
++/lib/systemd/system/crond.* -- gen_context(system_u:object_r:crond_unit_file_t,s0)
++/usr/lib/systemd/system/atd.* -- gen_context(system_u:object_r:crond_unit_file_t,s0)
++/usr/lib/systemd/system/crond.* -- gen_context(system_u:object_r:crond_unit_file_t,s0)
/usr/bin/at -- gen_context(system_u:object_r:crontab_exec_t,s0)
/usr/bin/(f)?crontab -- gen_context(system_u:object_r:crontab_exec_t,s0)
-@@ -14,14 +17,15 @@
+@@ -14,14 +18,15 @@
/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -95074,7 +95084,7 @@ index 2eefc08..d520976 100644
#/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0)
/var/spool/cron/[^/]* -- <<none>>
-@@ -45,3 +49,5 @@ ifdef(`distro_suse', `
+@@ -45,3 +50,5 @@ ifdef(`distro_suse', `
/var/spool/fcron/systab\.orig -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
/var/spool/fcron/new\.systab -- gen_context(system_u:object_r:system_cron_spool_t,s0)
@@ -96472,14 +96482,14 @@ index 0000000..284fbae
+ sysnet_domtrans_ifconfig(ctdbd_t)
+')
diff --git a/policy/modules/services/cups.fc b/policy/modules/services/cups.fc
-index 1b492ed..5810711 100644
+index 1b492ed..d3e9822 100644
--- a/policy/modules/services/cups.fc
+++ b/policy/modules/services/cups.fc
@@ -19,7 +19,10 @@
/etc/printcap.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
-+/lib/systemd/system/cups\.service -- gen_context(system_u:object_r:cupsd_unit_file_t,s0)
++/usr/lib/systemd/system/cups.* -- gen_context(system_u:object_r:cupsd_unit_file_t,s0)
+
/lib/udev/udev-configure-printer -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
+/usr/lib/udev/udev-configure-printer -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
@@ -101937,16 +101947,17 @@ index 9b7036a..4770f61 100644
diff --git a/policy/modules/services/firewalld.fc b/policy/modules/services/firewalld.fc
new file mode 100644
-index 0000000..b468a30
+index 0000000..2920a80
--- /dev/null
+++ b/policy/modules/services/firewalld.fc
-@@ -0,0 +1,13 @@
+@@ -0,0 +1,14 @@
+
+/etc/rc\.d/init\.d/firewalld -- gen_context(system_u:object_r:firewalld_initrc_exec_t,s0)
+
+/etc/firewalld(/.*)? gen_context(system_u:object_r:firewalld_etc_rw_t,s0)
+
-+/lib/systemd/system/firewalld\.service -- gen_context(system_u:object_r:firewalld_unit_file_t,s0)
++/lib/systemd/system/firewalld.* -- gen_context(system_u:object_r:firewalld_unit_file_t,s0)
++/usr/lib/systemd/system/firewalld.* -- gen_context(system_u:object_r:firewalld_unit_file_t,s0)
+
+/usr/sbin/firewalld -- gen_context(system_u:object_r:firewalld_exec_t,s0)
+
@@ -106365,13 +106376,13 @@ index 0000000..21e49e3
+miscfiles_read_localization(keyboardd_t)
diff --git a/policy/modules/services/keystone.fc b/policy/modules/services/keystone.fc
new file mode 100644
-index 0000000..4917088
+index 0000000..408d6c0
--- /dev/null
+++ b/policy/modules/services/keystone.fc
@@ -0,0 +1,7 @@
+/usr/bin/keystone-all -- gen_context(system_u:object_r:keystone_exec_t,s0)
+
-+/usr/lib/systemd/system/openstack-keystone.service -- gen_context(system_u:object_r:keystone_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-keystone.* -- gen_context(system_u:object_r:keystone_unit_file_t,s0)
+
+/var/lib/keystone(/.*)? gen_context(system_u:object_r:keystone_var_lib_t,s0)
+
@@ -108320,7 +108331,7 @@ index 0000000..5b84980
+')
diff --git a/policy/modules/services/matahari.fc b/policy/modules/services/matahari.fc
new file mode 100644
-index 0000000..22adc4a
+index 0000000..8d0e555
--- /dev/null
+++ b/policy/modules/services/matahari.fc
@@ -0,0 +1,44 @@
@@ -108330,19 +108341,19 @@ index 0000000..22adc4a
+/etc/rc\.d/init\.d/matahari-sysconfig -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
+/etc/rc\.d/init.d/matahari-sysconfig-console -- gen_context(system_u:object_r:matahari_initrc_exec_t,s0)
+
-+/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0)
-+/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0)
-+/lib/systemd/system/matahari-rpc.service -- gen_context(system_u:object_r:matahari_rpcd_unit_file_t,s0)
