diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc index 6182ce3..26cae44 100644 --- a/policy/modules/kernel/corecommands.fc +++ b/policy/modules/kernel/corecommands.fc @@ -32,6 +32,14 @@ ifdef(`distro_redhat',` # # /etc # +/etc/apcupsd/apccontrol -- gen_context(system_u:object_r:bin_t,s0) +/etc/apcupsd/changeme -- gen_context(system_u:object_r:bin_t,s0) +/etc/apcupsd/commfailure -- gen_context(system_u:object_r:bin_t,s0) +/etc/apcupsd/commok -- gen_context(system_u:object_r:bin_t,s0) +/etc/apcupsd/masterconnect -- gen_context(system_u:object_r:bin_t,s0) +/etc/apcupsd/mastertimeout -- gen_context(system_u:object_r:bin_t,s0) +/etc/apcupsd/offbattery -- gen_context(system_u:object_r:bin_t,s0) +/etc/apcupsd/onbattery -- gen_context(system_u:object_r:bin_t,s0) /etc/cipe/ip-up.* -- gen_context(system_u:object_r:bin_t,s0) /etc/cipe/ip-down.* -- gen_context(system_u:object_r:bin_t,s0) @@ -91,6 +99,11 @@ ifdef(`distro_gentoo',` /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0) ') +ifdef(`distro_redhat',` +/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0) +/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0) +') + # # /sbin # @@ -168,8 +181,10 @@ ifdef(`distro_gentoo',` /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0) /usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0) -/usr/local/Brother/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0) -/usr/local/Brother/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/local/Brother(/.*)?/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/local/Brother(/.*)?/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0) +/usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0) /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0) diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te index 318185b..e233c4a 100644 --- a/policy/modules/kernel/corecommands.te +++ b/policy/modules/kernel/corecommands.te @@ -1,5 +1,5 @@ -policy_module(corecommands,1.8.4) +policy_module(corecommands,1.8.5) ######################################## # diff --git a/policy/modules/kernel/devices.fc b/policy/modules/kernel/devices.fc index 98b8424..d55a50c 100644 --- a/policy/modules/kernel/devices.fc +++ b/policy/modules/kernel/devices.fc @@ -3,6 +3,7 @@ /dev/.* gen_context(system_u:object_r:device_t,s0) /dev/.*mouse.* -c gen_context(system_u:object_r:mouse_device_t,s0) +/dev/admmidi.* -c gen_context(system_u:object_r:sound_device_t,s0) /dev/adsp.* -c gen_context(system_u:object_r:sound_device_t,s0) /dev/(misc/)?agpgart -c gen_context(system_u:object_r:agp_device_t,s0) /dev/aload.* -c gen_context(system_u:object_r:sound_device_t,s0) @@ -13,6 +14,7 @@ /dev/audio.* -c gen_context(system_u:object_r:sound_device_t,s0) /dev/beep -c gen_context(system_u:object_r:sound_device_t,s0) /dev/dmfm -c gen_context(system_u:object_r:sound_device_t,s0) +/dev/dmmidi.* -c gen_context(system_u:object_r:sound_device_t,s0) /dev/dsp.* -c gen_context(system_u:object_r:sound_device_t,s0) /dev/efirtc -c gen_context(system_u:object_r:clock_device_t,s0) /dev/em8300.* -c gen_context(system_u:object_r:v4l_device_t,s0) @@ -22,6 +24,7 @@ /dev/full -c gen_context(system_u:object_r:null_device_t,s0) /dev/fw.* -c gen_context(system_u:object_r:usb_device_t,s0) /dev/hiddev.* -c gen_context(system_u:object_r:usb_device_t,s0) +/dev/hidraw.* -c gen_context(system_u:object_r:usb_device_t,s0) /dev/hpet -c gen_context(system_u:object_r:clock_device_t,s0) /dev/hw_random -c gen_context(system_u:object_r:random_device_t,s0) /dev/hwrng -c gen_context(system_u:object_r:random_device_t,s0) @@ -30,6 +33,7 @@ /dev/js.* -c gen_context(system_u:object_r:mouse_device_t,s0) /dev/kmem -c gen_context(system_u:object_r:memory_device_t,mls_systemhigh) /dev/kmsg -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh) +/dev/lircm -c gen_context(system_u:object_r:mouse_device_t,s0) /dev/logibm -c gen_context(system_u:object_r:mouse_device_t,s0) /dev/lp.* -c gen_context(system_u:object_r:printer_device_t,s0) /dev/mcelog -c gen_context(system_u:object_r:kmsg_device_t,mls_systemhigh) diff --git a/policy/modules/kernel/devices.te b/policy/modules/kernel/devices.te index 1a89be4..97006ae 100644 --- a/policy/modules/kernel/devices.te +++ b/policy/modules/kernel/devices.te @@ -1,5 +1,5 @@ -policy_module(devices,1.6.1) +policy_module(devices,1.6.2) ######################################## # diff --git a/policy/modules/kernel/terminal.fc b/policy/modules/kernel/terminal.fc index 9799153..592a1ac 100644 --- a/policy/modules/kernel/terminal.fc +++ b/policy/modules/kernel/terminal.fc @@ -14,7 +14,8 @@ /dev/isdn.