diff -u refpolicy-2.20110726/policy/modules/apps/gpg.fc refpolicy-2.20110726/policy/modules/apps/gpg.fc
--- refpolicy-2.20110726/policy/modules/apps/gpg.fc
+++ refpolicy-2.20110726/policy/modules/apps/gpg.fc
@@ -1,5 +1,4 @@
HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:gpg_secret_t,s0)
-HOME_DIR/\.gnupg/gpg.conf gen_context(system_u:object_r:user_home_t,s0)
HOME_DIR/\.gnupg/log-socket gen_context(system_u:object_r:gpg_agent_tmp_t,s0)
/usr/bin/gpg(2)? -- gen_context(system_u:object_r:gpg_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/apps/screen.fc
+++ refpolicy-2.20110726.orig/policy/modules/apps/screen.fc
@@ -13,6 +13,3 @@
# /var
#
/var/run/screen(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/screen(/.*)? gen_context(system_u:object_r:screen_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/apps/pulseaudio.fc
+++ refpolicy-2.20110726.orig/policy/modules/apps/pulseaudio.fc
@@ -5,6 +5,3 @@
/var/lib/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_lib_t,s0)
/var/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pulse(/.*)? gen_context(system_u:object_r:pulseaudio_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/apps/uml.fc
+++ refpolicy-2.20110726.orig/policy/modules/apps/uml.fc
@@ -12,6 +12,3 @@
# /var
#
/var/run/uml-utilities(/.*)? gen_context(system_u:object_r:uml_switch_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/uml-utilities(/.*)? gen_context(system_u:object_r:uml_switch_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/apps/mozilla.te refpolicy-2.20110726/policy/modules/apps/mozilla.te
--- refpolicy-2.20110726/policy/modules/apps/mozilla.te
+++ refpolicy-2.20110726/policy/modules/apps/mozilla.te
@@ -126,7 +126,7 @@
manage_dirs_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
manage_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
manage_lnk_files_pattern(mozilla_t, mozilla_home_t, mozilla_home_t)
-userdom_search_user_home_dirs(mozilla_t)
+userdom_search_user_home_content(mozilla_t)
userdom_user_home_dir_filetrans(mozilla_t, mozilla_home_t, dir)
# Mozpluggerrc
@@ -134,6 +134,8 @@
manage_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
manage_dirs_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
+manage_lnk_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
+manage_sock_files_pattern(mozilla_t, mozilla_tmp_t, mozilla_tmp_t)
files_tmp_filetrans(mozilla_t, mozilla_tmp_t, { file dir })
manage_files_pattern(mozilla_t, mozilla_tmpfs_t, mozilla_tmpfs_t)
reverted:
--- refpolicy-2.20110726/policy/modules/admin/rpm.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/rpm.fc
@@ -37,13 +37,7 @@
/var/log/yum\.log.* -- gen_context(system_u:object_r:rpm_log_t,s0)
/var/run/yum.* -- gen_context(system_u:object_r:rpm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/yum.* -- gen_context(system_u:object_r:rpm_var_run_t,s0)
-')
/var/run/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/PackageKit(/.*)? gen_context(system_u:object_r:rpm_var_run_t,s0)
-')
# SuSE
ifdef(`distro_suse', `
diff -u refpolicy-2.20110726/policy/modules/admin/certwatch.if refpolicy-2.20110726/policy/modules/admin/certwatch.if
--- refpolicy-2.20110726/policy/modules/admin/certwatch.if
+++ refpolicy-2.20110726/policy/modules/admin/certwatch.if
@@ -51,28 +50,0 @@
-########################################
-##
-## Execute certwatch in the certwatch domain, and
-## allow the specified role the certwatch domain,
-## and use the caller's terminal. Has a sigchld
-## backchannel. (Deprecated)
-##
-##
-##
-## Domain allowed to transition.
-##
-##
-##
-##
-## Role allowed access.
-##
-##
-##
-##
-## The type of the terminal allow the certwatch domain to use.
-##
-##
-##
-#
-interface(`certwatach_run',`
- refpolicyerr(`$0($*) has been deprecated, please use certwatch_run() instead.')
- certwatch_run($*)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/admin/kismet.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/kismet.fc
@@ -4,6 +4,3 @@
/var/lib/kismet(/.*)? gen_context(system_u:object_r:kismet_var_lib_t,s0)
/var/log/kismet(/.*)? gen_context(system_u:object_r:kismet_log_t,s0)
/var/run/kismet_server.pid -- gen_context(system_u:object_r:kismet_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/kismet_server.pid -- gen_context(system_u:object_r:kismet_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/admin/apt.fc refpolicy-2.20110726/policy/modules/admin/apt.fc
--- refpolicy-2.20110726/policy/modules/admin/apt.fc
+++ refpolicy-2.20110726/policy/modules/admin/apt.fc
@@ -14,10 +14,6 @@
# aptitude lock
/var/lock/aptitude gen_context(system_u:object_r:apt_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/aptitude gen_context(system_u:object_r:apt_lock_t,s0)
-/run/lock/aptitude gen_context(system_u:object_r:apt_lock_t,s0)
-')
# aptitude log
/var/log/aptitude.* gen_context(system_u:object_r:apt_var_log_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/admin/vpn.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/vpn.fc
@@ -11,6 +11,3 @@
/usr/sbin/vpnc -- gen_context(system_u:object_r:vpnc_exec_t,s0)
/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/admin/mrtg.fc
+++ refpolicy-2.20110726.orig/policy/modules/admin/mrtg.fc
@@ -14,12 +14,5 @@
#
/var/lib/mrtg(/.*)? gen_context(system_u:object_r:mrtg_var_lib_t,s0)
/var/lock/mrtg(/.*)? gen_context(system_u:object_r:mrtg_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/mrtg(/.*)? gen_context(system_u:object_r:mrtg_lock_t,s0)
-/run/lock/mrtg(/.*)? gen_context(system_u:object_r:mrtg_lock_t,s0)
-')
/var/log/mrtg(/.*)? gen_context(system_u:object_r:mrtg_log_t,s0)
/var/run/mrtg\.pid gen_context(system_u:object_r:mrtg_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mrtg\.pid gen_context(system_u:object_r:mrtg_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/admin/dpkg.te refpolicy-2.20110726/policy/modules/admin/dpkg.te
--- refpolicy-2.20110726/policy/modules/admin/dpkg.te
+++ refpolicy-2.20110726/policy/modules/admin/dpkg.te
@@ -150,6 +150,8 @@
# for installing kernel packages
storage_raw_read_fixed_disk(dpkg_t)
+term_list_ptys(dpkg_t)
+
auth_relabel_all_files_except_auth_files(dpkg_t)
auth_manage_all_files_except_auth_files(dpkg_t)
auth_dontaudit_read_shadow(dpkg_t)
diff -u refpolicy-2.20110726/policy/modules/system/mount.te refpolicy-2.20110726/policy/modules/system/mount.te
--- refpolicy-2.20110726/policy/modules/system/mount.te
+++ refpolicy-2.20110726/policy/modules/system/mount.te