-+/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0)
-+/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
-+/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
++/lib/systemd/system/matahari-host.* -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0)
++/lib/systemd/system/matahari-network.* -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0)
++/lib/systemd/system/matahari-rpc.* -- gen_context(system_u:object_r:matahari_rpcd_unit_file_t,s0)
++/lib/systemd/system/matahari-service.* -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0)
++/lib/systemd/system/matahari-sysconfig.* -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
++/lib/systemd/system/matahari-sysconfig-console.* -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
+
-+/usr/lib/systemd/system/matahari-host\.service -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0)
-+/usr/lib/systemd/system/matahari-network\.service -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0)
-+/usr/lib/systemd/system/matahari-rpc.service -- gen_context(system_u:object_r:matahari_rpcd_unit_file_t,s0)
-+/usr/lib/systemd/system/matahari-service\.service -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0)
-+/usr/lib/systemd/system/matahari-sysconfig\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
-+/usr/lib/systemd/system/matahari-sysconfig-console\.service -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
++/usr/lib/systemd/system/matahari-host.* -- gen_context(system_u:object_r:matahari_hostd_unit_file_t,s0)
++/usr/lib/systemd/system/matahari-network.* -- gen_context(system_u:object_r:matahari_netd_unit_file_t,s0)
++/usr/lib/systemd/system/matahari-rpc.* -- gen_context(system_u:object_r:matahari_rpcd_unit_file_t,s0)
++/usr/lib/systemd/system/matahari-service.* -- gen_context(system_u:object_r:matahari_serviced_unit_file_t,s0)
++/usr/lib/systemd/system/matahari-sysconfig.* -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
++/usr/lib/systemd/system/matahari-sysconfig-console.* -- gen_context(system_u:object_r:matahari_sysconfigd_unit_file_t,s0)
+
+
+/usr/sbin/matahari-hostd -- gen_context(system_u:object_r:matahari_hostd_exec_t,s0)
@@ -111336,10 +111347,10 @@ index f17583b..923fdfb 100644
+ nscd_socket_use(munin_plugin_domain)
+')
diff --git a/policy/modules/services/mysql.fc b/policy/modules/services/mysql.fc
-index cc7192c..eeb72ba 100644
+index cc7192c..f121707 100644
--- a/policy/modules/services/mysql.fc
+++ b/policy/modules/services/mysql.fc
-@@ -1,6 +1,14 @@
+@@ -1,6 +1,16 @@
# mysql database server
#
@@ -111348,7 +111359,9 @@ index cc7192c..eeb72ba 100644
+HOME_DIR/\.my\.cnf -- gen_context(system_u:object_r:mysqld_home_t, s0)
+/root/\.my\.cnf -- gen_context(system_u:object_r:mysqld_home_t, s0)
+
-+/lib/systemd/system/mysqld\.service -- gen_context(system_u:object_r:mysqld_unit_file_t,s0)
++/lib/systemd/system/mysqld.* -- gen_context(system_u:object_r:mysqld_unit_file_t,s0)
++
++/usr/lib/systemd/system/mysqld.* -- gen_context(system_u:object_r:mysqld_unit_file_t,s0)
+
+#
# /etc
@@ -112257,7 +112270,7 @@ index 74da57f..b94bb3b 100644
/usr/sbin/nessusd -- gen_context(system_u:object_r:nessusd_exec_t,s0)
diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc
-index 386543b..0f1f9c4 100644
+index 386543b..5d84233 100644
--- a/policy/modules/services/networkmanager.fc
+++ b/policy/modules/services/networkmanager.fc
@@ -1,6 +1,21 @@
@@ -112277,9 +112290,9 @@ index 386543b..0f1f9c4 100644
+/etc/wicd/wireless-settings.conf -- gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
+/etc/wicd/wired-settings.conf -- gen_context(system_u:object_r:NetworkManager_var_lib_t, s0)
+
-+/lib/systemd/system/NetworkManager\.service -- gen_context(system_u:object_r:NetworkManager_unit_file_t,s0)
++/lib/systemd/system/NetworkManager.* -- gen_context(system_u:object_r:NetworkManager_unit_file_t,s0)
+
-+/usr/lib/systemd/system/NetworkManager\.service -- gen_context(system_u:object_r:NetworkManager_unit_file_t,s0)
