diff options
| author | Nicolas Iooss | 2015-12-20 18:54:49 +0100 |
|---|---|---|
| committer | Nicolas Iooss | 2015-12-20 18:54:49 +0100 |
| commit | 7d5a14d4cdf927345934eb87835a738898426936 (patch) | |
| tree | acd23a1e2705c66d61030898a5c997e68bd6b25e | |
| download | aur-7d5a14d4cdf927345934eb87835a738898426936.tar.gz | |
Commit selinux-refpolicy-arch 20110726.1-3
| -rw-r--r-- | .SRCINFO | 28 | ||||
| -rw-r--r-- | PKGBUILD | 75 | ||||
| -rw-r--r-- | config | 13 | ||||
| -rw-r--r-- | selinux-refpolicy-arch.install | 23 | ||||
| -rw-r--r-- | selinux-refpolicy-arch.patch | 1562 |
5 files changed, 1701 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..d123542bbca0 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,28 @@ +pkgbase = selinux-refpolicy-arch + pkgdesc = Modular SELinux reference policy including headers and docs with Arch Linux patch + pkgver = 20110726.1 + pkgrel = 3 + url = http://oss.tresys.com/projects/refpolicy + install = selinux-refpolicy-arch.install + arch = any + groups = selinux + groups = selinux-policies + license = GPL + makedepends = selinux-usr-checkpolicy>=2.0.16 + makedepends = selinux-usr-policycoreutils>=2.0.0 + makedepends = selinux-usr-libsepol>=2.0.29 + makedepends = selinux-usr-libsemanage>=2.0.29 + makedepends = pyxml + depends = linux-selinux + conflicts = selinux-refpolicy + options = !makeflags + backup = etc/selinux/config + source = http://oss.tresys.com/files/refpolicy/refpolicy-2.20110726.tar.bz2 + source = config + source = selinux-refpolicy-arch.patch + sha256sums = 8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb + sha256sums = 4803739c58a47b0226899e41239df714ee72e86267c9929d4776b819de370cb4 + sha256sums = b03d8afcc71f0d67ba3c8688003f353c27d00bf8a87ef925e23c54fafe2d4880 + +pkgname = selinux-refpolicy-arch + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..ff7d7e0c4e36 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,75 @@ +# Maintainer: Nicky726 (Nicky726 <at> gmail <dot> com) +# Contributor: Simon Peter Nicholls (simon <at> mintsource <dot> org) + +pkgname=selinux-refpolicy-arch +_origname=refpolicy +_policyname=refpolicy-arch +_origver=20110726 +_patchver=1 +pkgver=${_origver}.${_patchver} +pkgrel=3 +pkgdesc="Modular SELinux reference policy including headers and docs with Arch Linux patch" +arch=('any') +url="http://oss.tresys.com/projects/refpolicy" +license=('GPL') +groups=('selinux' 'selinux-policies') +depends=('linux-selinux') +makedepends=('selinux-usr-checkpolicy>=2.0.16' 'selinux-usr-policycoreutils>=2.0.0' + 'selinux-usr-libsepol>=2.0.29' 'selinux-usr-libsemanage>=2.0.29' + 'pyxml') +conflicts=('selinux-refpolicy') +backup=(etc/selinux/config) +options=(!makeflags) +install=${pkgname}.install +source=(http://oss.tresys.com/files/${_origname}/${_origname}-2.${_origver}.tar.bz2 + config + ${pkgname}.patch) +sha256sums=('8159b7535aa0f805510e4e3504b1317d7083b227f0ef3df51c6f002ed70ecedb' + '4803739c58a47b0226899e41239df714ee72e86267c9929d4776b819de370cb4' + 'b03d8afcc71f0d67ba3c8688003f353c27d00bf8a87ef925e23c54fafe2d4880') + +build() { + cd "${srcdir}/${_origname}" + # Add Arch Linux patch + patch -Np1 -i "${srcdir}/${pkgname}.patch" + # Policy build settings + sed -i -e "s/MONOLITHIC = y/MONOLITHIC = n/" build.conf + sed -i -e "s/#UNK_PERMS = deny/UNK_PERMS = allow/" build.conf + sed -i -e "s/DIRECT_INITRC = n/DIRECT_INITRC = y/" build.conf + sed -i -e "s/UBAC = y/UBAC = n/" build.conf + sed -i -e "s/NAME = refpolicy/NAME = refpolicy-arch/" build.conf + sed -i -e "s/#DISTRO = redhat/DISTRO = arch/" build.conf + # Fix for python2 + sed -i -e "s/python/python2/" Makefile + make bare + make conf + make +} + +package(){ + cd "${srcdir}/${_origname}" + make DESTDIR="${pkgdir}" install + make DESTDIR="${pkgdir}" install-headers + make DESTDIR="${pkgdir}" install-docs + + # Create some files and directories necesary for loading policy, + # which is done via install script. + install -d -m0755 "${pkgdir}/etc/selinux/${_policyname}/modules" + install -d -m0700 "${pkgdir}/etc/selinux/${_policyname}/modules/active" + install -d -m0700 "${pkgdir}/etc/selinux/${_policyname}/modules/active/modules" + install -d -m0755 "${pkgdir}/etc/selinux/${_policyname}/policy" + touch "${pkgdir}/etc/selinux/${_policyname}/modules/"{semanage.read.LOCK,semanage.trans.LOCK} + touch "${pkgdir}/etc/selinux/${_policyname}/policy/policy.26" + # Link the policy file for selinux-sysvinit to find it + cd "${pkgdir}/etc" + ln -s "selinux/${_policyname}/policy/policy.26" "policy.bin" + + # Install main SELinux config file defaulting to refpolicy + install -m644 -D "${srcdir}/config" "${pkgdir}/etc/selinux/config" + + # Some changes due to python2 + sed -i -e "s/python/python2/" \ + "${pkgdir}/usr/share/selinux/${_policyname}/include/support/segenxml.py" + sed -i -e "s/python/python2/" \ + "${pkgdir}/usr/share/selinux/${_policyname}/include/Makefile" +} diff --git a/config b/config new file mode 100644 index 000000000000..7029dab63b3d --- /dev/null +++ b/config @@ -0,0 +1,13 @@ +# This file controls the state of SELinux on the system. +# SELINUX= can take one of these three values: +# enforcing - SELinux security policy is enforced. +# permissive - SELinux prints warnings +# instead of enforcing. +# disabled - No SELinux policy is loaded. +SELINUX=permissive +# SELINUXTYPE= takes the name of SELinux policy to +# be used. Current options are: +# refpolicy (vanilla reference policy) +# refpolicy-arch (reference policy with +# Arch Linux patch) +SELINUXTYPE=refpolicy-arch diff --git a/selinux-refpolicy-arch.install b/selinux-refpolicy-arch.install new file mode 100644 index 000000000000..3f2d80012937 --- /dev/null +++ b/selinux-refpolicy-arch.install @@ -0,0 +1,23 @@ +## arg 1: the new package version +## arg 2: the old package version + +post_install() { + cd /usr/share/selinux/refpolicy-arch/ + echo ">>> Loading refpolicy-arch. Please wait ..." + /bin/ls *.pp | /bin/grep -Ev "base.pp|enableaudit.pp" | /usr/bin/xargs /usr/sbin/semodule -s refpolicy-arch -b base.pp -i + echo ">>> Relabeling filesystems. This may take some time. Please wait ..." + /sbin/restorecon -r / +} + +post_upgrade() { + cd /usr/share/selinux/refpolicy-arch/ + echo ">>> Reloading refpolicy-arch. Please wait ..." + /bin/ls *.pp | /bin/grep -Ev "base.pp|enableaudit.pp" | /usr/bin/xargs /usr/sbin/semodule -s refpolicy-arch -b base.pp -i + echo ">>> Relabeling filesystems. This may take some time. Please wait ..." + /sbin/restorecon -r / +} + +post_remove() { + echo ">>> Removing refpolicy left-over files. Please wait ..." + /bin/rm -rf /etc/selinux/refpolicy-arch +} diff --git a/selinux-refpolicy-arch.patch b/selinux-refpolicy-arch.patch new file mode 100644 index 000000000000..8fb30a0fe3cd --- /dev/null +++ b/selinux-refpolicy-arch.patch @@ -0,0 +1,1562 @@ +From 036f783ea7b68ae2d0cc04ed33963ffbae9bcdeb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Tue, 8 Feb 2011 19:47:07 +0100 +Subject: [PATCH 01/10] Added support for DISTRO = arch option. + +--- + README | 6 +++--- + build.conf | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/README b/README +index 184c6ef..b6fe1d0 100644 +--- a/README ++++ b/README +@@ -96,9 +96,9 @@ NAME String (optional). Sets the name of the policy; the + + DISTRO String (optional). Enable distribution-specific policy. + Available options are redhat, rhel4, gentoo, debian, +- and suse. This option controls distro_redhat, +- distro_rhel4, distro_gentoo, distro_debian, and +- distro_suse policy blocks. ++ arch and suse. This option controls distro_redhat, ++ distro_rhel4, distro_gentoo, distro_debian, distro_arch ++ and distro_suse policy blocks. + + MONOLITHIC Boolean. If set, a monolithic policy is built, + otherwise a modular policy is built. +diff --git a/build.conf b/build.conf +index 5a521c4..bd8b3f7 100644 +--- a/build.conf ++++ b/build.conf +@@ -25,7 +25,7 @@ NAME = refpolicy + # for programs or configurations specific to the + # distribution. Setting this will enable options + # for the distribution. +-# redhat, gentoo, debian, suse, and rhel4 are current options. ++# redhat, gentoo, debian, suse, arch and rhel4 are current options. + # Fedora users should enable redhat. + #DISTRO = redhat + +-- +1.7.6.1 + +From 0541992983e69ce5760978836f5551e89303e2cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Tue, 8 Feb 2011 20:10:14 +0100 +Subject: [PATCH 02/10] Fixed path issues with /etc/rc.d/ for modules in + admin. + +--- + policy/modules/admin/kdump.fc | 3 +++ + policy/modules/admin/shorewall.fc | 