@@ -56,6 +56,7 @@
kernel_read_kernel_sysctls(mount_t)
kernel_dontaudit_getattr_core_if(mount_t)
kernel_dontaudit_write_debugfs_dirs(mount_t)
+kernel_search_debugfs(mount_t)
kernel_dontaudit_write_proc_dirs(mount_t)
# To load binfmt_misc kernel module
kernel_request_load_module(mount_t)
reverted:
--- refpolicy-2.20110726/policy/modules/system/lvm.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/lvm.fc
@@ -97,15 +97,5 @@
/var/cache/multipathd(/.*)? gen_context(system_u:object_r:lvm_metadata_t,s0)
/var/lib/multipath(/.*)? gen_context(system_u:object_r:lvm_var_lib_t,s0)
/var/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
-/run/lock/lvm(/.*)? gen_context(system_u:object_r:lvm_lock_t,s0)
-')
/var/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/multipathd\.sock -s gen_context(system_u:object_r:lvm_var_run_t,s0)
-')
/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/system/ipsec.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/ipsec.fc
@@ -43,10 +43,4 @@
/var/racoon(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0)
/var/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pluto(/.*)? gen_context(system_u:object_r:ipsec_var_run_t,s0)
-')
/var/run/racoon\.pid -- gen_context(system_u:object_r:ipsec_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/racoon\.pid -- gen_context(system_u:object_r:ipsec_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/system/xen.te refpolicy-2.20110726/policy/modules/system/xen.te
--- refpolicy-2.20110726/policy/modules/system/xen.te
+++ refpolicy-2.20110726/policy/modules/system/xen.te
@@ -323,7 +323,9 @@
logging_send_syslog_msg(xend_t)
-lvm_domtrans(xend_t)
+optional_policy(`
+ lvm_domtrans(xend_t)
+')
miscfiles_read_localization(xend_t)
miscfiles_read_hwdata(xend_t)
reverted:
--- refpolicy-2.20110726/policy/modules/system/xen.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/xen.fc
@@ -32,36 +32,12 @@
/var/log/xend-debug\.log -- gen_context(system_u:object_r:xend_var_log_t,s0)
/var/run/evtchnd -s gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/evtchnd -s gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-')
/var/run/evtchnd\.pid -- gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/evtchnd\.pid -- gen_context(system_u:object_r:evtchnd_var_run_t,s0)
-')
/var/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenconsoled\.pid -- gen_context(system_u:object_r:xenconsoled_var_run_t,s0)
-')
/var/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xend(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
-')
/var/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xend\.pid -- gen_context(system_u:object_r:xend_var_run_t,s0)
-')
/var/run/xenner(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenner(/.*)? gen_context(system_u:object_r:xend_var_run_t,s0)
-')
/var/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenstore\.pid -- gen_context(system_u:object_r:xenstored_var_run_t,s0)
-')
/var/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xenstored(/.*)? gen_context(system_u:object_r:xenstored_var_run_t,s0)
-')
/xen(/.*)? gen_context(system_u:object_r:xen_image_t,s0)
diff -u refpolicy-2.20110726/policy/modules/system/init.fc refpolicy-2.20110726/policy/modules/system/init.fc
--- refpolicy-2.20110726/policy/modules/system/init.fc
+++ refpolicy-2.20110726/policy/modules/system/init.fc
@@ -15,16 +15,6 @@
/etc/vmware/init\.d/vmware -- gen_context(system_u:object_r:initrc_exec_t,s0)
/etc/x11/startDM\.sh -- gen_context(system_u:object_r:initrc_exec_t,s0)
')
-ifdef(`distro_debian',`
-/var/run/hotkey-setup -- gen_context(system_u:object_r:initrc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hotkey-setup -- gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-/var/run/kdm/.* -- gen_context(system_u:object_r:initrc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/kdm/.* -- gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-')
#
# /dev
@@ -74,6 +64,13 @@
/var/run/random-seed -- gen_context(system_u:object_r:initrc_var_run_t,s0)
/var/run/setmixer_flag -- gen_context(system_u:object_r:initrc_var_run_t,s0)
+ifdef(`distro_debian',`
+/var/run/hotkey-setup -- gen_context(system_u:object_r:initrc_var_run_t,s0)
+/var/run/kdm/.* -- gen_context(system_u:object_r:initrc_var_run_t,s0)
+/etc/network/if-down.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
+/etc/network/if-up.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
+')
+
ifdef(`distro_gentoo', `
/var/lib/init\.d(/.*)? gen_context(system_u:object_r:initrc_state_t,s0)
/var/run/svscan\.pid -- gen_context(system_u:object_r:initrc_var_run_t,s0)
diff -u refpolicy-2.20110726/policy/modules/system/sysnetwork.fc refpolicy-2.20110726/policy/modules/system/sysnetwork.fc
--- refpolicy-2.20110726/policy/modules/system/sysnetwork.fc
+++ refpolicy-2.20110726/policy/modules/system/sysnetwork.fc
@@ -30,10 +30,6 @@
ifdef(`distro_debian', `
/dev/shm/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
-ifdef(`distro_debian', `
-/run/shm/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
-/var/run/shm/network(/.*)? gen_context(system_u:object_r:net_conf_t,s0)
-')
')
#
# /sbin
@@ -67,9 +63,6 @@
/var/lib/wifiroamd(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
/var/run/dhclient.* -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dhclient.* -- gen_context(system_u:object_r:dhcpc_var_run_t,s0)
-')
ifdef(`distro_gentoo',`
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/system/pcmcia.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/pcmcia.fc
@@ -7,10 +7,4 @@
/var/lib/pcmcia(/.*)? gen_context(system_u:object_r:cardmgr_var_run_t,s0)
/var/run/cardmgr\.pid -- gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cardmgr\.pid -- gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-')
/var/run/stab -- gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/stab -- gen_context(system_u:object_r:cardmgr_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/system/getty.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/getty.fc
@@ -7,9 +7,6 @@
/var/log/vgetty\.log\..* -- gen_context(system_u:object_r:getty_log_t,s0)
/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
-')
/var/spool/fax(/.*)? gen_context(system_u:object_r:getty_var_run_t,s0)
/var/spool/voice(/.*)? gen_context(system_u:object_r:getty_var_run_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/system/hotplug.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/hotplug.fc
@@ -8,10 +8,4 @@