++/usr/lib/systemd/system/NetworkManager.* -- gen_context(system_u:object_r:NetworkManager_unit_file_t,s0)
/usr/libexec/nm-dispatcher.action -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0)
@@ -112721,7 +112734,7 @@ index 0619395..103f6f8 100644
########################################
diff --git a/policy/modules/services/nis.fc b/policy/modules/services/nis.fc
-index 15448d5..4d55961 100644
+index 15448d5..d8d7571 100644
--- a/policy/modules/services/nis.fc
+++ b/policy/modules/services/nis.fc
@@ -1,5 +1,5 @@
@@ -112749,15 +112762,15 @@ index 15448d5..4d55961 100644
/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
+
-+/lib/systemd/system/ypbind\.service -- gen_context(system_u:object_r:ypbind_unit_file_t,s0)
-+/lib/systemd/system/ypserv\.service -- gen_context(system_u:object_r:nis_unit_file_t,s0)
-+/lib/systemd/system/yppasswdd\.service -- gen_context(system_u:object_r:nis_unit_file_t,s0)
-+/lib/systemd/system/ypxfrd\.service -- gen_context(system_u:object_r:nis_unit_file_t,s0)
++/lib/systemd/system/ypbind.* -- gen_context(system_u:object_r:ypbind_unit_file_t,s0)
++/lib/systemd/system/ypserv.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
++/lib/systemd/system/yppasswdd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
++/lib/systemd/system/ypxfrd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
+
-+/usr/lib/systemd/system/ypbind\.service -- gen_context(system_u:object_r:ypbind_unit_file_t,s0)
-+/usr/lib/systemd/system/ypserv\.service -- gen_context(system_u:object_r:nis_unit_file_t,s0)
-+/usr/lib/systemd/system/yppasswdd\.service -- gen_context(system_u:object_r:nis_unit_file_t,s0)
-+/usr/lib/systemd/system/ypxfrd\.service -- gen_context(system_u:object_r:nis_unit_file_t,s0)
++/usr/lib/systemd/system/ypbind.* -- gen_context(system_u:object_r:ypbind_unit_file_t,s0)
++/usr/lib/systemd/system/ypserv.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
++/usr/lib/systemd/system/yppasswdd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
++/usr/lib/systemd/system/ypxfrd.* -- gen_context(system_u:object_r:nis_unit_file_t,s0)
diff --git a/policy/modules/services/nis.if b/policy/modules/services/nis.if
index abe3f7f..8ba3aef 100644
--- a/policy/modules/services/nis.if
@@ -113058,7 +113071,7 @@ index 4876cae..9f3b09b 100644
diff --git a/policy/modules/services/nova.fc b/policy/modules/services/nova.fc
new file mode 100644
-index 0000000..a2bc7ca
+index 0000000..03d78ae
--- /dev/null
+++ b/policy/modules/services/nova.fc
@@ -0,0 +1,40 @@
@@ -113075,27 +113088,27 @@ index 0000000..a2bc7ca
+/usr/bin/nova-vncproxy -- gen_context(system_u:object_r:nova_vncproxy_exec_t,s0)
+/usr/bin/nova-volume -- gen_context(system_u:object_r:nova_volume_exec_t,s0)
+
-+/lib/systemd/system/openstack-nova-ajax-console-proxy\.service -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
-+/lib/systemd/system/openstack-nova-api\.service -- gen_context(system_u:object_r:nova_api_unit_file_t,s0)
-+/lib/systemd/system/openstack-nova-cert\.service -- gen_context(system_u:object_r:nova_cert_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-ajax-console-proxy.* -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-api.* -- gen_context(system_u:object_r:nova_api_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-cert.* -- gen_context(system_u:object_r:nova_cert_unit_file_t,s0)
+#/lib/systemd/system/openstack-nova-compute.service
-+/lib/systemd/system/openstack-nova-direct-api\.service -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
-+/lib/systemd/system/openstack-nova-network\.service -- gen_context(system_u:object_r:nova_network_unit_file_t,s0)
-+/lib/systemd/system/openstack-nova-objectstore\.service -- gen_context(system_u:object_r:nova_objectstore_unit_file_t,s0)
-+/lib/systemd/system/openstack-nova-scheduler\.service -- gen_context(system_u:object_r:nova_scheduler_unit_file_t,s0)
-+/lib/systemd/system/openstack-nova-vncproxy\.service -- gen_context(system_u:object_r:nova_vncproxy_unit_file_t,s0)