6 ++++++ + 2 files changed, 9 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/admin/kdump.fc b/policy/modules/admin/kdump.fc +index c66934f..1f05c7c 100644 +--- a/policy/modules/admin/kdump.fc ++++ b/policy/modules/admin/kdump.fc +@@ -1,5 +1,8 @@ + /etc/kdump\.conf -- gen_context(system_u:object_r:kdump_etc_t,s0) + /etc/rc\.d/init\.d/kdump -- gen_context(system_u:object_r:kdump_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/kdump -- gen_context(system_u:object_r:kdump_initrc_exec_t,s0) ++') + + /sbin/kdump -- gen_context(system_u:object_r:kdump_exec_t,s0) + /sbin/kexec -- gen_context(system_u:object_r:kdump_exec_t,s0) +diff --git a/policy/modules/admin/shorewall.fc b/policy/modules/admin/shorewall.fc +index 48d1363..e6baddb 100644 +--- a/policy/modules/admin/shorewall.fc ++++ b/policy/modules/admin/shorewall.fc +@@ -1,5 +1,11 @@ + /etc/rc\.d/init\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) + /etc/rc\.d/init\.d/shorewall-lite -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/shorewall -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) ++') ++ifdef(`distro_arch',` ++/etc/rc\.d/shorewall-lite -- gen_context(system_u:object_r:shorewall_initrc_exec_t,s0) ++') + + /etc/shorewall(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0) + /etc/shorewall-lite(/.*)? gen_context(system_u:object_r:shorewall_etc_t,s0) +-- +1.7.6.1 + +From 2214c4205f84cdeed3410d6534fb9e0ff2c2a5f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Tue, 8 Feb 2011 20:17:15 +0100 +Subject: [PATCH 03/10] Fixed path issues with /etc/rc.d/ for corecommands. + +--- + policy/modules/kernel/corecommands.fc | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc +index 3fae11a..4711e68 100644 +--- a/policy/modules/kernel/corecommands.fc ++++ b/policy/modules/kernel/corecommands.fc +@@ -96,6 +96,9 @@ ifdef(`distro_redhat',` + /etc/racoon/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0) + + /etc/rc\.d/init\.d/functions -- gen_context(system_u:object_r:bin_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/functions -- gen_context(system_u:object_r:bin_t,s0) ++') + + /etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0) + +-- +1.7.6.1 + +From bbfd717cb9c0f9c8a8a871e9a067e9fb4b200a33 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Tue, 8 Feb 2011 20:25:19 +0100 +Subject: [PATCH 04/10] Fixed path issues with /etc/rc.d/ for modules in + system. + +--- + policy/modules/system/init.fc | 4 ++++ + policy/modules/system/ipsec.fc | 6 ++++++ + policy/modules/system/iptables.fc | 5 +++++ + policy/modules/system/logging.fc | 6 ++++++ + policy/modules/system/setrans.fc | 3 +++ + 5 files changed, 24 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/system/init.fc b/policy/modules/system/init.fc +index 354ce93..a9d73be 100644 +--- a/policy/modules/system/init.fc ++++ b/policy/modules/system/init.fc +@@ -7,6 +7,10 @@ + /etc/rc\.d/rc\.[^/]+ -- gen_context(system_u:object_r:initrc_exec_t,s0) + + /etc/rc\.d/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0) ++') ++ + /etc/sysconfig/network-scripts/ifup-ipsec -- gen_context(system_u:object_r:initrc_exec_t,s0) + + /etc/X11/prefdm -- gen_context(system_u:object_r:initrc_exec_t,s0) +diff --git a/policy/modules/system/ipsec.fc b/policy/modules/system/ipsec.fc +index fb09b9e..4bd1568 100644 +--- a/policy/modules/system/ipsec.fc ++++ b/policy/modules/system/ipsec.fc +@@ -1,5 +1,11 @@ + /etc/rc\.d/init\.d/ipsec -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) + /etc/rc\.d/init\.d/racoon -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/ipsec -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) ++') ++ifdef(`distro_arch',` ++/etc/rc\.d/racoon -- gen_context(system_u:object_r:ipsec_initrc_exec_t,s0) ++') + + /etc/ipsec\.secrets -- gen_context(system_u:object_r:ipsec_key_file_t,s0) + /etc/ipsec\.conf -- gen_context(system_u:object_r:ipsec_conf_file_t,s0) +diff --git a/policy/modules/system/iptables.fc b/policy/modules/system/iptables.fc +index 05fb364..42da421 100644 +--- a/policy/modules/system/iptables.fc ++++ b/policy/modules/system/iptables.fc +@@ -1,5 +1,10 @@ + /etc/rc\.d/init\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) + /etc/rc\.d/init\.d/ebtables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/ip6?tables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) ++/etc/rc\.d/ebtables -- gen_context(system_u:object_r:iptables_initrc_exec_t,s0) ++') ++ + /etc/sysconfig/ip6?tables.* -- gen_context(system_u:object_r:iptables_conf_t,s0) + /etc/sysconfig/system-config-firewall.* -- gen_context(system_u:object_r:iptables_conf_t,s0) + +diff --git a/policy/modules/system/logging.fc b/policy/modules/system/logging.fc +index 02f4c97..911e2eb 100644 +--- a/policy/modules/system/logging.fc ++++ b/policy/modules/system/logging.fc +@@ -5,6 +5,12 @@ + /etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh) + /etc/rc\.d/init\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0) + /etc/rc\.d/init\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/auditd -- gen_context(system_u:object_r:auditd_initrc_exec_t,s0) ++') ++ifdef(`distro_arch',` ++/etc/rc\.d/rsyslog -- gen_context(system_u:object_r:syslogd_initrc_exec_t,s0) ++') + + /sbin/audispd -- gen_context(system_u:object_r:audisp_exec_t,s0) + /sbin/audisp-remote -- gen_context(system_u:object_r:audisp_remote_exec_t,s0) +diff --git a/policy/modules/system/setrans.fc b/policy/modules/system/setrans.fc +index bea4629..3ec629f 100644 +--- a/policy/modules/system/setrans.fc ++++ b/policy/modules/system/setrans.fc +@@ -1,4 +1,7 @@ + /etc/rc\.d/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/mcstrans -- gen_context(system_u:object_r:setrans_initrc_exec_t,s0) ++') + + /sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0) + +-- +1.7.6.1 + +From ffa3c0e59ada8db068a4bc8ee7db7a79d47c309b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Thu, 17 Feb 2011 21:23:33 +0100 +Subject: [PATCH 05/10] Fixed path issues with /etc/rc.d/ for abrt, afs, + aisexec, apache, apcupsd, arpwatch, asterisk, + automount and avahi modules. + +--- + policy/modules/services/abrt.fc | 3 +++ + policy/modules/services/afs.fc | 4 ++++ + policy/modules/services/aisexec.fc | 3 +++ + policy/modules/services/apache.fc | 4 ++++ + policy/modules/services/apcupsd.fc | 3 +++ + policy/modules/services/arpwatch.fc | 3 +++ + policy/modules/services/asterisk.fc | 3 +++ + policy/modules/services/automount.fc | 3 +++ + policy/modules/services/avahi.fc | 3 +++ + 9 files changed, 29 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/services/abrt.fc b/policy/modules/services/abrt.fc +index 1bd5812..ccb215f 100644 +--- a/policy/modules/services/abrt.fc ++++ b/policy/modules/services/abrt.fc +@@ -1,5 +1,8 @@ + /etc/abrt(/.*)? gen_context(system_u:object_r:abrt_etc_t,s0) + /etc/rc\.d/init\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/abrt -- gen_context(system_u:object_r:abrt_initrc_exec_t,s0) ++') + + /usr/bin/abrt-pyhook-helper -- gen_context(system_u:object_r:abrt_helper_exec_t,s0) + +diff --git a/policy/modules/services/afs.fc b/policy/modules/services/afs.fc +index eaea138..5391564 100644 +--- a/policy/modules/services/afs.fc ++++ b/policy/modules/services/afs.fc +@@ -1,5 +1,9 @@ + /etc/rc\.d/init\.d/openafs-client -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) + /etc/rc\.d/init\.d/afs -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/openafs-client -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) ++/etc/rc\.d/afs -- gen_context(system_u:object_r:afs_initrc_exec_t,s0) ++') + + /usr/afs/bin/bosserver -- gen_context(system_u:object_r:afs_bosserver_exec_t,s0) + /usr/afs/bin/fileserver -- gen_context(system_u:object_r:afs_fsserver_exec_t,s0) +diff --git a/policy/modules/services/aisexec.fc b/policy/modules/services/aisexec.fc +index 7b4f4b9..249768c 100644 +--- a/policy/modules/services/aisexec.fc ++++ b/policy/modules/services/aisexec.fc +@@ -1,4 +1,7 @@ + /etc/rc\.d/init\.d/openais -- gen_context(system_u:object_r:aisexec_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/openais -- gen_context(system_u:object_r:aisexec_initrc_exec_t,s0) ++') + + /usr/sbin/aisexec -- gen_context(system_u:object_r:aisexec_exec_t,s0) + +diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc +index 9e39aa5..59bb2b2 100644 +--- a/policy/modules/services/apache.fc ++++ b/policy/modules/services/apache.fc +@@ -12,6 +12,10 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u + /etc/mock/koji(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) + /etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) + /etc/rc\.d/init\.d/lighttpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/httpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) ++/etc/rc\.d/lighttpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) ++') + + /etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0) + /etc/zabbix/web(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +diff --git a/policy/modules/services/apcupsd.fc b/policy/modules/services/apcupsd.fc +index cd07b96..fdafa48 100644 +--- a/policy/modules/services/apcupsd.fc ++++ b/policy/modules/services/apcupsd.fc +@@ -1,4 +1,7 @@ + /etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_initrc_exec_t,s0) ++') + + /sbin/apcupsd -- gen_context(system_u:object_r:apcupsd_exec_t,s0) + +diff --git a/policy/modules/services/arpwatch.fc b/policy/modules/services/arpwatch.fc +index a86a6c7..7b9a061 100644 +--- a/policy/modules/services/arpwatch.fc ++++ b/policy/modules/services/arpwatch.fc +@@ -1,4 +1,7 @@ + /etc/rc\.d/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_initrc_exec_t,s0) ++') + + # + # /usr +diff --git a/policy/modules/services/asterisk.fc b/policy/modules/services/asterisk.fc +index b4889d4..35de9e4 100644 +--- a/policy/modules/services/asterisk.fc ++++ b/policy/modules/services/asterisk.fc +@@ -1,5 +1,8 @@ + /etc/asterisk(/.*)? gen_context(system_u:object_r:asterisk_etc_t,s0) + /etc/rc\.d/init\.d/asterisk -- gen_context(system_u:object_r:asterisk_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/asterisk -- gen_context(system_u:object_r:asterisk_initrc_exec_t,s0) ++') + + /usr/sbin/asterisk -- gen_context(system_u:object_r:asterisk_exec_t,s0) + +diff --git a/policy/modules/services/automount.fc b/policy/modules/services/automount.fc +index f16ab68..7bd17aa 100644 +--- a/policy/modules/services/automount.fc ++++ b/policy/modules/services/automount.fc +@@ -3,6 +3,9 @@ + # + /etc/apm/event\.d/autofs -- gen_context(system_u:object_r:automount_exec_t,s0) + /etc/rc\.d/init\.d/autofs -- gen_context(system_u:object_r:automount_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/autofs -- gen_context(system_u:object_r:automount_initrc_exec_t,s0) ++') + + # + # /usr +diff --git a/policy/modules/services/avahi.fc b/policy/modules/services/avahi.fc +index 7e36549..c78c34f 100644 +--- a/policy/modules/services/avahi.fc ++++ b/policy/modules/services/avahi.fc +@@ -1,4 +1,7 @@ + /etc/rc\.d/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0) ++ifdef(`distro_arch',` ++/etc/rc\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0) ++') + + /usr/sbin/avahi-daemon -- gen_context(system_u:object_r:avahi_exec_t,s0) + /usr/sbin/avahi-dnsconfd -- gen_context(system_u:object_r:avahi_exec_t,s0) +-- +1.7.6.1 + +From 8fd8dba0e5cf1b015da2bb4b2e1863d03ec48dcf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Thu, 17 Feb 2011 21:43:16 +0100 +Subject: [PATCH 06/10] Fixed path issues with /etc/rc.d/ for bind, bitlbee, + bluetooth, canna, certmaster, certmonger, cgroup, + chronyd, clamav, cobbler, corosync, cron, cups and + cyrus modules. + +--- + policy/modules/services/bind.fc | 5 +++++ + policy/modules/services/bitlbee.fc | 4 ++++ + policy/modules/services/bluetooth.fc | 6 ++++++ + policy/modules/services/canna.fc | 4 ++++ + policy/modules/services/certmaster.fc | 4 ++++ + policy/modules/services/certmonger.fc | 4 ++++ + policy/modules/services/cgroup.fc | 5 +++++ + policy/modules/services/chronyd.fc | 4 ++++ + policy/modules/services/clamav.fc | 4 ++++ + policy/modules/services/cobbler.fc | 4 ++++ + policy/modules/services/corosync.fc | 4 ++++ + policy/modules/services/cron.fc | 4 ++++ + policy/modules/services/cups.fc | 4 ++++ + policy/modules/services/cyrus.fc | 4 ++++ + 14 files changed, 60 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/services/bind.fc b/policy/modules/services/bind.fc +index 59aa54f..713a8bc 100644 +--- a/policy/modules/services/bind.fc ++++ b/policy/modules/services/bind.fc +@@ -18,6 +18,11 @@ + /var/run/named(/.*)? gen_context(system_u:object_r:named_var_run_t,s0) + /var/run/unbound(/.*)? gen_context(system_u:object_r:named_var_run_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/named -- gen_context(system_u:object_r:named_initrc_exec_t,s0) ++/etc/rc\.d/unbound -- gen_context(system_u:object_r:named_initrc_exec_t,s0) ++') ++ + ifdef(`distro_debian',` + /etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0) + /etc/bind/named\.conf -- gen_context(system_u:object_r:named_conf_t,s0) +diff --git a/policy/modules/services/bitlbee.fc b/policy/modules/services/bitlbee.fc +index 0197980..32d0b50 100644 +--- a/policy/modules/services/bitlbee.fc ++++ b/policy/modules/services/bitlbee.fc +@@ -4,3 +4,7 @@ + /usr/sbin/bitlbee -- gen_context(system_u:object_r:bitlbee_exec_t,s0) + + /var/lib/bitlbee(/.*)? gen_context(system_u:object_r:bitlbee_var_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/bitlbee -- gen_context(system_u:object_r:bitlbee_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/bluetooth.fc b/policy/modules/services/bluetooth.fc +index dc687e6..86e57b3 100644 +--- a/policy/modules/services/bluetooth.fc ++++ b/policy/modules/services/bluetooth.fc +@@ -28,3 +28,9 @@ + + /var/run/bluetoothd_address gen_context(system_u:object_r:bluetooth_var_run_t,s0) + /var/run/sdp -s gen_context(system_u:object_r:bluetooth_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/bluetooth -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) ++/etc/rc\.d/dund -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) ++/etc/rc\.d/pand -- gen_context(system_u:object_r:bluetooth_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/canna.fc b/policy/modules/services/canna.fc +index 5432d0e..be0cf1b 100644 +--- a/policy/modules/services/canna.fc ++++ b/policy/modules/services/canna.fc +@@ -21,3 +21,7 @@ + /var/run/\.iroha_unix -d gen_context(system_u:object_r:canna_var_run_t,s0) + /var/run/\.iroha_unix/.* -s gen_context(system_u:object_r:canna_var_run_t,s0) + /var/run/wnn-unix(/.*) gen_context(system_u:object_r:canna_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/canna -- gen_context(system_u:object_r:canna_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/certmaster.fc b/policy/modules/services/certmaster.fc +index 79295d6..b8a0e6d 100644 +--- a/policy/modules/services/certmaster.fc ++++ b/policy/modules/services/certmaster.fc +@@ -6,3 +6,7 @@ + /var/lib/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_lib_t,s0) + /var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0) + /var/run/certmaster.* gen_context(system_u:object_r:certmaster_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/certmaster -- gen_context(system_u:object_r:certmaster_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/certmonger.fc b/policy/modules/services/certmonger.fc +index 5ad1a52..a81b8e0 100644 +--- a/policy/modules/services/certmonger.fc ++++ b/policy/modules/services/certmonger.fc +@@ -4,3 +4,7 @@ + + /var/lib/certmonger(/.*)? gen_context(system_u:object_r:certmonger_var_lib_t,s0) + /var/run/certmonger.pid -- gen_context(system_u:object_r:certmonger_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/certmonger -- gen_context(system_u:object_r:certmonger_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/cgroup.fc b/policy/modules/services/cgroup.fc +index b6bb46c..84f9c16 100644 +--- a/policy/modules/services/cgroup.fc ++++ b/policy/modules/services/cgroup.fc +@@ -13,3 +13,8 @@ + + /var/log/cgrulesengd\.log -- gen_context(system_u:object_r:cgred_log_t,s0) + /var/run/cgred.* gen_context(system_u:object_r:cgred_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/cgconfig -- gen_context(system_u:object_r:cgconfig_initrc_exec_t,s0) ++/etc/rc\.d/cgred -- gen_context(system_u:object_r:cgred_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/chronyd.fc b/policy/modules/services/chronyd.fc +index fd8cd0b..16e0e3d 100644 +--- a/policy/modules/services/chronyd.fc ++++ b/policy/modules/services/chronyd.fc +@@ -7,3 +7,7 @@ + /var/lib/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_lib_t,s0) + /var/log/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_log_t,s0) + /var/run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/chronyd -- gen_context(system_u:object_r:chronyd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/clamav.fc b/policy/modules/services/clamav.fc +index e8e9a21..bcf36a2 100644 +--- a/policy/modules/services/clamav.fc ++++ b/policy/modules/services/clamav.fc +@@ -18,3 +18,7 @@ + /var/run/clamd.