/sbin/netplugd -- gen_context(system_u:object_r:hotplug_exec_t,s0)
/var/run/usb(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/usb(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
-')
/var/run/hotplug(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hotplug(/.*)? gen_context(system_u:object_r:hotplug_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/system/udev.fc refpolicy-2.20110726/policy/modules/system/udev.fc
--- refpolicy-2.20110726/policy/modules/system/udev.fc
+++ refpolicy-2.20110726/policy/modules/system/udev.fc
@@ -14,9 +14,6 @@
ifdef(`distro_debian', `
/lib/udev/create_static_nodes -- gen_context(system_u:object_r:udev_exec_t,s0)
/var/run/xen-hotplug -d gen_context(system_u:object_r:udev_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xen-hotplug -d gen_context(system_u:object_r:udev_var_run_t,s0)
-')
', `
/sbin/start_udev -- gen_context(system_u:object_r:udev_exec_t,s0)
')
reverted:
--- refpolicy-2.20110726/policy/modules/system/setrans.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/setrans.fc
@@ -3,6 +3,3 @@
/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
/var/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
-ifdef(`distro_debian', `
-/run/setrans(/.*)? gen_context(system_u:object_r:setrans_var_run_t,mls_systemhigh)
-')
diff -u refpolicy-2.20110726/policy/modules/system/raid.fc refpolicy-2.20110726/policy/modules/system/raid.fc
--- refpolicy-2.20110726/policy/modules/system/raid.fc
+++ refpolicy-2.20110726/policy/modules/system/raid.fc
@@ -2,8 +2,6 @@
+/run/mdadm/map -- gen_context(system_u:object_r:mdadm_map_t,s0)
/sbin/mdadm -- gen_context(system_u:object_r:mdadm_exec_t,s0)
/sbin/mdmpd -- gen_context(system_u:object_r:mdadm_exec_t,s0)
/var/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mdadm(/.*)? gen_context(system_u:object_r:mdadm_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/system/unconfined.fc refpolicy-2.20110726/policy/modules/system/unconfined.fc
--- refpolicy-2.20110726/policy/modules/system/unconfined.fc
+++ refpolicy-2.20110726/policy/modules/system/unconfined.fc
@@ -1,5 +1,4 @@
# Add programs here which should not be confined by SELinux
-/opt/google/chrome/chrome -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/valgrind -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
/usr/bin/vncserver -- gen_context(system_u:object_r:unconfined_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/system/iscsi.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/iscsi.fc
@@ -3,12 +3,5 @@
/var/lib/iscsi(/.*)? gen_context(system_u:object_r:iscsi_var_lib_t,s0)
/var/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
-/run/lock/iscsi(/.*)? gen_context(system_u:object_r:iscsi_lock_t,s0)
-')
/var/log/brcm-iscsi\.log -- gen_context(system_u:object_r:iscsi_log_t,s0)
/var/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/system/selinuxutil.fc
+++ refpolicy-2.20110726.orig/policy/modules/system/selinuxutil.fc
@@ -46,6 +46,3 @@
# /var/run
#
/var/run/restorecond\.pid -- gen_context(system_u:object_r:restorecond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/restorecond\.pid -- gen_context(system_u:object_r:restorecond_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/dbus.fc refpolicy-2.20110726/policy/modules/services/dbus.fc
--- refpolicy-2.20110726/policy/modules/services/dbus.fc
+++ refpolicy-2.20110726/policy/modules/services/dbus.fc
@@ -16,13 +16,7 @@
/var/lib/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_lib_t,s0)
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
-')
-ifdef(`distro_debian',`
-/usr/lib/gnome-vfs-2.0/gnome-vfs-daemon -- gen_context(system_u:object_r:bin_t,s0)
-')
ifdef(`distro_redhat',`
/var/named/chroot/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
')
diff -u refpolicy-2.20110726/policy/modules/services/fetchmail.fc refpolicy-2.20110726/policy/modules/services/fetchmail.fc
--- refpolicy-2.20110726/policy/modules/services/fetchmail.fc
+++ refpolicy-2.20110726/policy/modules/services/fetchmail.fc
@@ -17,7 +17,4 @@
/var/run/fetchmail/.* -- gen_context(system_u:object_r:fetchmail_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fetchmail/.* -- gen_context(system_u:object_r:fetchmail_var_run_t,s0)
-')
/var/mail/\.fetchmail-UIDL-cache -- gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
/var/lib/fetchmail(/.*)? gen_context(system_u:object_r:fetchmail_uidl_cache_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ftp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ftp.fc
@@ -23,9 +23,6 @@
# /var
#
/var/run/proftpd.* gen_context(system_u:object_r:ftpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/proftpd.* gen_context(system_u:object_r:ftpd_var_run_t,s0)
-')
/var/log/muddleftpd\.log.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/proftpd(/.*)? gen_context(system_u:object_r:xferlog_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ricci.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ricci.fc
@@ -12,14 +12,5 @@
/var/log/clumond\.log -- gen_context(system_u:object_r:ricci_modcluster_var_log_t,s0)
/var/run/clumond\.sock -s gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clumond\.sock -s gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-')
/var/run/modclusterd\.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/modclusterd\.pid -- gen_context(system_u:object_r:ricci_modcluster_var_run_t,s0)
-')
/var/run/ricci\.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ricci\.pid -- gen_context(system_u:object_r:ricci_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/aisexec.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/aisexec.fc
@@ -7,6 +7,3 @@
/var/log/cluster/aisexec\.log -- gen_context(system_u:object_r:aisexec_var_log_t,s0)
/var/run/aisexec\.pid -- gen_context(system_u:object_r:aisexec_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/aisexec\.pid -- gen_context(system_u:object_r:aisexec_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/dhcp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dhcp.fc
@@ -6,6 +6,3 @@
/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
/var/run/dhcpd\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dhcpd\.pid -- gen_context(system_u:object_r:dhcpd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/xserver.fc refpolicy-2.20110726/policy/modules/services/xserver.fc
--- refpolicy-2.20110726/policy/modules/services/xserver.fc
+++ refpolicy-2.20110726/policy/modules/services/xserver.fc