-+/lib/systemd/system/openstack-nova-volume\.service -- gen_context(system_u:object_r:nova_volume_unit_file_t,s0)
-+
-+/usr/lib/systemd/system/openstack-nova-ajax-console-proxy\.service -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
-+/usr/lib/systemd/system/openstack-nova-api\.service -- gen_context(system_u:object_r:nova_api_unit_file_t,s0)
-+/usr/lib/systemd/system/openstack-nova-cert\.service -- gen_context(system_u:object_r:nova_cert_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-direct-api.* -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-network.* -- gen_context(system_u:object_r:nova_network_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-objectstore.* -- gen_context(system_u:object_r:nova_objectstore_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-scheduler.* -- gen_context(system_u:object_r:nova_scheduler_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-vncproxy.* -- gen_context(system_u:object_r:nova_vncproxy_unit_file_t,s0)
++/lib/systemd/system/openstack-nova-volume.* -- gen_context(system_u:object_r:nova_volume_unit_file_t,s0)
++
++/usr/lib/systemd/system/openstack-nova-ajax-console-proxy.* -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-api.* -- gen_context(system_u:object_r:nova_api_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-cert.* -- gen_context(system_u:object_r:nova_cert_unit_file_t,s0)
+#/lib/systemd/system/openstack-nova-compute.service
-+/usr/lib/systemd/system/openstack-nova-direct-api\.service -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
-+/usr/lib/systemd/system/openstack-nova-network\.service -- gen_context(system_u:object_r:nova_network_unit_file_t,s0)
-+/usr/lib/systemd/system/openstack-nova-objectstore\.service -- gen_context(system_u:object_r:nova_objectstore_unit_file_t,s0)
-+/usr/lib/systemd/system/openstack-nova-scheduler\.service -- gen_context(system_u:object_r:nova_scheduler_unit_file_t,s0)
-+/usr/lib/systemd/system/openstack-nova-vncproxy\.service -- gen_context(system_u:object_r:nova_vncproxy_unit_file_t,s0)
-+/usr/lib/systemd/system/openstack-nova-volume\.service -- gen_context(system_u:object_r:nova_volume_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-direct-api.* -- gen_context(system_u:object_r:nova_direct_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-network.* -- gen_context(system_u:object_r:nova_network_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-objectstore.* -- gen_context(system_u:object_r:nova_objectstore_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-scheduler.* -- gen_context(system_u:object_r:nova_scheduler_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-vncproxy.* -- gen_context(system_u:object_r:nova_vncproxy_unit_file_t,s0)
++/usr/lib/systemd/system/openstack-nova-volume.* -- gen_context(system_u:object_r:nova_volume_unit_file_t,s0)
+
+/var/lib/nova(/.*)? gen_context(system_u:object_r:nova_var_lib_t,s0)
+
@@ -113916,16 +113929,16 @@ index ded9fb6..9d1e60a 100644
manage_files_pattern(ntop_t, ntop_var_run_t, ntop_var_run_t)
files_pid_filetrans(ntop_t, ntop_var_run_t, file)
diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc
-index e79dccc..82a62e9 100644
+index e79dccc..55ad854 100644
--- a/policy/modules/services/ntp.fc
+++ b/policy/modules/services/ntp.fc
@@ -10,6 +10,10 @@
/etc/rc\.d/init\.d/ntpd -- gen_context(system_u:object_r:ntpd_initrc_exec_t,s0)
-+/lib/systemd/system/ntpd\.service -- gen_context(system_u:object_r:ntpd_unit_file_t,s0)
++/lib/systemd/system/ntpd.* -- gen_context(system_u:object_r:ntpd_unit_file_t,s0)
+
-+/usr/lib/systemd/system/ntpd\.service -- gen_context(system_u:object_r:ntpd_unit_file_t,s0)
++/usr/lib/systemd/system/ntpd.* -- gen_context(system_u:object_r:ntpd_unit_file_t,s0)
+
/usr/sbin/ntpd -- gen_context(system_u:object_r:ntpd_exec_t,s0)
/usr/sbin/ntpdate -- gen_context(system_u:object_r:ntpdate_exec_t,s0)
@@ -114069,13 +114082,13 @@ index c61adc8..09bb140 100644
diff --git a/policy/modules/services/numad.fc b/policy/modules/services/numad.fc