* gen_context(system_u:object_r:clamd_var_run_t,s0) + /var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0) + /var/spool/MailScanner(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/cobbler.fc b/policy/modules/services/cobbler.fc +index 1cf6c4e..6711565 100644 +--- a/policy/modules/services/cobbler.fc ++++ b/policy/modules/services/cobbler.fc +@@ -5,3 +5,7 @@ + + /var/lib/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_lib_t, s0) + /var/log/cobbler(/.*)? gen_context(system_u:object_r:cobbler_var_log_t, s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/cobblerd -- gen_context(system_u:object_r:cobblerd_initrc_exec_t, s0) ++') +diff --git a/policy/modules/services/corosync.fc b/policy/modules/services/corosync.fc +index 3a6d7eb..6a68e09 100644 +--- a/policy/modules/services/corosync.fc ++++ b/policy/modules/services/corosync.fc +@@ -10,3 +10,7 @@ + + /var/run/cman_.* -s gen_context(system_u:object_r:corosync_var_run_t,s0) + /var/run/corosync\.pid -- gen_context(system_u:object_r:corosync_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/corosync -- gen_context(system_u:object_r:corosync_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/cron.fc b/policy/modules/services/cron.fc +index 2eefc08..1fbff11 100644 +--- a/policy/modules/services/cron.fc ++++ b/policy/modules/services/cron.fc +@@ -25,6 +25,10 @@ + #/var/spool/cron/root -- gen_context(system_u:object_r:sysadm_cron_spool_t,s0) + /var/spool/cron/[^/]* -- <<none>> + ++ifdef(`distro_arch',` ++/etc/rc\.d/crond -- gen_context(system_u:object_r:crond_initrc_exec_t,s0) ++') ++ + ifdef(`distro_gentoo',` + /var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) + /var/spool/cron/lastrun/[^/]* -- <<none>> +diff --git a/policy/modules/services/cups.fc b/policy/modules/services/cups.fc +index 1b492ed..a2d6944 100644 +--- a/policy/modules/services/cups.fc ++++ b/policy/modules/services/cups.fc +@@ -71,3 +71,7 @@ + /var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0) + /var/run/udev-configure-printer(/.*)? gen_context(system_u:object_r:cupsd_config_var_run_t,s0) + /var/turboprint(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/cups -- gen_context(system_u:object_r:cupsd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/cyrus.fc b/policy/modules/services/cyrus.fc +index 25546bc..fd2489c 100644 +--- a/policy/modules/services/cyrus.fc ++++ b/policy/modules/services/cyrus.fc +@@ -5,3 +5,7 @@ + + /var/imap(/.*)? gen_context(system_u:object_r:cyrus_var_lib_t,s0) + /var/lib/imap(/.*)? gen_context(system_u:object_r:cyrus_var_lib_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/cyrus -- gen_context(system_u:object_r:cyrus_initrc_exec_t,s0) ++') +-- +1.7.6.1 + +From db3897908ad6dcb7878db4d8bf7fa8c6848f18cf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Fri, 18 Feb 2011 12:29:17 +0100 +Subject: [PATCH 07/10] Fixed path issues with /etc/rc.d/ for ddclient, + denyhosts, dhcp, dictd, dnsmasq, dovecot, fail2ban, + ftp, gpsd, hadoop, hddtemp, icecast, ifplugd, inn, + jabber, kerberos, kerneloops and ksmtuned modules. + +--- + policy/modules/services/ddclient.fc | 4 ++++ + policy/modules/services/denyhosts.fc | 4 ++++ + policy/modules/services/dhcp.fc | 4 ++++ + policy/modules/services/dictd.fc | 4 ++++ + policy/modules/services/dnsmasq.fc | 4 ++++ + policy/modules/services/dovecot.fc | 4 ++++ + policy/modules/services/fail2ban.fc | 4 ++++ + policy/modules/services/ftp.fc | 5 +++++ + policy/modules/services/gpsd.fc | 4 ++++ + policy/modules/services/hadoop.fc | 9 +++++++++ + policy/modules/services/hddtemp.fc | 4 ++++ + policy/modules/services/icecast.fc | 4 ++++ + policy/modules/services/ifplugd.fc | 4 ++++ + policy/modules/services/inn.fc | 4 ++++ + policy/modules/services/jabber.fc | 4 ++++ + policy/modules/services/kerberos.fc | 7 +++++++ + policy/modules/services/kerneloops.fc | 4 ++++ + policy/modules/services/ksmtuned.fc | 4 ++++ + 18 files changed, 81 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/services/ddclient.fc b/policy/modules/services/ddclient.fc +index 083c135..bf68ff4 100644 +--- a/policy/modules/services/ddclient.fc ++++ b/policy/modules/services/ddclient.fc +@@ -10,3 +10,7 @@ + /var/log/ddtcd\.log.* -- gen_context(system_u:object_r:ddclient_log_t,s0) + /var/run/ddclient\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0) + /var/run/ddtcd\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/ddclient -- gen_context(system_u:object_r:ddclient_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/denyhosts.fc b/policy/modules/services/denyhosts.fc +index 257fef6..b926ca8 100644 +--- a/policy/modules/services/denyhosts.fc ++++ b/policy/modules/services/denyhosts.fc +@@ -5,3 +5,7 @@ + /var/lib/denyhosts(/.*)? gen_context(system_u:object_r:denyhosts_var_lib_t,s0) + /var/lock/subsys/denyhosts -- gen_context(system_u:object_r:denyhosts_var_lock_t,s0) + /var/log/denyhosts(/.*)? gen_context(system_u:object_r:denyhosts_var_log_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/denyhosts -- gen_context(system_u:object_r:denyhosts_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/dhcp.fc b/policy/modules/services/dhcp.fc +index 767e0c7..8fc802f 100644 +--- a/policy/modules/services/dhcp.fc ++++ b/policy/modules/services/dhcp.fc +@@ -6,3 +6,7 @@ + /var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0) + + /var/run/dhcpd\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/dhcpd -- gen_context(system_u:object_r:dhcpd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/dictd.fc b/policy/modules/services/dictd.fc +index 54f88c8..d77660f 100644 +--- a/policy/modules/services/dictd.fc ++++ b/policy/modules/services/dictd.fc +@@ -7,3 +7,7 @@ + /var/lib/dictd(/.*)? gen_context(system_u:object_r:dictd_var_lib_t,s0) + + /var/run/dictd\.pid -- gen_context(system_u:object_r:dictd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/dictd -- gen_context(system_u:object_r:dictd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/dnsmasq.fc b/policy/modules/services/dnsmasq.fc +index b886676..ea66a92 100644 +--- a/policy/modules/services/dnsmasq.fc ++++ b/policy/modules/services/dnsmasq.fc +@@ -10,3 +10,7 @@ + + /var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0) + /var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/dovecot.fc b/policy/modules/services/dovecot.fc +index bfc880b..48703ef 100644 +--- a/policy/modules/services/dovecot.fc ++++ b/policy/modules/services/dovecot.fc +@@ -9,6 +9,10 @@ + /etc/pki/dovecot(/.*)? gen_context(system_u:object_r:dovecot_cert_t,s0) + /etc/rc\.d/init\.d/dovecot -- gen_context(system_u:object_r:dovecot_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/dovecot -- gen_context(system_u:object_r:dovecot_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/fail2ban.fc b/policy/modules/services/fail2ban.fc +index 0de2b83..20fbf46 100644 +--- a/policy/modules/services/fail2ban.fc ++++ b/policy/modules/services/fail2ban.fc +@@ -6,3 +6,7 @@ + /var/lib/fail2ban(/.*)? gen_context(system_u:object_r:fail2ban_var_lib_t,s0) + /var/log/fail2ban\.log -- gen_context(system_u:object_r:fail2ban_log_t,s0) + /var/run/fail2ban.* gen_context(system_u:object_r:fail2ban_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/fail2ban -- gen_context(system_u:object_r:fail2ban_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/ftp.fc b/policy/modules/services/ftp.fc +index 69dcd2a..70cf928 100644 +--- a/policy/modules/services/ftp.fc ++++ b/policy/modules/services/ftp.fc +@@ -6,6 +6,11 @@ + /etc/rc\.d/init\.d/vsftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) + /etc/rc\.d/init\.d/proftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/vsftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) ++/etc/rc\.d/proftpd -- gen_context(system_u:object_r:ftpd_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/gpsd.fc b/policy/modules/services/gpsd.fc +index 5e81e33..cd1eae5 100644 +--- a/policy/modules/services/gpsd.fc ++++ b/policy/modules/services/gpsd.fc +@@ -4,3 +4,7 @@ + + /var/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0) + /var/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/gpsd -- gen_context(system_u:object_r:gpsd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/hadoop.fc b/policy/modules/services/hadoop.fc +index 633c470..5919345 100644 +--- a/policy/modules/services/hadoop.fc ++++ b/policy/modules/services/hadoop.fc +@@ -57,3 +57,12 @@ + /var/run/hadoop.*/hadoop-hadoop-tasktracker\.pid -- gen_context(system_u:object_r:hadoop_tasktracker_initrc_var_run_t,s0) + + /var/zookeeper(/.