@@ -91,17 +91,8 @@
/var/log/Xorg.* -- gen_context(system_u:object_r:xserver_log_t,s0)
/var/run/[gx]dm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/[gx]dm\.pid -- gen_context(system_u:object_r:xdm_var_run_t,s0)
-')
/var/run/xdmctl(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xdmctl(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
-')
/var/run/xauth(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/xauth(/.*)? gen_context(system_u:object_r:xdm_var_run_t,s0)
-')
ifdef(`distro_suse',`
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/devicekit.fc refpolicy-2.20110726/policy/modules/services/devicekit.fc
--- refpolicy-2.20110726/policy/modules/services/devicekit.fc
+++ refpolicy-2.20110726/policy/modules/services/devicekit.fc
@@ -3,7 +3,6 @@
/usr/libexec/devkit-power-daemon -- gen_context(system_u:object_r:devicekit_power_exec_t,s0)
/usr/libexec/udisks-daemon -- gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
/usr/lib/udisks/udisks-daemon -- gen_context(system_u:object_r:devicekit_disk_exec_t,s0)
-/usr/lib/udisks/.* -- gen_context(system_u:object_r:bin_t,s0)
ifdef(`distro_debian',`
/usr/lib/upower/upowerd -- gen_context(system_u:object_r:devicekit_power_exec_t,s0)
', `
@@ -18,15 +17,3 @@
-ifdef(`distro_debian', `
-/run/devkit(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
/var/run/DeviceKit-disks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/DeviceKit-disks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
/var/run/udisks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/udisks(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
/var/run/upower(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/upower(/.*)? gen_context(system_u:object_r:devicekit_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/openct.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/openct.fc
@@ -8,6 +8,3 @@
# /var
#
/var/run/openct(/.*)? gen_context(system_u:object_r:openct_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/openct(/.*)? gen_context(system_u:object_r:openct_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/smartmon.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/smartmon.fc
@@ -9,7 +9,4 @@
# /var
#
/var/run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/zebra.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/zebra.fc
@@ -18,14 +18,5 @@
/var/log/zebra(/.*)? gen_context(system_u:object_r:zebra_log_t,s0)
/var/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0)
-')
/var/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0)
-')
/var/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/quagga(/.*)? gen_context(system_u:object_r:zebra_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/stunnel.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/stunnel.fc
@@ -5,6 +5,3 @@
/usr/sbin/stunnel -- gen_context(system_u:object_r:stunnel_exec_t,s0)
/var/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/clogd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/clogd.fc
@@ -1,6 +1,3 @@
/usr/sbin/clogd -- gen_context(system_u:object_r:clogd_exec_t,s0)
/var/run/clogd\.pid -- gen_context(system_u:object_r:clogd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clogd\.pid -- gen_context(system_u:object_r:clogd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/samba.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/samba.fc
@@ -37,53 +37,17 @@
/var/log/samba(/.*)? gen_context(system_u:object_r:samba_log_t,s0)
/var/run/samba/brlock\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/brlock\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
/var/run/samba/connections\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/connections\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
/var/run/samba/gencache\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/gencache\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
/var/run/samba/locking\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/locking\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
/var/run/samba/messages\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/messages\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
/var/run/samba/namelist\.debug -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/namelist\.debug -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
/var/run/samba/nmbd\.pid -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/nmbd\.pid -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
/var/run/samba/sessionid\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/sessionid\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
/var/run/samba/share_info\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/share_info\.tdb -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
/var/run/samba/smbd\.pid -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/smbd\.pid -- gen_context(system_u:object_r:smbd_var_run_t,s0)
-')
/var/run/samba/unexpected\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/samba/unexpected\.tdb -- gen_context(system_u:object_r:nmbd_var_run_t,s0)
-')
/var/run/winbindd(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/winbindd(/.*)? gen_context(system_u:object_r:winbind_var_run_t,s0)
-')
/var/spool/samba(/.*)? gen_context(system_u:object_r:samba_var_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/corosync.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/corosync.fc
@@ -9,10 +9,4 @@
/var/log/cluster/corosync\.log -- gen_context(system_u:object_r:corosync_var_log_t,s0)
/var/run/cman_.* -s gen_context(system_u:object_r:corosync_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cman_.* -s gen_context(system_u:object_r:corosync_var_run_t,s0)
-')
/var/run/corosync\.pid -- gen_context(system_u:object_r:corosync_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/corosync\.pid -- gen_context(system_u:object_r:corosync_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/soundserver.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/soundserver.fc
@@ -8,12 +8,6 @@
/usr/sbin/yiff -- gen_context(system_u:object_r:soundd_exec_t,s0)
/var/run/nasd(/.*)? gen_context(system_u:object_r:soundd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nasd(/.*)? gen_context(system_u:object_r:soundd_var_run_t,s0)
-')
/var/run/yiff-[0-9]+\.pid -- gen_context(system_u:object_r:soundd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/yiff-[0-9]+\.pid -- gen_context(system_u:object_r:soundd_var_run_t,s0)