* -c gen_context(system_u:object_r:tty_device_t,s0) /dev/ptmx -c gen_context(system_u:object_r:ptmx_t,s0) /dev/rfcomm[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) -/dev/tty -c gen_context(system_u:object_r:devtty_t,s0) +/dev/slamr[0-9]+ -c gen_context(system_u:object_r:tty_device_t,s0) +/dev/tty -c gen_context(system_u:object_r:devtty_t,s0) /dev/ttySG.* -c gen_context(system_u:object_r:tty_device_t,s0) /dev/xvc[^/]* -c gen_context(system_u:object_r:tty_device_t,s0) diff --git a/policy/modules/kernel/terminal.te b/policy/modules/kernel/terminal.te index 1d87526..7679592 100644 --- a/policy/modules/kernel/terminal.te +++ b/policy/modules/kernel/terminal.te @@ -1,5 +1,5 @@ -policy_module(terminal,1.6.2) +policy_module(terminal,1.6.3) ######################################## # diff --git a/policy/modules/system/authlogin.fc b/policy/modules/system/authlogin.fc index 2cb9e78..1b315f5 100644 --- a/policy/modules/system/authlogin.fc +++ b/policy/modules/system/authlogin.fc @@ -29,6 +29,7 @@ ifdef(`distro_gentoo', ` /var/db/shadow.* -- gen_context(system_u:object_r:shadow_t,s0) /var/lib/abl(/.*)? gen_context(system_u:object_r:var_auth_t,s0) +/var/lib/pam_ssh(/.*)? gen_context(system_u:object_r:var_auth_t,s0) /var/log/btmp.* -- gen_context(system_u:object_r:faillog_t,s0) /var/log/dmesg -- gen_context(system_u:object_r:var_log_t,s0) diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index 1d1c2ed..526c239 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -1,5 +1,5 @@ -policy_module(authlogin,1.8.2) +policy_module(authlogin,1.8.3) ######################################## # diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc index a850b14..bb3b6a1 100644 --- a/policy/modules/system/ipsec.fc +++ b/policy/modules/system/ipsec.fc @@ -32,3 +32,5 @@ /var/racoon(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) /var/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0) + +/var/run/racoon.pid -- gen_context(system_u:object_r:ipsec_var_run_t,s0) diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te index 054783d..c8c4a07 100644 --- a/policy/modules/system/ipsec.te +++ b/policy/modules/system/ipsec.te @@ -1,5 +1,5 @@ -policy_module(ipsec,1.4.5) +policy_module(ipsec,1.4.6) ######################################## # diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc index 9ffd9fc..30f34d8 100644 --- a/policy/modules/system/libraries.fc +++ b/policy/modules/system/libraries.fc @@ -65,11 +65,6 @@ ifdef(`distro_gentoo',` /opt/(.*/)?java/.+\.jar -- gen_context(system_u:object_r:lib_t,s0) /opt/(.*/)?jre.*/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /opt/(.*/)?jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0) -/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/f-secure/fspms/libexec/librapi.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/opt/ibm/java2-ppc64-50/jre/bin/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) ifdef(`distro_gentoo',` # despite the extensions, they are actually libs @@ -87,6 +82,17 @@ ifdef(`distro_gentoo',` /opt/RealPlayer/plugins(/.*)? gen_context(system_u:object_r:lib_t,s0) ') +ifdef(`distro_redhat',` +/opt/Adobe(/.*?)/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/Adobe/Reader8/Reader/intellinux/plug_ins/.*\.api -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/cisco-vpnclient/lib/libvpnapi\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/cxoffice/lib/wine/.+\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/f-secure/fspms/libexec/librapi\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/ibm/java.*/jre/.+\.jar -- gen_context(system_u:object_r:lib_t,s0) +/opt/ibm/java.*/jre/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/opt/netbeans(.*/)?jdk.*/linux/.+\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +') + # # /sbin # @@ -158,6 +164,17 @@ ifdef(`distro_redhat',` # Fedora Core packages: gstreamer-plugins, compat-libstdc++, Glide3, libdv # HelixPlayer, SDL, xorg-x11, xorg-x11-libs, Hermes, valgrind, openoffice.org-libs, httpd - php /usr/lib(64)?/gstreamer-.*/[^/]*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +HOME_DIR/.*/\.gstreamer-.*/plugins/*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + +/usr/lib/firefox-[^/]*/plugins/nppdf.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/libFLAC\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/mozilla/plugins/nppdf\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/maxima/[^/]+/binary-gcl/maxima -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/nx/libXcomp\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/nx/libjpeg\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib/VBoxVMM\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib64/mozilla/plugins/libvlcplugin\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libstdc\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libg\+\+\.so\.2\.7\.2\.8 -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -213,6 +230,7 @@ ifdef(`distro_redhat',` # Livna.org packages: xmms-mp3, ffmpeg, xvidcore, xine-lib, gsm, lame /usr/lib(64)?.