*)? gen_context(system_u:object_r:zookeeper_server_var_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/hadoop-(.*-)?datanode -- gen_context(system_u:object_r:hadoop_datanode_initrc_exec_t,s0) ++/etc/rc\.d/hadoop-(.*-)?jobtracker -- gen_context(system_u:object_r:hadoop_jobtracker_initrc_exec_t,s0) ++/etc/rc\.d/hadoop-(.*-)?namenode -- gen_context(system_u:object_r:hadoop_namenode_initrc_exec_t,s0) ++/etc/rc\.d/hadoop-(.*-)?secondarynamenode -- gen_context(system_u:object_r:hadoop_secondarynamenode_initrc_exec_t,s0) ++/etc/rc\.d/hadoop-(.*-)?tasktracker -- gen_context(system_u:object_r:hadoop_tasktracker_initrc_exec_t,s0) ++/etc/rc\.d/hadoop-zookeeper -- gen_context(system_u:object_r:zookeeper_server_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/hddtemp.fc b/policy/modules/services/hddtemp.fc +index 1676612..1c45a43 100644 +--- a/policy/modules/services/hddtemp.fc ++++ b/policy/modules/services/hddtemp.fc +@@ -3,3 +3,7 @@ + /etc/sysconfig/hddtemp -- gen_context(system_u:object_r:hddtemp_etc_t,s0) + + /usr/sbin/hddtemp -- gen_context(system_u:object_r:hddtemp_exec_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/hddtemp -- gen_context(system_u:object_r:hddtemp_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/icecast.fc b/policy/modules/services/icecast.fc +index a81e090..bcb9bdc 100644 +--- a/policy/modules/services/icecast.fc ++++ b/policy/modules/services/icecast.fc +@@ -5,3 +5,7 @@ + /var/log/icecast(/.*)? gen_context(system_u:object_r:icecast_log_t,s0) + + /var/run/icecast(/.*)? gen_context(system_u:object_r:icecast_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/icecast -- gen_context(system_u:object_r:icecast_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/ifplugd.fc b/policy/modules/services/ifplugd.fc +index 2eda96f..68a27d3 100644 +--- a/policy/modules/services/ifplugd.fc ++++ b/policy/modules/services/ifplugd.fc +@@ -5,3 +5,7 @@ + /usr/sbin/ifplugd -- gen_context(system_u:object_r:ifplugd_exec_t,s0) + + /var/run/ifplugd.* gen_context(system_u:object_r:ifplugd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/ifplugd -- gen_context(system_u:object_r:ifplugd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/inn.fc b/policy/modules/services/inn.fc +index 8ca038d..4ee4433 100644 +--- a/policy/modules/services/inn.fc ++++ b/policy/modules/services/inn.fc +@@ -6,6 +6,10 @@ + /etc/news/boot -- gen_context(system_u:object_r:innd_exec_t,s0) + /etc/rc\.d/init\.d/innd -- gen_context(system_u:object_r:innd_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/innd -- gen_context(system_u:object_r:innd_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/jabber.fc b/policy/modules/services/jabber.fc +index 4c9acec..c2ba844 100644 +--- a/policy/modules/services/jabber.fc ++++ b/policy/modules/services/jabber.fc +@@ -4,3 +4,7 @@ + + /var/lib/jabber(/.*)? gen_context(system_u:object_r:jabberd_var_lib_t,s0) + /var/log/jabber(/.*)? gen_context(system_u:object_r:jabberd_log_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/jabber -- gen_context(system_u:object_r:jabberd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/kerberos.fc b/policy/modules/services/kerberos.fc +index 3525d24..c7656b3 100644 +--- a/policy/modules/services/kerberos.fc ++++ b/policy/modules/services/kerberos.fc +@@ -31,3 +31,10 @@ HOME_DIR/\.k5login -- gen_context(system_u:object_r:krb5_home_t,s0) + /var/log/kadmin(d)?\.log gen_context(system_u:object_r:kadmind_log_t,s0) + + /var/tmp/host_0 -- gen_context(system_u:object_r:krb5_host_rcache_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/kadmind -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++/etc/rc\.d/kprop -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++/etc/rc\.d/krb524d -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++/etc/rc\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/kerneloops.fc b/policy/modules/services/kerneloops.fc +index 5ef261a..b7c5520 100644 +--- a/policy/modules/services/kerneloops.fc ++++ b/policy/modules/services/kerneloops.fc +@@ -1,3 +1,7 @@ + /etc/rc\.d/init\.d/kerneloops -- gen_context(system_u:object_r:kerneloops_initrc_exec_t,s0) + + /usr/sbin/kerneloops -- gen_context(system_u:object_r:kerneloops_exec_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/kerneloops -- gen_context(system_u:object_r:kerneloops_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/ksmtuned.fc b/policy/modules/services/ksmtuned.fc +index 9c0c835..a08fb39 100644 +--- a/policy/modules/services/ksmtuned.fc ++++ b/policy/modules/services/ksmtuned.fc +@@ -3,3 +3,7 @@ + /usr/sbin/ksmtuned -- gen_context(system_u:object_r:ksmtuned_exec_t,s0) + + /var/run/ksmtune\.pid -- gen_context(system_u:object_r:ksmtuned_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/ksmtuned -- gen_context(system_u:object_r:ksmtuned_initrc_exec_t,s0) ++') +-- +1.7.6.1 + +From 32cd2a8bdcd108123331277fdc95ca5266960518 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Sat, 19 Feb 2011 23:13:22 +0100 +Subject: [PATCH 08/10] Fixed path issues with /etc/rc.d/ for ldap, likewise, + lircd, memcached, munin, mysql, nagios, + networkmanager, nis, nscd, nslcd, ntp, oident, + openvpn, pads, pingd, portreserve, postfixpolicyd, + postgresql, postgrey, ppp, prelude, privoxy, psad and + puppet modules. + +--- + policy/modules/services/ldap.fc | 4 ++++ + policy/modules/services/likewise.fc | 10 ++++++++++ + policy/modules/services/lircd.fc | 4 ++++ + policy/modules/services/memcached.fc | 4 ++++ + policy/modules/services/munin.fc | 4 ++++ + policy/modules/services/mysql.fc | 5 +++++ + policy/modules/services/nagios.fc | 5 +++++ + policy/modules/services/networkmanager.fc | 5 +++++ + policy/modules/services/nis.fc | 7 +++++++ + policy/modules/services/nscd.fc | 4 ++++ + policy/modules/services/nslcd.fc | 4 ++++ + policy/modules/services/ntp.fc | 5 +++++ + policy/modules/services/oident.fc | 4 ++++ + policy/modules/services/openvpn.fc | 4 ++++ + policy/modules/services/pads.fc | 4 ++++ + policy/modules/services/pingd.fc | 4 ++++ + policy/modules/services/portreserve.fc | 4 ++++ + policy/modules/services/postfixpolicyd.fc | 4 ++++ + policy/modules/services/postgresql.fc | 4 ++++ + policy/modules/services/postgrey.fc | 4 ++++ + policy/modules/services/ppp.fc | 4 ++++ + policy/modules/services/prelude.fc | 6 ++++++ + policy/modules/services/privoxy.fc | 4 ++++ + policy/modules/services/psad.fc | 4 ++++ + policy/modules/services/puppet.fc | 5 +++++ + 25 files changed, 116 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/services/ldap.fc b/policy/modules/services/ldap.fc +index c62f23e..6f65866 100644 +--- a/policy/modules/services/ldap.fc ++++ b/policy/modules/services/ldap.fc +@@ -2,6 +2,10 @@ + /etc/ldap/slapd\.conf -- gen_context(system_u:object_r:slapd_etc_t,s0) + /etc/rc\.d/init\.d/ldap -- gen_context(system_u:object_r:slapd_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/ldap -- gen_context(system_u:object_r:slapd_initrc_exec_t,s0) ++') ++ + /usr/sbin/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0) + + ifdef(`distro_debian',` +diff --git a/policy/modules/services/likewise.fc b/policy/modules/services/likewise.fc +index 057a4e4..9babe2b 100644 +--- a/policy/modules/services/likewise.fc ++++ b/policy/modules/services/likewise.fc +@@ -52,3 +52,13 @@ + /var/run/netlogond.pid -- gen_context(system_u:object_r:netlogond_var_run_t,s0) + /var/run/srvsvcd.pid -- gen_context(system_u:object_r:srvsvcd_var_run_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/dcerpcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/rc\.d/eventlogd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/rc\.d/lsassd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/rc\.d/lwiod -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/rc\.d/lwregd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/rc\.d/lwsmd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/rc\.d/netlogond -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++/etc/rc\.d/srvsvcd -- gen_context(system_u:object_r:likewise_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/lircd.fc b/policy/modules/services/lircd.fc +index 49e04e5..9a7f27e 100644 +--- a/policy/modules/services/lircd.fc ++++ b/policy/modules/services/lircd.fc +@@ -8,3 +8,7 @@ + /var/run/lirc(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0) + /var/run/lircd(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0) + /var/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/lirc -- gen_context(system_u:object_r:lircd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/memcached.fc b/policy/modules/services/memcached.fc +index 4d69477..b0323b7 100644 +--- a/policy/modules/services/memcached.fc ++++ b/policy/modules/services/memcached.fc +@@ -3,3 +3,7 @@ + /usr/bin/memcached -- gen_context(system_u:object_r:memcached_exec_t,s0) + + /var/run/memcached(/.