-')
/var/state/yiff(/.*)? gen_context(system_u:object_r:soundd_state_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/asterisk.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/asterisk.fc
@@ -6,7 +6,4 @@
/var/lib/asterisk(/.*)? gen_context(system_u:object_r:asterisk_var_lib_t,s0)
/var/log/asterisk(/.*)? gen_context(system_u:object_r:asterisk_log_t,s0)
/var/run/asterisk(/.*)? gen_context(system_u:object_r:asterisk_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/asterisk(/.*)? gen_context(system_u:object_r:asterisk_var_run_t,s0)
-')
/var/spool/asterisk(/.*)? gen_context(system_u:object_r:asterisk_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ssh.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ssh.fc
@@ -14,6 +14,3 @@
/usr/sbin/sshd -- gen_context(system_u:object_r:sshd_exec_t,s0)
/var/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sshd\.init\.pid -- gen_context(system_u:object_r:sshd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/portmap.fc refpolicy-2.20110726/policy/modules/services/portmap.fc
--- refpolicy-2.20110726/policy/modules/services/portmap.fc
+++ refpolicy-2.20110726/policy/modules/services/portmap.fc
@@ -8,12 +8,6 @@
-ifdef(`distro_debian', `
-/run/portmap_mapping -- gen_context(system_u:object_r:portmap_var_run_t,s0)
-')
', `
/usr/sbin/pmap_dump -- gen_context(system_u:object_r:portmap_helper_exec_t,s0)
/usr/sbin/pmap_set -- gen_context(system_u:object_r:portmap_helper_exec_t,s0)
')
/var/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/portmap\.upgrade-state -- gen_context(system_u:object_r:portmap_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/tor.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/tor.fc
@@ -10,6 +10,3 @@
/var/log/tor(/.*)? gen_context(system_u:object_r:tor_var_log_t,s0)
/var/run/tor(/.*)? gen_context(system_u:object_r:tor_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tor(/.*)? gen_context(system_u:object_r:tor_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/apache.fc refpolicy-2.20110726/policy/modules/services/apache.fc
--- refpolicy-2.20110726/policy/modules/services/apache.fc
+++ refpolicy-2.20110726/policy/modules/services/apache.fc
@@ -98,29 +98,11 @@
')
/var/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/apache.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
/var/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gcache_port -s gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
/var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
/var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
/var/run/mod_.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mod_.* gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
/var/run/wsgi.* -s gen_context(system_u:object_r:httpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wsgi.* -s gen_context(system_u:object_r:httpd_var_run_t,s0)
-')
/var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)
/var/spool/squirrelmail(/.*)? gen_context(system_u:object_r:squirrelmail_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/avahi.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/avahi.fc
@@ -5,8 +5,5 @@
/usr/sbin/avahi-autoipd -- gen_context(system_u:object_r:avahi_exec_t,s0)
/var/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0)
-')
/var/lib/avahi-autoipd(/.*)? gen_context(system_u:object_r:avahi_var_lib_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/munin.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/munin.fc
@@ -65,8 +65,5 @@
/var/lib/munin(/.*)? gen_context(system_u:object_r:munin_var_lib_t,s0)
/var/log/munin.* gen_context(system_u:object_r:munin_log_t,s0)
/var/run/munin(/.*)? gen_context(system_u:object_r:munin_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/munin(/.*)? gen_context(system_u:object_r:munin_var_run_t,s0)
-')
/var/www/html/munin(/.*)? gen_context(system_u:object_r:httpd_munin_content_t,s0)
/var/www/html/munin/cgi(/.*)? gen_context(system_u:object_r:httpd_munin_script_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/fail2ban.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/fail2ban.fc
@@ -6,6 +6,3 @@
/var/lib/fail2ban(/.*)? gen_context(system_u:object_r:fail2ban_var_lib_t,s0)
/var/log/fail2ban\.log -- gen_context(system_u:object_r:fail2ban_log_t,s0)
/var/run/fail2ban.* gen_context(system_u:object_r:fail2ban_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fail2ban.* gen_context(system_u:object_r:fail2ban_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/inn.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/inn.fc
@@ -62,12 +62,6 @@
/var/log/news(/.*)? gen_context(system_u:object_r:innd_log_t,s0)
/var/run/innd(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/innd(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
-')
/var/run/news(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/news(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
-')
/var/spool/news(/.*)? gen_context(system_u:object_r:news_spool_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/dcc.fc refpolicy-2.20110726/policy/modules/services/dcc.fc
--- refpolicy-2.20110726/policy/modules/services/dcc.fc
+++ refpolicy-2.20110726/policy/modules/services/dcc.fc
@@ -30,11 +30,2 @@
-ifdef(`distro_debian', `
-/run/dcc(/.*)? gen_context(system_u:object_r:dcc_var_run_t,s0)
-')
/var/run/dcc/map -- gen_context(system_u:object_r:dcc_client_map_t,s0)
-ifdef(`distro_debian', `
-/run/dcc/map -- gen_context(system_u:object_r:dcc_client_map_t,s0)
-')
/var/run/dcc/dccifd -s gen_context(system_u:object_r:dccifd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dcc/dccifd -s gen_context(system_u:object_r:dccifd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/mysql.fc refpolicy-2.20110726/policy/modules/services/mysql.fc
--- refpolicy-2.20110726/policy/modules/services/mysql.fc
+++ refpolicy-2.20110726/policy/modules/services/mysql.fc
@@ -32,7 +32 @@
-ifdef(`distro_debian', `
-/run/mysqld(/.*)? gen_context(system_u:object_r:mysqld_var_run_t,s0)
-')
/var/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/mysqld/mysqlmanager.* -- gen_context(system_u:object_r:mysqlmanagerd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ntp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ntp.fc
@@ -20,6 +20,3 @@
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