new file mode 100644
-index 0000000..d4aeefc
+index 0000000..be6fcb0
--- /dev/null
+++ b/policy/modules/services/numad.fc
@@ -0,0 +1,7 @@
+/usr/bin/numad -- gen_context(system_u:object_r:numad_exec_t,s0)
+
-+/usr/lib/systemd/system/numad\.service -- gen_context(system_u:object_r:numad_unit_file_t,s0)
++/usr/lib/systemd/system/numad.* -- gen_context(system_u:object_r:numad_unit_file_t,s0)
+
+/var/log/numad\.log -- gen_context(system_u:object_r:numad_var_log_t,s0)
+
@@ -115187,13 +115200,13 @@ index 8b550f4..3075607 100644
+')
diff --git a/policy/modules/services/pacemaker.fc b/policy/modules/services/pacemaker.fc
new file mode 100644
-index 0000000..a8693fc
+index 0000000..4e915ab
--- /dev/null
+++ b/policy/modules/services/pacemaker.fc
@@ -0,0 +1,11 @@
+/etc/rc\.d/init\.d/pacemaker -- gen_context(system_u:object_r:pacemaker_initrc_exec_t,s0)
+
-+/usr/lib/systemd/system/pacemaker.service -- gen_context(system_u:object_r:pacemaker_unit_file_t,s0)
++/usr/lib/systemd/system/pacemaker.* -- gen_context(system_u:object_r:pacemaker_unit_file_t,s0)
+
+/usr/sbin/pacemakerd -- gen_context(system_u:object_r:pacemaker_exec_t,s0)
+
@@ -117120,10 +117133,10 @@ index 1e7169d..fdb8fc0 100644
-
diff --git a/policy/modules/services/polipo.fc b/policy/modules/services/polipo.fc
new file mode 100644
-index 0000000..e108c40
+index 0000000..81419ea
--- /dev/null
+++ b/policy/modules/services/polipo.fc
-@@ -0,0 +1,16 @@
+@@ -0,0 +1,17 @@
+HOME_DIR/\.polipo -- gen_context(system_u:object_r:polipo_config_home_t,s0)
+HOME_DIR/\.polipo-cache(/.*)? gen_context(system_u:object_r:polipo_cache_home_t,s0)
+
@@ -117131,7 +117144,8 @@ index 0000000..e108c40
+
+/etc/rc\.d/init\.d/polipo -- gen_context(system_u:object_r:polipo_initrc_exec_t,s0)
+
-+/lib/systemd/system/polipo\.service -- gen_context(system_u:object_r:polipo_unit_file_t,s0)
++/lib/systemd/system/polipo.* -- gen_context(system_u:object_r:polipo_unit_file_t,s0)
++/usr/lib/systemd/system/polipo.* -- gen_context(system_u:object_r:polipo_unit_file_t,s0)
+
+/usr/bin/polipo -- gen_context(system_u:object_r:polipo_exec_t,s0)
+
@@ -121312,7 +121326,7 @@ index cb7ecb5..52cb067 100644
+')
diff --git a/policy/modules/services/quantum.fc b/policy/modules/services/quantum.fc
new file mode 100644
-index 0000000..0a1d62b
+index 0000000..9108437
--- /dev/null
+++ b/policy/modules/services/quantum.fc
@@ -0,0 +1,10 @@
@@ -121321,7 +121335,7 @@ index 0000000..0a1d62b
+/usr/bin/quantum-linuxbridge-agent -- gen_context(system_u:object_r:quantum_exec_t,s0)
+/usr/bin/quantum-ryu-agent -- gen_context(system_u:object_r:quantum_exec_t,s0)
+
-+/usr/lib/systemd/system/quantum.*.service -- gen_context(system_u:object_r:quantum_unit_file_t,s0)
++/usr/lib/systemd/system/quantum.* -- gen_context(system_u:object_r:quantum_unit_file_t,s0)
+
+/var/lib/quantum(/.*)? gen_context(system_u:object_r:quantum_var_lib_t,s0)
+
@@ -123108,15 +123122,15 @@ index 93c896a..116db0f 100644
+')
diff --git a/policy/modules/services/rhev.fc b/policy/modules/services/rhev.fc
new file mode 100644
-index 0000000..3599f59
+index 0000000..cf8d6f4
--- /dev/null
+++ b/policy/modules/services/rhev.fc
@@ -0,0 +1,9 @@
+/usr/share/rhev-agent/rhev-agentd\.py -- gen_context(system_u:object_r:rhev_agentd_exec_t,s0)
+/usr/share/ovirt-guest-agent -- gen_context(system_u:object_r:rhev_agentd_exec_t,s0)
+
-+/lib/systemd/system/ovirt-guest-agent\.service -- gen_context(system_u:object_r:rhev_agentd_unit_file_t,s0)
-+/usr/lib/systemd/system/ovirt-guest-agent\.serviceservice -- gen_context(system_u:object_r:rhev_agentd_unit_file_t,s0)
++/lib/systemd/system/ovirt-guest-agent.* -- gen_context(system_u:object_r:rhev_agentd_unit_file_t,s0)
++/usr/lib/systemd/system/ovirt-guest-agent.* -- gen_context(system_u:object_r:rhev_agentd_unit_file_t,s0)
+
+/var/run/rhev-agentd\.pid -- gen_context(system_u:object_r:rhev_agentd_var_run_t,s0)
+
@@ -124538,7 +124552,7 @@ index cda37bb..b3469d6 100644
+ allow $1 var_lib_nfs_t:file relabel_file_perms;
')