*)? gen_context(system_u:object_r:memcached_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/memcached -- gen_context(system_u:object_r:memcached_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/munin.fc b/policy/modules/services/munin.fc +index fd71d69..3e3b7cf 100644 +--- a/policy/modules/services/munin.fc ++++ b/policy/modules/services/munin.fc +@@ -1,6 +1,10 @@ + /etc/munin(/.*)? gen_context(system_u:object_r:munin_etc_t,s0) + /etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/munin-node -- gen_context(system_u:object_r:munin_initrc_exec_t,s0) ++') ++ + /usr/bin/munin-.* -- gen_context(system_u:object_r:munin_exec_t,s0) + /usr/sbin/munin-.* -- gen_context(system_u:object_r:munin_exec_t,s0) + /usr/share/munin/munin-.* -- gen_context(system_u:object_r:munin_exec_t,s0) +diff --git a/policy/modules/services/mysql.fc b/policy/modules/services/mysql.fc +index cc7192c..3d35829 100644 +--- a/policy/modules/services/mysql.fc ++++ b/policy/modules/services/mysql.fc +@@ -8,6 +8,11 @@ + /etc/rc\.d/init\.d/mysqld -- gen_context(system_u:object_r:mysqld_initrc_exec_t,s0) + /etc/rc\.d/init\.d/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/mysqld -- gen_context(system_u:object_r:mysqld_initrc_exec_t,s0) ++/etc/rc\.d/mysqlmanager -- gen_context(system_u:object_r:mysqlmanagerd_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/nagios.fc b/policy/modules/services/nagios.fc +index 1fc9905..dee9045 100644 +--- a/policy/modules/services/nagios.fc ++++ b/policy/modules/services/nagios.fc +@@ -3,6 +3,11 @@ + /etc/rc\.d/init\.d/nagios -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) + /etc/rc\.d/init\.d/nrpe -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/nagios -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) ++/etc/rc\.d/nrpe -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0) ++') ++ + /usr/s?bin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0) + /usr/s?bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0) + +diff --git a/policy/modules/services/networkmanager.fc b/policy/modules/services/networkmanager.fc +index 386543b..ae2c0f7 100644 +--- a/policy/modules/services/networkmanager.fc ++++ b/policy/modules/services/networkmanager.fc +@@ -24,3 +24,8 @@ + /var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0) + /var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0) + /var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/wicd -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) ++/etc/rc\.d/networkmanager -- gen_context(system_u:object_r:NetworkManager_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/nis.fc b/policy/modules/services/nis.fc +index 15448d5..f1ac52c 100644 +--- a/policy/modules/services/nis.fc ++++ b/policy/modules/services/nis.fc +@@ -19,3 +19,10 @@ + /var/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0) + /var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0) + /var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/ypbind -- gen_context(system_u:object_r:ypbind_initrc_exec_t,s0) ++/etc/rc\.d/yppasswd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) ++/etc/rc\.d/ypserv -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) ++/etc/rc\.d/ypxfrd -- gen_context(system_u:object_r:nis_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/nscd.fc b/policy/modules/services/nscd.fc +index 623b731..4561878 100644 +--- a/policy/modules/services/nscd.fc ++++ b/policy/modules/services/nscd.fc +@@ -11,3 +11,7 @@ + /var/run/\.nscd_socket -s gen_context(system_u:object_r:nscd_var_run_t,s0) + + /var/run/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/nscd -- gen_context(system_u:object_r:nscd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/nslcd.fc b/policy/modules/services/nslcd.fc +index ce913b2..e38895c 100644 +--- a/policy/modules/services/nslcd.fc ++++ b/policy/modules/services/nslcd.fc +@@ -2,3 +2,7 @@ + /etc/rc\.d/init\.d/nslcd -- gen_context(system_u:object_r:nslcd_initrc_exec_t,s0) + /usr/sbin/nslcd -- gen_context(system_u:object_r:nslcd_exec_t,s0) + /var/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/nslcd -- gen_context(system_u:object_r:nslcd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/ntp.fc b/policy/modules/services/ntp.fc +index e79dccc..a91f16f 100644 +--- a/policy/modules/services/ntp.fc ++++ b/policy/modules/services/ntp.fc +@@ -20,3 +20,8 @@ + /var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0) + + /var/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/ntpd -- gen_context(system_u:object_r:ntpd_initrc_exec_t,s0) ++/etc/rc\.d/openntpd -- gen_context(system_u:object_r:ntpd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/oident.fc b/policy/modules/services/oident.fc +index 5840ea8..ac612d3 100644 +--- a/policy/modules/services/oident.fc ++++ b/policy/modules/services/oident.fc +@@ -6,3 +6,7 @@ HOME_DIR/\.oidentd.conf gen_context(system_u:object_r:oidentd_home_t, s0) + /etc/rc\.d/init\.d/oidentd -- gen_context(system_u:object_r:oidentd_initrc_exec_t, s0) + + /usr/sbin/oidentd -- gen_context(system_u:object_r:oidentd_exec_t, s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/oidentd -- gen_context(system_u:object_r:oidentd_initrc_exec_t, s0) ++') +diff --git a/policy/modules/services/openvpn.fc b/policy/modules/services/openvpn.fc +index 9c186d2..9ce733f 100644 +--- a/policy/modules/services/openvpn.fc ++++ b/policy/modules/services/openvpn.fc +@@ -5,6 +5,10 @@ + /etc/openvpn/ipp.txt -- gen_context(system_u:object_r:openvpn_etc_rw_t,s0) + /etc/rc\.d/init\.d/openvpn -- gen_context(system_u:object_r:openvpn_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/openvpn -- gen_context(system_u:object_r:openvpn_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/pads.fc b/policy/modules/services/pads.fc +index 0870c56..a368530 100644 +--- a/policy/modules/services/pads.fc ++++ b/policy/modules/services/pads.fc +@@ -8,3 +8,7 @@ + /usr/bin/pads -- gen_context(system_u:object_r:pads_exec_t, s0) + + /var/run/pads.pid -- gen_context(system_u:object_r:pads_var_run_t, s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/pads -- gen_context(system_u:object_r:pads_initrc_exec_t, s0) ++') +diff --git a/policy/modules/services/pingd.fc b/policy/modules/services/pingd.fc +index ea085f7..acb53f9 100644 +--- a/policy/modules/services/pingd.fc ++++ b/policy/modules/services/pingd.fc +@@ -4,3 +4,7 @@ + /usr/lib/pingd(/.*)? gen_context(system_u:object_r:pingd_modules_t,s0) + + /usr/sbin/pingd -- gen_context(system_u:object_r:pingd_exec_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/whatsup-pingd -- gen_context(system_u:object_r:pingd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/portreserve.fc b/policy/modules/services/portreserve.fc +index 4313a6f..714ebcd 100644 +--- a/policy/modules/services/portreserve.fc ++++ b/policy/modules/services/portreserve.fc +@@ -5,3 +5,7 @@ + /sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0) + + /var/run/portreserve(/.*)? gen_context(system_u:object_r:portreserve_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/portreserve -- gen_context(system_u:object_r:portreserve_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/postfixpolicyd.fc b/policy/modules/services/postfixpolicyd.fc +index 4361cb6..3dd8494 100644 +--- a/policy/modules/services/postfixpolicyd.fc ++++ b/policy/modules/services/postfixpolicyd.fc +@@ -4,3 +4,7 @@ + /usr/sbin/policyd -- gen_context(system_u:object_r:postfix_policyd_exec_t, s0) + + /var/run/policyd\.pid -- gen_context(system_u:object_r:postfix_policyd_var_run_t, s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/postfixpolicyd -- gen_context(system_u:object_r:postfix_policyd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc +index f03fad4..7c2502c 100644 +--- a/policy/modules/services/postgresql.fc ++++ b/policy/modules/services/postgresql.fc +@@ -5,6 +5,10 @@ + /etc/rc\.d/init\.d/(se)?postgresql -- gen_context(system_u:object_r:postgresql_initrc_exec_t,s0) + /etc/sysconfig/pgsql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/(se)?postgresql -- gen_context(system_u:object_r:postgresql_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/postgrey.fc b/policy/modules/services/postgrey.fc +index e731841..4042bc6 100644 +--- a/policy/modules/services/postgrey.fc ++++ b/policy/modules/services/postgrey.fc +@@ -10,3 +10,7 @@ + /var/run/postgrey\.pid -- gen_context(system_u:object_r:postgrey_var_run_t,s0) + + /var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/postgrey -- gen_context(system_u:object_r:postgrey_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/ppp.fc b/policy/modules/services/ppp.fc +index 2d82c6d..418fa73 100644 +--- a/policy/modules/services/ppp.fc ++++ b/policy/modules/services/ppp.fc +@@ -13,6 +13,10 @@ + + /root/.ppprc -- gen_context(system_u:object_r:pppd_etc_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/ppp -- gen_context(system_u:object_r:pppd_initrc_exec_t,s0) ++') ++ + # + # /sbin + # +diff --git a/policy/modules/services/prelude.fc b/policy/modules/services/prelude.fc +index 3bd847a..94e6144 100644 +--- a/policy/modules/services/prelude.fc ++++ b/policy/modules/services/prelude.fc +@@ -16,3 +16,9 @@ + /var/run/prelude-manager(/.