/var/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ntpd\.pid -- gen_context(system_u:object_r:ntpd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/spamassassin.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/spamassassin.fc
@@ -10,9 +10,6 @@
/var/lib/spamassassin(/.*)? gen_context(system_u:object_r:spamd_var_lib_t,s0)
/var/run/spamassassin(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/spamassassin(/.*)? gen_context(system_u:object_r:spamd_var_run_t,s0)
-')
/var/spool/spamassassin(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
/var/spool/spamd(/.*)? gen_context(system_u:object_r:spamd_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/exim.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/exim.fc
@@ -1,14 +1,8 @@
/usr/sbin/exim[0-9]? -- gen_context(system_u:object_r:exim_exec_t,s0)
/var/log/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_log_t,s0)
/var/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/exim[0-9]?\.pid -- gen_context(system_u:object_r:exim_var_run_t,s0)
-')
/var/spool/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_spool_t,s0)
ifdef(`distro_debian',`
/var/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/exim[0-9]?(/.*)? gen_context(system_u:object_r:exim_var_run_t,s0)
-')
')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ldap.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ldap.fc
@@ -5,25 +5,13 @@
/usr/sbin/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
ifdef(`distro_debian',`
+/usr/lib/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
-/usr/lib/slapd -- gen_context(system_u:object_r:slapd_exec_t,s0)
')
/var/lib/ldap(/.*)? gen_context(system_u:object_r:slapd_db_t,s0)
/var/lib/ldap/replog(/.*)? gen_context(system_u:object_r:slapd_replog_t,s0)
/var/run/ldapi -s gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ldapi -s gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
/var/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
/var/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/slapd\.pid -- gen_context(system_u:object_r:slapd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ntop.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ntop.fc
@@ -4,6 +4,3 @@
/var/lib/ntop(/.*)? gen_context(system_u:object_r:ntop_var_lib_t,s0)
/var/run/ntop\.pid -- gen_context(system_u:object_r:ntop_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ntop\.pid -- gen_context(system_u:object_r:ntop_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/mailman.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/mailman.fc
@@ -4,15 +4,8 @@
/var/lib/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
/var/lib/mailman/archives(/.*)? gen_context(system_u:object_r:mailman_archive_t,s0)
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
-/run/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
-')
/var/log/mailman(/.*)? gen_context(system_u:object_r:mailman_log_t,s0)
/var/run/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
-ifdef(`distro_debian', `
-/run/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
-')
#
# distro_debian
reverted:
--- refpolicy-2.20110726/policy/modules/services/nsd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nsd.fc
@@ -12,6 +12,3 @@
/var/lib/nsd(/.*)? gen_context(system_u:object_r:nsd_zone_t,s0)
/var/lib/nsd/nsd\.db -- gen_context(system_u:object_r:nsd_db_t,s0)
/var/run/nsd\.pid -- gen_context(system_u:object_r:nsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nsd\.pid -- gen_context(system_u:object_r:nsd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/uucp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/uucp.fc
@@ -7,9 +7,5 @@
/var/spool/uucppublic(/.*)? gen_context(system_u:object_r:uucpd_spool_t,s0)
/var/lock/uucp(/.*)? gen_context(system_u:object_r:uucpd_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/uucp(/.*)? gen_context(system_u:object_r:uucpd_lock_t,s0)
-/run/lock/uucp(/.*)? gen_context(system_u:object_r:uucpd_lock_t,s0)
-')
/var/log/uucp(/.*)? gen_context(system_u:object_r:uucpd_log_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/apm.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/apm.fc
@@ -14,21 +14,9 @@
/var/log/acpid.* -- gen_context(system_u:object_r:apmd_log_t,s0)
/var/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.?acpid\.socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
/var/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/apmd\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
/var/run/powersaved\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/powersaved\.pid -- gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
/var/run/powersave_socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/powersave_socket -s gen_context(system_u:object_r:apmd_var_run_t,s0)
-')
ifdef(`distro_suse',`
/var/lib/acpi(/.*)? gen_context(system_u:object_r:apmd_var_lib_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/policykit.fc refpolicy-2.20110726/policy/modules/services/policykit.fc
--- refpolicy-2.20110726/policy/modules/services/policykit.fc
+++ refpolicy-2.20110726/policy/modules/services/policykit.fc
@@ -16,5 +16,2 @@
/var/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/PolicyKit(/.*)? gen_context(system_u:object_r:policykit_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/canna.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/canna.fc
@@ -19,14 +19,5 @@
/var/log/wnn(/.*)? gen_context(system_u:object_r:canna_log_t,s0)
/var/run/\.iroha_unix -d gen_context(system_u:object_r:canna_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.iroha_unix -d gen_context(system_u:object_r:canna_var_run_t,s0)
-')
/var/run/\.iroha_unix/.* -s gen_context(system_u:object_r:canna_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.iroha_unix/.* -s gen_context(system_u:object_r:canna_var_run_t,s0)
-')
/var/run/wnn-unix(/.*) gen_context(system_u:object_r:canna_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wnn-unix(/.*) gen_context(system_u:object_r:canna_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/psad.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/psad.fc
@@ -6,6 +6,3 @@
/var/lib/psad(/.*)? gen_context(system_u:object_r:psad_var_lib_t,s0)
/var/log/psad(/.*)? gen_context(system_u:object_r:psad_var_log_t,s0)
/var/run/psad(/.*)? gen_context(system_u:object_r:psad_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/psad(/.*)? gen_context(system_u:object_r:psad_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/snort.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/snort.fc