*/libmpg123\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/codecs/drv[1-9c]\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libpostproc\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libavformat.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libavcodec.*\.so(\.[^/]*)* -- gen_context(system_u:object_r:textrel_shlib_t,s0) @@ -236,7 +254,9 @@ HOME_DIR/.*/plugins/nprhapengine\.so.* -- gen_context(system_u:object_r:textrel_ /usr/lib(64)?/libdivxdecore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) /usr/lib(64)?/libdivxencore\.so\.0 -- gen_context(system_u:object_r:textrel_shlib_t,s0) -/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) +/usr/lib(64)?/libdvdcss\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) + +/usr/lib(64)?/python2.4/site-packages/M2Crypto/__m2crypto\.so -- gen_context(system_u:object_r:textrel_shlib_t,s0) # vmware /usr/lib(64)?/vmware/lib(/.*)?/libgdk-x11-.*\.so.* -- gen_context(system_u:object_r:textrel_shlib_t,s0) diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te index 34a88de..795874b 100644 --- a/policy/modules/system/libraries.te +++ b/policy/modules/system/libraries.te @@ -1,5 +1,5 @@ -policy_module(libraries,1.7.2) +policy_module(libraries,1.7.3) ######################################## # diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc index f931d69..b797ef7 100644 --- a/policy/modules/system/logging.fc +++ b/policy/modules/system/logging.fc @@ -29,6 +29,11 @@ ifdef(`distro_suse', ` /var/log -d gen_context(system_u:object_r:var_log_t,s0-mls_systemhigh) /var/log/.* gen_context(system_u:object_r:var_log_t,s0) +/var/log/messages[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) +/var/log/secure[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) +/var/log/cron[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) +/var/log/maillog[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) +/var/log/spooler[^/]* gen_context(system_u:object_r:var_log_t,mls_systemhigh) /var/log/audit(/.*)? gen_context(system_u:object_r:auditd_log_t,mls_systemhigh) /var/log/syslog-ng(/.*)? -- gen_context(system_u:object_r:syslogd_var_run_t,s0) @@ -36,6 +41,10 @@ ifndef(`distro_gentoo',` /var/log/audit\.log -- gen_context(system_u:object_r:auditd_log_t,mls_systemhigh) ') +ifdef(`distro_redhat',` +/var/named/chroot/var/log -d gen_context(system_u:object_r:var_log_t,s0) +') + /var/run/audit_events -s gen_context(system_u:object_r:auditd_var_run_t,s0) /var/run/audispd_events -s gen_context(system_u:object_r:auditd_var_run_t,s0) /var/run/auditd\.pid -- gen_context(system_u:object_r:auditd_var_run_t,s0) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index d97a0f9..8f7bc86 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -1,5 +1,5 @@ -policy_module(logging,1.8.2) +policy_module(logging,1.8.3) ######################################## # diff --git a/policy/modules/system/lvm.fc b/policy/modules/system/lvm.fc index 57da9cd..0048738 100644 --- a/policy/modules/system/lvm.fc +++ b/policy/modules/system/lvm.fc @@ -15,6 +15,7 @@ ifdef(`distro_gentoo',` # /etc/lvm(/.*)? gen_context(system_u:object_r:lvm_etc_t,s0) /etc/lvm/\.cache -- gen_context(system_u:object_r:lvm_metadata_t,s0) +/etc/lvm/cache(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) /etc/lvm/archive(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) /etc/lvm/backup(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0) /etc/lvm/lock(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index 2518e0d..6a16131 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -1,5 +1,5 @@ -policy_module(lvm,1.7.3) +policy_module(lvm,1.7.4) ######################################## # diff --git a/policy/modules/system/sysnetwork.fc b/policy/modules/system/sysnetwork.fc index eb2e4df..5a4f576 100644 --- a/policy/modules/system/sysnetwork.fc +++ b/policy/modules/system/sysnetwork.fc @@ -52,8 +52,7 @@ ifdef(`distro_redhat',` /var/lib/dhcpcd(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0) /var/lib/dhclient(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0) -/var/run/dhclient.*\.pid -- gen_context(system_u:object_r:dhcpc_var_run_t,s0) -/var/run/dhclient.*\.leases -- gen_context(system_u:object_r:dhcpc_var_run_t,s0) +/var/run/dhclient.* -- gen_context(system_u:object_r:dhcpc_var_run_t,s0) ifdef(`distro_gentoo',` /var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index f62664c..056ff4f 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -1,5 +1,5 @@ -policy_module(sysnetwork,1.4.1) +policy_module(sysnetwork,1.4.2) ######################################## #