*)? gen_context(system_u:object_r:prelude_var_run_t,s0) + /var/spool/prelude-manager(/.*)? gen_context(system_u:object_r:prelude_spool_t,s0) + /var/spool/prelude(/.*)? gen_context(system_u:object_r:prelude_spool_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/prelude-correlator -- gen_context(system_u:object_r:prelude_initrc_exec_t, s0) ++/etc/rc\.d/prelude-lml -- gen_context(system_u:object_r:prelude_initrc_exec_t,s0) ++/etc/rc\.d/prelude-manager -- gen_context(system_u:object_r:prelude_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/privoxy.fc b/policy/modules/services/privoxy.fc +index be4998a..789cef6 100644 +--- a/policy/modules/services/privoxy.fc ++++ b/policy/modules/services/privoxy.fc +@@ -4,3 +4,7 @@ + /usr/sbin/privoxy -- gen_context(system_u:object_r:privoxy_exec_t,s0) + + /var/log/privoxy(/.*)? gen_context(system_u:object_r:privoxy_log_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/privoxy -- gen_context(system_u:object_r:privoxy_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/psad.fc b/policy/modules/services/psad.fc +index 6c66d44..bed0bc6 100644 +--- a/policy/modules/services/psad.fc ++++ b/policy/modules/services/psad.fc +@@ -6,3 +6,7 @@ + /var/lib/psad(/.*)? gen_context(system_u:object_r:psad_var_lib_t,s0) + /var/log/psad(/.*)? gen_context(system_u:object_r:psad_var_log_t,s0) + /var/run/psad(/.*)? gen_context(system_u:object_r:psad_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/psad -- gen_context(system_u:object_r:psad_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/puppet.fc b/policy/modules/services/puppet.fc +index 2f1e529..c324b58 100644 +--- a/policy/modules/services/puppet.fc ++++ b/policy/modules/services/puppet.fc +@@ -9,3 +9,8 @@ + /var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0) + /var/log/puppet(/.*)? gen_context(system_u:object_r:puppet_log_t,s0) + /var/run/puppet(/.*)? gen_context(system_u:object_r:puppet_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/puppet -- gen_context(system_u:object_r:puppet_initrc_exec_t,s0) ++/etc/rc\.d/puppetmaster -- gen_context(system_u:object_r:puppetmaster_initrc_exec_t,s0) ++') +-- +1.7.6.1 + +From e5679dd3c269ff8ce33690bc0a097fd55fa1b797 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Sat, 19 Feb 2011 23:26:01 +0100 +Subject: [PATCH 09/10] Fixed posgresql log location. + +--- + policy/modules/services/postgresql.fc | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc +index 7c2502c..b828114 100644 +--- a/policy/modules/services/postgresql.fc ++++ b/policy/modules/services/postgresql.fc +@@ -43,6 +43,10 @@ ifdef(`distro_redhat', ` + /var/log/postgresql(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0) + /var/log/sepostgresql\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0) + ++ifdef(`distro_arch',` ++/var/log/postgresql\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0) ++') ++ + ifdef(`distro_redhat', ` + /var/log/rhdb/rhdb(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0) + ') +-- +1.7.6.1 + +From 547e92c2675dfdacc66d676f16514a91546ecd78 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ond=C5=99ej=20Vadinsk=C3=BD?= <Nicky726@google.com> +Date: Sun, 20 Feb 2011 10:23:14 +0100 +Subject: [PATCH 10/10] Fixed path issues with /etc/rc.d/ for radius, radvd, + roundup, rpc, rpcbind, rwho, samba, sasl, smartmon, + smokeping, snmp, snort, soundserver, squid, sssd, + tgtd, tor, tuned, ulogd, varnishd, virt, zabbix and + zebra modules. + +--- + policy/modules/services/radius.fc | 4 ++++ + policy/modules/services/radvd.fc | 4 ++++ + policy/modules/services/roundup.fc | 4 ++++ + policy/modules/services/rpc.fc | 6 ++++++ + policy/modules/services/rpcbind.fc | 4 ++++ + policy/modules/services/rwho.fc | 4 ++++ + policy/modules/services/samba.fc | 6 ++++++ + policy/modules/services/sasl.fc | 4 ++++ + policy/modules/services/smartmon.fc | 4 ++++ + policy/modules/services/smokeping.fc | 4 ++++ + policy/modules/services/snmp.fc | 5 +++++ + policy/modules/services/snort.fc | 4 ++++ + policy/modules/services/soundserver.fc | 4 ++++ + policy/modules/services/squid.fc | 4 ++++ + policy/modules/services/sssd.fc | 4 ++++ + policy/modules/services/tgtd.fc | 4 ++++ + policy/modules/services/tor.fc | 4 ++++ + policy/modules/services/tuned.fc | 4 ++++ + policy/modules/services/ulogd.fc | 4 ++++ + policy/modules/services/varnishd.fc | 6 ++++++ + policy/modules/services/virt.fc | 4 ++++ + policy/modules/services/zabbix.fc | 6 +++++- + policy/modules/services/zebra.fc | 9 +++++++++ + 23 files changed, 105 insertions(+), 1 deletions(-) + +diff --git a/policy/modules/services/radius.fc b/policy/modules/services/radius.fc +index 09f7b50..2255d2d 100644 +--- a/policy/modules/services/radius.fc ++++ b/policy/modules/services/radius.fc +@@ -21,3 +21,7 @@ + + /var/run/radiusd(/.*)? gen_context(system_u:object_r:radiusd_var_run_t,s0) + /var/run/radiusd\.pid -- gen_context(system_u:object_r:radiusd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/radiusd -- gen_context(system_u:object_r:radiusd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/radvd.fc b/policy/modules/services/radvd.fc +index cc98d83..616595c 100644 +--- a/policy/modules/services/radvd.fc ++++ b/policy/modules/services/radvd.fc +@@ -5,3 +5,7 @@ + + /var/run/radvd\.pid -- gen_context(system_u:object_r:radvd_var_run_t,s0) + /var/run/radvd(/.*)? gen_context(system_u:object_r:radvd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/radvd -- gen_context(system_u:object_r:radvd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/roundup.fc b/policy/modules/services/roundup.fc +index e4110e6..44ec46f 100644 +--- a/policy/modules/services/roundup.fc ++++ b/policy/modules/services/roundup.fc +@@ -1,5 +1,9 @@ + /etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/roundup -- gen_context(system_u:object_r:roundup_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/rpc.fc b/policy/modules/services/rpc.fc +index 5c70c0c..3e58dd9 100644 +--- a/policy/modules/services/rpc.fc ++++ b/policy/modules/services/rpc.fc +@@ -6,6 +6,12 @@ + /etc/rc\.d/init\.d/nfslock -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) + /etc/rc\.d/init\.d/rpcidmapd -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/nfs -- gen_context(system_u:object_r:nfsd_initrc_exec_t,s0) ++/etc/rc\.d/nfslock -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) ++/etc/rc\.d/rpcidmapd -- gen_context(system_u:object_r:rpcd_initrc_exec_t,s0) ++') ++ + # + # /sbin + # +diff --git a/policy/modules/services/rpcbind.fc b/policy/modules/services/rpcbind.fc +index f5c47d6..63b8132 100644 +--- a/policy/modules/services/rpcbind.fc ++++ b/policy/modules/services/rpcbind.fc +@@ -7,3 +7,7 @@ + /var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0) + /var/run/rpcbind\.lock -- gen_context(system_u:object_r:rpcbind_var_run_t,s0) + /var/run/rpcbind\.sock -s gen_context(system_u:object_r:rpcbind_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/rwho.fc b/policy/modules/services/rwho.fc +index bc048ce..eada02b 100644 +--- a/policy/modules/services/rwho.fc ++++ b/policy/modules/services/rwho.fc +@@ -5,3 +5,7 @@ + /var/spool/rwho(/.*)? gen_context(system_u:object_r:rwho_spool_t,s0) + + /var/log/rwhod(/.*)? gen_context(system_u:object_r:rwho_log_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/rwhod -- gen_context(system_u:object_r:rwho_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/samba.fc b/policy/modules/services/samba.fc +index 69a6074..54166ae 100644 +--- a/policy/modules/services/samba.fc ++++ b/policy/modules/services/samba.fc +@@ -11,6 +11,12 @@ + /etc/samba/smbpasswd -- gen_context(system_u:object_r:samba_secrets_t,s0) + /etc/samba(/.