@@ -7,6 +7,3 @@
/var/log/snort(/.*)? gen_context(system_u:object_r:snort_log_t,s0)
/var/run/snort.* -- gen_context(system_u:object_r:snort_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/snort.* -- gen_context(system_u:object_r:snort_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/transproxy.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/transproxy.fc
@@ -1,6 +1,3 @@
/usr/sbin/tproxy -- gen_context(system_u:object_r:transproxy_exec_t,s0)
/var/run/tproxy\.pid -- gen_context(system_u:object_r:transproxy_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tproxy\.pid -- gen_context(system_u:object_r:transproxy_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pxe.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pxe.fc
@@ -4,6 +4,3 @@
/var/log/pxe\.log -- gen_context(system_u:object_r:pxe_log_t,s0)
/var/run/pxe\.pid -- gen_context(system_u:object_r:pxe_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pxe\.pid -- gen_context(system_u:object_r:pxe_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/snmp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/snmp.fc
@@ -21,10 +21,4 @@
/var/net-snmp(/.*) gen_context(system_u:object_r:snmpd_var_lib_t,s0)
/var/run/snmpd(/.*)? gen_context(system_u:object_r:snmpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/snmpd(/.*)? gen_context(system_u:object_r:snmpd_var_run_t,s0)
-')
/var/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/snmpd\.pid -- gen_context(system_u:object_r:snmpd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ccs.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ccs.fc
@@ -3,10 +3,4 @@
/sbin/ccsd -- gen_context(system_u:object_r:ccs_exec_t,s0)
/var/run/cluster/ccsd\.pid -- gen_context(system_u:object_r:ccs_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/ccsd\.pid -- gen_context(system_u:object_r:ccs_var_run_t,s0)
-')
/var/run/cluster/ccsd\.sock -s gen_context(system_u:object_r:ccs_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/ccsd\.sock -s gen_context(system_u:object_r:ccs_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/cron.fc refpolicy-2.20110726/policy/modules/services/cron.fc
--- refpolicy-2.20110726/policy/modules/services/cron.fc
+++ refpolicy-2.20110726/policy/modules/services/cron.fc
@@ -13,29 +13,11 @@
/usr/sbin/fcron -- gen_context(system_u:object_r:crond_exec_t,s0)
/var/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/anacron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-')
/var/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/atd\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-')
/var/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/crond?\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-')
/var/run/crond\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/crond\.reboot -- gen_context(system_u:object_r:crond_var_run_t,s0)
-')
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
-')
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
-')
ifdef(`distro_debian', `
/var/spool/cron/atspool -d gen_context(system_u:object_r:cron_spool_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/milter.te refpolicy-2.20110726/policy/modules/services/milter.te
--- refpolicy-2.20110726/policy/modules/services/milter.te
+++ refpolicy-2.20110726/policy/modules/services/milter.te
@@ -100,0 +101,4 @@
+
+optional_policy(`
+ postfix_search_spool(spamass_milter_t)
+')
reverted:
--- refpolicy-2.20110726/policy/modules/services/i18n_input.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/i18n_input.fc
@@ -17,6 +17,3 @@
#
/var/run/iiim(/.*)? gen_context(system_u:object_r:i18n_input_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/iiim(/.*)? gen_context(system_u:object_r:i18n_input_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/memcached.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/memcached.fc
@@ -3,6 +3,3 @@
/usr/bin/memcached -- gen_context(system_u:object_r:memcached_exec_t,s0)
/var/run/memcached(/.*)? gen_context(system_u:object_r:memcached_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/memcached(/.*)? gen_context(system_u:object_r:memcached_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pads.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pads.fc
@@ -8,6 +8,3 @@
/usr/bin/pads -- gen_context(system_u:object_r:pads_exec_t, s0)
/var/run/pads.pid -- gen_context(system_u:object_r:pads_var_run_t, s0)
-ifdef(`distro_debian', `
-/run/pads.pid -- gen_context(system_u:object_r:pads_var_run_t, s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/nscd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nscd.fc
@@ -8,15 +8,6 @@
/var/log/nscd\.log.* -- gen_context(system_u:object_r:nscd_log_t,s0)
/var/run/nscd\.pid -- gen_context(system_u:object_r:nscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nscd\.pid -- gen_context(system_u:object_r:nscd_var_run_t,s0)
-')
/var/run/\.nscd_socket -s gen_context(system_u:object_r:nscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.nscd_socket -s gen_context(system_u:object_r:nscd_var_run_t,s0)
-')
/var/run/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nscd(/.*)? gen_context(system_u:object_r:nscd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/postfix.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postfix.fc
@@ -29,8 +29,6 @@
/usr/lib(64)?/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
/usr/lib(64)?/postfix/pipe -- gen_context(system_u:object_r:postfix_pipe_exec_t,s0)
/usr/lib(64)?/postfix/virtual -- gen_context(system_u:object_r:postfix_virtual_exec_t,s0)
-/etc/network/if-down.d/postfix -- gen_context(system_u:object_r:initrc_exec_t,s0)
-/etc/network/if-up.d/postfix -- gen_context(system_u:object_r:initrc_exec_t,s0)
')
/etc/postfix/postfix-script.* -- gen_context(system_u:object_r:postfix_exec_t,s0)
/etc/postfix/prng_exch -- gen_context(system_u:object_r:postfix_prng_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/dante.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dante.fc
@@ -4,6 +4,3 @@
/usr/sbin/sockd -- gen_context(system_u:object_r:dante_exec_t,s0)
/var/run/sockd\.pid -- gen_context(system_u:object_r:dante_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sockd\.pid -- gen_context(system_u:object_r:dante_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/openvpn.fc refpolicy-2.20110726/policy/modules/services/openvpn.fc
--- refpolicy-2.20110726/policy/modules/services/openvpn.fc
+++ refpolicy-2.20110726/policy/modules/services/openvpn.fc