diff --git a/policy/modules/services/rpc.te b/policy/modules/services/rpc.te
-index b1468ed..bc7c2d1 100644
+index b1468ed..d9b4001 100644
--- a/policy/modules/services/rpc.te
+++ b/policy/modules/services/rpc.te
@@ -6,18 +6,18 @@ policy_module(rpc, 1.12.0)
@@ -124599,7 +124613,14 @@ index b1468ed..bc7c2d1 100644
# rpc.statd executes sm-notify
can_exec(rpcd_t, rpcd_exec_t)
-@@ -87,6 +94,7 @@ fs_read_rpc_files(rpcd_t)
+@@ -81,12 +88,14 @@ corecmd_exec_bin(rpcd_t)
+
+ files_manage_mounttab(rpcd_t)
+ files_getattr_all_dirs(rpcd_t)
++files_read_usr_files(rpcd_t)
+
+ fs_list_rpc(rpcd_t)
+ fs_read_rpc_files(rpcd_t)
fs_read_rpc_symlinks(rpcd_t)
fs_rw_rpc_sockets(rpcd_t)
fs_get_all_fs_quotas(rpcd_t)
@@ -124607,7 +124628,7 @@ index b1468ed..bc7c2d1 100644
fs_getattr_all_fs(rpcd_t)
storage_getattr_fixed_disk_dev(rpcd_t)
-@@ -97,21 +105,41 @@ miscfiles_read_generic_certs(rpcd_t)
+@@ -97,21 +106,41 @@ miscfiles_read_generic_certs(rpcd_t)
seutil_dontaudit_search_config(rpcd_t)
@@ -124649,7 +124670,7 @@ index b1468ed..bc7c2d1 100644
allow nfsd_t exports_t:file read_file_perms;
allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
-@@ -120,9 +148,16 @@ allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
+@@ -120,9 +149,16 @@ allow nfsd_t { nfsd_rw_t nfsd_ro_t }:dir list_dir_perms;
kernel_read_system_state(nfsd_t)
kernel_read_network_state(nfsd_t)
kernel_dontaudit_getattr_core_if(nfsd_t)
@@ -124666,8 +124687,11 @@ index b1468ed..bc7c2d1 100644
dev_dontaudit_getattr_all_blk_files(nfsd_t)
dev_dontaudit_getattr_all_chr_files(nfsd_t)
-@@ -137,10 +172,9 @@ files_manage_mounttab(nfsd_t)
+@@ -135,12 +171,12 @@ files_getattr_tmp_dirs(nfsd_t)
+ # cjp: this should really have its own type
+ files_manage_mounttab(nfsd_t)
files_read_etc_runtime_files(nfsd_t)
++files_read_usr_files(nfsd_t)
fs_mount_nfsd_fs(nfsd_t)
-fs_search_nfsd_fs(nfsd_t)
@@ -124678,7 +124702,7 @@ index b1468ed..bc7c2d1 100644
storage_dontaudit_read_fixed_disk(nfsd_t)
storage_raw_read_removable_device(nfsd_t)
-@@ -148,6 +182,8 @@ storage_raw_read_removable_device(nfsd_t)
+@@ -148,6 +184,8 @@ storage_raw_read_removable_device(nfsd_t)
# Read access to public_content_t and public_content_rw_t
miscfiles_read_public_files(nfsd_t)
@@ -124687,7 +124711,7 @@ index b1468ed..bc7c2d1 100644
# Write access to public_content_t and public_content_rw_t
tunable_policy(`allow_nfsd_anon_write',`
miscfiles_manage_public_files(nfsd_t)
-@@ -158,7 +194,6 @@ tunable_policy(`nfs_export_all_rw',`
+@@ -158,7 +196,6 @@ tunable_policy(`nfs_export_all_rw',`
dev_getattr_all_chr_files(nfsd_t)
fs_read_noxattr_fs_files(nfsd_t)
@@ -124695,7 +124719,7 @@ index b1468ed..bc7c2d1 100644
')
tunable_policy(`nfs_export_all_ro',`
-@@ -170,8 +205,11 @@ tunable_policy(`nfs_export_all_ro',`
+@@ -170,8 +207,11 @@ tunable_policy(`nfs_export_all_ro',`
fs_read_noxattr_fs_files(nfsd_t)
@@ -124709,7 +124733,7 @@ index b1468ed..bc7c2d1 100644
')
########################################
-@@ -181,7 +219,7 @@ tunable_policy(`nfs_export_all_ro',`
+@@ -181,7 +221,7 @@ tunable_policy(`nfs_export_all_ro',`
allow gssd_t self:capability { dac_override dac_read_search setuid sys_nice };
allow gssd_t self:process { getsched setsched };
@@ -124718,7 +124742,7 @@ index b1468ed..bc7c2d1 100644
manage_dirs_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
manage_files_pattern(gssd_t, gssd_tmp_t, gssd_tmp_t)
-@@ -199,6 +237,7 @@ corecmd_exec_bin(gssd_t)
+@@ -199,6 +239,7 @@ corecmd_exec_bin(gssd_t)
fs_list_rpc(gssd_t)
fs_rw_rpc_sockets(gssd_t)
fs_read_rpc_files(gssd_t)
@@ -124726,7 +124750,7 @@ index b1468ed..bc7c2d1 100644
fs_list_inotifyfs(gssd_t)
files_list_tmp(gssd_t)
-@@ -210,14 +249,14 @@ auth_manage_cache(gssd_t)
+@@ -210,14 +251,14 @@ auth_manage_cache(gssd_t)
miscfiles_read_generic_certs(gssd_t)
@@ -124743,7 +124767,7 @@ index b1468ed..bc7c2d1 100644
')
optional_policy(`
-@@ -229,6 +268,10 @@ optional_policy(`
+@@ -229,6 +270,10 @@ optional_policy(`
')
optional_policy(`
@@ -125211,19 +125235,19 @@ index a07b2f4..36b4903 100644