*)? gen_context(system_u:object_r:samba_etc_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/nmb -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) ++/etc/rc\.d/smb -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) ++/etc/rc\.d/winbind -- gen_context(system_u:object_r:samba_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/sasl.fc b/policy/modules/services/sasl.fc +index 7e58679..22a9a35 100644 +--- a/policy/modules/services/sasl.fc ++++ b/policy/modules/services/sasl.fc +@@ -1,5 +1,9 @@ + /etc/rc\.d/init\.d/sasl -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/sasl -- gen_context(system_u:object_r:saslauthd_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/smartmon.fc b/policy/modules/services/smartmon.fc +index 268ae3d..7ea391c 100644 +--- a/policy/modules/services/smartmon.fc ++++ b/policy/modules/services/smartmon.fc +@@ -1,5 +1,9 @@ + /etc/rc\.d/init\.d/smartd -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/smartd -- gen_context(system_u:object_r:fsdaemon_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/smokeping.fc b/policy/modules/services/smokeping.fc +index 9ff2d99..e5108b6 100644 +--- a/policy/modules/services/smokeping.fc ++++ b/policy/modules/services/smokeping.fc +@@ -7,3 +7,7 @@ + /var/lib/smokeping(/.*)? gen_context(system_u:object_r:smokeping_var_lib_t,s0) + + /var/run/smokeping(/.*)? gen_context(system_u:object_r:smokeping_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/smokeping -- gen_context(system_u:object_r:smokeping_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/snmp.fc b/policy/modules/services/snmp.fc +index 623c8fa..cafc713 100644 +--- a/policy/modules/services/snmp.fc ++++ b/policy/modules/services/snmp.fc +@@ -1,6 +1,11 @@ + /etc/rc\.d/init\.d/snmpd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) + /etc/rc\.d/init\.d/snmptrapd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) + ++ifdef(`distro_arch',` ++/etc/rc\.d/snmpd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) ++/etc/rc\.d/snmptrapd -- gen_context(system_u:object_r:snmpd_initrc_exec_t,s0) ++') ++ + # + # /usr + # +diff --git a/policy/modules/services/snort.fc b/policy/modules/services/snort.fc +index 7bedd2f..3bd4b34 100644 +--- a/policy/modules/services/snort.fc ++++ b/policy/modules/services/snort.fc +@@ -7,3 +7,7 @@ + /var/log/snort(/.*)? gen_context(system_u:object_r:snort_log_t,s0) + + /var/run/snort.* -- gen_context(system_u:object_r:snort_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/snortd -- gen_context(system_u:object_r:snort_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/soundserver.fc b/policy/modules/services/soundserver.fc +index d89b2cb..3bf9ab0 100644 +--- a/policy/modules/services/soundserver.fc ++++ b/policy/modules/services/soundserver.fc +@@ -11,3 +11,7 @@ + /var/run/yiff-[0-9]+\.pid -- gen_context(system_u:object_r:soundd_var_run_t,s0) + + /var/state/yiff(/.*)? gen_context(system_u:object_r:soundd_state_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/nasd -- gen_context(system_u:object_r:soundd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/squid.fc b/policy/modules/services/squid.fc +index 6cc4a90..458beac 100644 +--- a/policy/modules/services/squid.fc ++++ b/policy/modules/services/squid.fc +@@ -12,3 +12,7 @@ + /var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0) + /var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0) + /var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/squid -- gen_context(system_u:object_r:squid_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/sssd.fc b/policy/modules/services/sssd.fc +index 4271815..3cc6012 100644 +--- a/policy/modules/services/sssd.fc ++++ b/policy/modules/services/sssd.fc +@@ -9,3 +9,7 @@ + /var/log/sssd(/.*)? gen_context(system_u:object_r:sssd_var_log_t,s0) + + /var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/sssd -- gen_context(system_u:object_r:sssd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/tgtd.fc b/policy/modules/services/tgtd.fc +index 8294f6f..c64af34 100644 +--- a/policy/modules/services/tgtd.fc ++++ b/policy/modules/services/tgtd.fc +@@ -1,3 +1,7 @@ + /etc/rc\.d/init\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t,s0) + /usr/sbin/tgtd -- gen_context(system_u:object_r:tgtd_exec_t,s0) + /var/lib/tgtd(/.*)? gen_context(system_u:object_r:tgtd_var_lib_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/tgtd -- gen_context(system_u:object_r:tgtd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/tor.fc b/policy/modules/services/tor.fc +index e2e06b2..bf40c08 100644 +--- a/policy/modules/services/tor.fc ++++ b/policy/modules/services/tor.fc +@@ -10,3 +10,7 @@ + /var/log/tor(/.*)? gen_context(system_u:object_r:tor_var_log_t,s0) + + /var/run/tor(/.*)? gen_context(system_u:object_r:tor_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/tor -- gen_context(system_u:object_r:tor_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/tuned.fc b/policy/modules/services/tuned.fc +index 639c962..9585a9f 100644 +--- a/policy/modules/services/tuned.fc ++++ b/policy/modules/services/tuned.fc +@@ -6,3 +6,7 @@ + /var/log/tuned\.log -- gen_context(system_u:object_r:tuned_log_t,s0) + + /var/run/tuned\.pid -- gen_context(system_u:object_r:tuned_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/tuned -- gen_context(system_u:object_r:tuned_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/ulogd.fc b/policy/modules/services/ulogd.fc +index 831b4a3..e12edd8 100644 +--- a/policy/modules/services/ulogd.fc ++++ b/policy/modules/services/ulogd.fc +@@ -5,3 +5,7 @@ + /usr/sbin/ulogd -- gen_context(system_u:object_r:ulogd_exec_t,s0) + + /var/log/ulogd(/.*)? gen_context(system_u:object_r:ulogd_var_log_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/ulogd -- gen_context(system_u:object_r:ulogd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/varnishd.fc b/policy/modules/services/varnishd.fc +index 194d123..42bb2ab 100644 +--- a/policy/modules/services/varnishd.fc ++++ b/policy/modules/services/varnishd.fc +@@ -16,3 +16,9 @@ + /var/run/varnish\.pid -- gen_context(system_u:object_r:varnishd_var_run_t,s0) + /var/run/varnishlog\.pid -- gen_context(system_u:object_r:varnishlog_var_run_t,s0) + /var/run/varnishncsa\.pid -- gen_context(system_u:object_r:varnishlog_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/varnish -- gen_context(system_u:object_r:varnishd_initrc_exec_t,s0) ++/etc/rc\.d/varnishlog -- gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0) ++/etc/rc\.d/varnishncsa -- gen_context(system_u:object_r:varnishlog_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/virt.fc b/policy/modules/services/virt.fc +index 2124b6a..19b6ca1 100644 +--- a/policy/modules/services/virt.fc ++++ b/policy/modules/services/virt.fc +@@ -27,3 +27,7 @@ HOME_DIR/VirtualMachines/isos(/.*)? gen_context(system_u:object_r:virt_content_t + /var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0) + + /var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/libvirtd -- gen_context(system_u:object_r:virtd_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/zabbix.fc b/policy/modules/services/zabbix.fc +index 664cd7a..82562f0 100644 +--- a/policy/modules/services/zabbix.fc ++++ b/policy/modules/services/zabbix.fc +@@ -6,4 +6,8 @@ + + /var/log/zabbix(/.*)? gen_context(system_u:object_r:zabbix_log_t,s0) + +-/var/run/zabbix(/.*)? gen_context(system_u:object_r:zabbix_var_run_t,s0) ++/var/run/zabbix(/.*)? gen_context(system_u:object_r:zabbix_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/zabbix -- gen_context(system_u:object_r:zabbix_initrc_exec_t,s0) ++') +diff --git a/policy/modules/services/zebra.fc b/policy/modules/services/zebra.fc +index e1b30b2..3b13ed6 100644 +--- a/policy/modules/services/zebra.fc ++++ b/policy/modules/services/zebra.fc +@@ -20,3 +20,12 @@ + /var/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0) + /var/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0) + /var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0) ++ ++ifdef(`distro_arch',` ++/etc/rc\.d/bgpd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/rc\.d/ospf6d -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/rc\.d/ospfd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/rc\.d/ripd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/rc\.d/ripngd -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++/etc/rc\.d/zebra -- gen_context(system_u:object_r:zebra_initrc_exec_t,s0) ++') +-- +1.7.6.1 |