+
+userdom_getattr_user_terminals(rwho_t)
diff --git a/policy/modules/services/samba.fc b/policy/modules/services/samba.fc
-index 69a6074..a314e70 100644
+index 69a6074..cd3b8b4 100644
--- a/policy/modules/services/samba.fc
+++ b/policy/modules/services/samba.fc
@@ -11,9 +11,13 @@
/etc/samba/smbpasswd -- gen_context(system_u:object_r:samba_secrets_t,s0)
/etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0)
-+/lib/systemd/system/smb.service -- gen_context(system_u:object_r:samba_unit_file_t,s0)
++/lib/systemd/system/smb.* -- gen_context(system_u:object_r:samba_unit_file_t,s0)
+
#
# /usr
#
-+/usr/lib/systemd/system/smb.service -- gen_context(system_u:object_r:samba_unit_file_t,s0)
++/usr/lib/systemd/system/smb.* -- gen_context(system_u:object_r:samba_unit_file_t,s0)
+
/usr/bin/net -- gen_context(system_u:object_r:samba_net_exec_t,s0)
/usr/bin/ntlm_auth -- gen_context(system_u:object_r:winbind_helper_exec_t,s0)
@@ -130451,14 +130475,15 @@ index 665bf7c..55c5868 100644
+ iscsi_manage_semaphores(tgtd_t)
+')
diff --git a/policy/modules/services/tor.fc b/policy/modules/services/tor.fc
-index e2e06b2..e210bd0 100644
+index e2e06b2..ee50cb5 100644
--- a/policy/modules/services/tor.fc
+++ b/policy/modules/services/tor.fc
-@@ -4,6 +4,8 @@
+@@ -4,6 +4,9 @@
/usr/bin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
/usr/sbin/tor -- gen_context(system_u:object_r:tor_exec_t,s0)
-+/lib/systemd/system/tor\.service -- gen_context(system_u:object_r:tor_unit_file_t,s0)
++/lib/systemd/system/tor.* -- gen_context(system_u:object_r:tor_unit_file_t,s0)
++/usr/lib/systemd/system/tor.* -- gen_context(system_u:object_r:tor_unit_file_t,s0)
+
/var/lib/tor(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
/var/lib/tor-data(/.*)? gen_context(system_u:object_r:tor_var_lib_t,s0)
@@ -141205,22 +141230,25 @@ index 55a6cd8..02378d2 100644
+userdom_read_user_tmp_files(setkey_t)
diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc
-index 05fb364..a01ef9e 100644
+index 05fb364..b534565 100644
--- a/policy/modules/system/iptables.fc
+++ b/policy/modules/system/iptables.fc
-@@ -1,7 +1,8 @@
+@@ -1,7 +1,11 @@
/etc/rc\.d/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
-/etc/rc\.d/init\.d/ebtables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
-/etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
-/etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:iptables_conf_t,s0)
+/etc/rc\.d/init\.d/ebtables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0)
+
-+/lib/systemd/system/iptables.service -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
-+/lib/systemd/system/ip6tables.service -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
++/lib/systemd/system/iptables.* -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
++/lib/systemd/system/ip6tables.* -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
++
++/usr/lib/systemd/system/iptables.* -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
++/usr/lib/systemd/system/ip6tables.* -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
/sbin/ebtables -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ebtables-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
-@@ -12,8 +13,17 @@
+@@ -12,8 +16,15 @@
/sbin/ipvsadm -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ipvsadm-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
/sbin/ipvsadm-save -- gen_context(system_u:object_r:iptables_exec_t,s0)
@@ -141239,8 +141267,6 @@ index 05fb364..a01ef9e 100644
+/usr/sbin/ipvsadm-restore -- gen_context(system_u:object_r:iptables_exec_t,s0)
+/usr/sbin/ipvsadm-save -- gen_context(system_u:object_r:iptables_exec_t,s0)
+/usr/sbin/xtables-multi -- gen_context(system_u:object_r:iptables_exec_t,s0)
-+
-+/usr/lib/systemd/system/iptables6?.service -- gen_context(system_u:object_r:iptables_unit_file_t,s0)
diff --git a/policy/modules/system/iptables.if b/policy/modules/system/iptables.if
index 7ba53db..f4a49a0 100644
--- a/policy/modules/system/iptables.if
@@ -142392,19 +142418,20 @@ index a0b379d..95bf920 100644
- nscd_socket_use(sulogin_t)
-')
diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc
-index 02f4c97..56e3f71 100644
+index 02f4c97..b6abcb5 100644
--- a/policy/modules/system/logging.fc
+++ b/policy/modules/system/logging.fc
-@@ -6,6 +6,8 @@
+@@ -6,6 +6,9 @@
/etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0)
/etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0)
-+/lib/systemd/system/auditd\.service -- gen_context(system_u:object_r:auditd_unit_file_t,s0)
++/lib/systemd/system/auditd.* -- gen_context(system_u:object_r:auditd_unit_file_t,s0)
++/usr/lib/systemd/system/auditd.* -- gen_context(system_u:object_r:auditd_unit_file_t,s0)
+
/sbin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0)
/sbin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0)
/sbin/auditctl -- gen_context(system_u:object_r:auditctl_exec_t,s0)
-@@ -17,12 +19,28 @@
+@@ -17,12 +20,28 @@
/sbin/syslogd -- gen_context(system_u:object_r:syslogd_exec_t,s0)
/sbin/syslog-ng -- gen_context(system_u:object_r:syslogd_exec_t,s0)
@@ -142434,7 +142461,7 @@ index 02f4c97..56e3f71 100644
/var/lib/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
/var/lib/r?syslog(/.*)? gen_context(system_u:object_r:syslogd_var_lib_t,s0)
-@@ -34,11 +52,11 @@ ifdef(`distro_suse', `
+@@ -34,11 +53,11 @@ ifdef(`distro_suse', `
/var/axfrdns/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
/var/dnscache/log/main(/.*)? gen_context(system_u:object_r:var_log_t,s0)
@@ -142448,7 +142475,7 @@ index 02f4c97..56e3f71 100644
/var/log/messages[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/log/secure[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/log/cron[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
-@@ -46,6 +64,7 @@ ifdef(`distro_suse', `
+@@ -46,6 +65,7 @@ ifdef(`distro_suse', `
/var/log/spooler[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
/var/log/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_run_t,mls_systemhigh)
@@ -142456,7 +142483,7 @@ index 02f4c97..56e3f71 100644
ifndef(`distro_gentoo',`
/var/log/audit\.log -- gen_context(system_u:object_r:auditd_log_t,mls_systemhigh)
-@@ -54,6 +73,7 @@ ifndef(`distro_gentoo',`
+@@ -54,6 +74,7 @@ ifndef(`distro_gentoo',`
ifdef(`distro_redhat',`
/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0)
/var/named/chroot/dev/log -s gen_context(system_u:object_r:devlog_t,s0)
@@ -142464,7 +142491,7 @@ index 02f4c97..56e3f71 100644
')
/var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,mls_systemhigh)
-@@ -66,6 +86,7 @@ ifdef(`distro_redhat',`
+@@ -66,6 +87,7 @@ ifdef(`distro_redhat',`
/var/run/syslogd\.pid -- gen_context(system_u:object_r:syslogd_var_run_t,mls_systemhigh)
/var/run/syslog-ng.ctl -- gen_context(system_u:object_r:syslogd_var_run_t,s0)
/var/run/syslog-ng(/.*)? gen_context(system_u:object_r:syslogd_var_run_t,s0)
@@ -142472,7 +142499,7 @@ index 02f4c97..56e3f71 100644
/var/spool/audit(/.*)? gen_context(system_u:object_r:audit_spool_t,mls_systemhigh)
/var/spool/bacula/log(/.*)? gen_context(system_u:object_r:var_log_t,s0)
-@@ -73,4 +94,9 @@ ifdef(`distro_redhat',`
+@@ -73,4 +95,9 @@ ifdef(`distro_redhat',`
/var/spool/plymouth/boot\.log gen_context(system_u:object_r:var_log_t,mls_systemhigh)
/var/spool/rsyslog(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --git a/selinux-policy.spec b/selinux-policy.spec
index 3609121..87d5518 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -19,7 +19,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.10.0
-Release: 123%{?dist}
+Release: 124%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -491,6 +491,9 @@ SELinux Reference policy mls base module.
%endif
%changelog
+* Wed May 9 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-124
+- Make systemd unit files less specific
+
* Tue May 7 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-123
- Fix zarafa labeling
- Allow guest_t to fix labeling
More information about the scm-commits
mailing list