@@ -18,7 +18 @@
-ifdef(`distro_debian', `
-/run/openvpn(/.*)? gen_context(system_u:object_r:openvpn_var_run_t,s0)
-')
/var/run/openvpn.client.* -- gen_context(system_u:object_r:openvpn_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/openvpn.client.* -- gen_context(system_u:object_r:openvpn_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/fetchmail.te refpolicy-2.20110726/policy/modules/services/fetchmail.te
--- refpolicy-2.20110726/policy/modules/services/fetchmail.te
+++ refpolicy-2.20110726/policy/modules/services/fetchmail.te
@@ -38,13 +38,16 @@
allow fetchmail_t self:udp_socket create_socket_perms;
allow fetchmail_t fetchmail_etc_t:file read_file_perms;
+files_read_usr_files(fetchmail_t)
+allow fetchmail_t fetchmail_uidl_cache_t:dir manage_dir_perms;
allow fetchmail_t fetchmail_uidl_cache_t:file manage_file_perms;
mta_spool_filetrans(fetchmail_t, fetchmail_uidl_cache_t, file)
manage_dirs_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
manage_files_pattern(fetchmail_t, fetchmail_var_run_t, fetchmail_var_run_t)
files_pid_filetrans(fetchmail_t, fetchmail_var_run_t, { dir file })
+files_search_var_lib(fetchmail_t)
kernel_read_kernel_sysctls(fetchmail_t)
kernel_list_proc(fetchmail_t)
reverted:
--- refpolicy-2.20110726/policy/modules/services/lircd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/lircd.fc
@@ -6,14 +6,5 @@
/usr/sbin/lircd -- gen_context(system_u:object_r:lircd_exec_t,s0)
/var/run/lirc(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lirc(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0)
-')
/var/run/lircd(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lircd(/.*)? gen_context(system_u:object_r:lircd_var_run_t,s0)
-')
/var/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lircd\.pid gen_context(system_u:object_r:lircd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/puppet.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/puppet.fc
@@ -9,6 +9,3 @@
/var/lib/puppet(/.*)? gen_context(system_u:object_r:puppet_var_lib_t,s0)
/var/log/puppet(/.*)? gen_context(system_u:object_r:puppet_log_t,s0)
/var/run/puppet(/.*)? gen_context(system_u:object_r:puppet_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/puppet(/.*)? gen_context(system_u:object_r:puppet_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rsync.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rsync.fc
@@ -5,6 +5,3 @@
/var/log/rsync\.log -- gen_context(system_u:object_r:rsync_log_t,s0)
/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/tuned.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/tuned.fc
@@ -6,6 +6,3 @@
/var/log/tuned\.log -- gen_context(system_u:object_r:tuned_log_t,s0)
/var/run/tuned\.pid -- gen_context(system_u:object_r:tuned_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tuned\.pid -- gen_context(system_u:object_r:tuned_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rhcs.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rhcs.fc
@@ -6,10 +6,6 @@
/usr/sbin/qdiskd -- gen_context(system_u:object_r:qdiskd_exec_t,s0)
/var/lock/fence_manual\.lock -- gen_context(system_u:object_r:fenced_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/fence_manual\.lock -- gen_context(system_u:object_r:fenced_lock_t,s0)
-/run/lock/fence_manual\.lock -- gen_context(system_u:object_r:fenced_lock_t,s0)
-')
/var/lib/qdiskd(/.*)? gen_context(system_u:object_r:qdiskd_var_lib_t,s0)
@@ -19,26 +15,8 @@
/var/log/cluster/qdiskd\.log.* -- gen_context(system_u:object_r:qdiskd_var_log_t,s0)
/var/run/cluster/fenced_override -- gen_context(system_u:object_r:fenced_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/fenced_override -- gen_context(system_u:object_r:fenced_var_run_t,s0)
-')
/var/run/dlm_controld\.pid -- gen_context(system_u:object_r:dlm_controld_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dlm_controld\.pid -- gen_context(system_u:object_r:dlm_controld_var_run_t,s0)
-')
/var/run/fenced\.pid -- gen_context(system_u:object_r:fenced_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/fenced\.pid -- gen_context(system_u:object_r:fenced_var_run_t,s0)
-')
/var/run/gfs_controld\.pid -- gen_context(system_u:object_r:gfs_controld_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gfs_controld\.pid -- gen_context(system_u:object_r:gfs_controld_var_run_t,s0)
-')
/var/run/groupd\.pid -- gen_context(system_u:object_r:groupd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/groupd\.pid -- gen_context(system_u:object_r:groupd_var_run_t,s0)
-')
/var/run/qdiskd\.pid -- gen_context(system_u:object_r:qdiskd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/qdiskd\.pid -- gen_context(system_u:object_r:qdiskd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ifplugd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ifplugd.fc
@@ -5,6 +5,3 @@
/usr/sbin/ifplugd -- gen_context(system_u:object_r:ifplugd_exec_t,s0)
/var/run/ifplugd.* gen_context(system_u:object_r:ifplugd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ifplugd.* gen_context(system_u:object_r:ifplugd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/cpucontrol.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/cpucontrol.fc
@@ -8,6 +8,3 @@
/usr/sbin/powernowd -- gen_context(system_u:object_r:cpuspeed_exec_t,s0)
/var/run/cpufreqd\.pid -- gen_context(system_u:object_r:cpuspeed_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cpufreqd\.pid -- gen_context(system_u:object_r:cpuspeed_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pyicqt.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pyicqt.fc
@@ -3,8 +3,5 @@
/usr/share/pyicq-t/PyICQt\.py -- gen_context(system_u:object_r:pyicqt_exec_t,s0)
/var/run/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_var_run_t,s0)
-')
/var/spool/pyicq-t(/.*)? gen_context(system_u:object_r:pyicqt_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ddclient.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ddclient.fc
@@ -9,10 +9,4 @@
/var/lib/ddt-client(/.*)? gen_context(system_u:object_r:ddclient_var_lib_t,s0)
/var/log/ddtcd\.log.* -- gen_context(system_u:object_r:ddclient_log_t,s0)
/var/run/ddclient\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ddclient\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0)
-')
/var/run/ddtcd\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ddtcd\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/ppp.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ppp.fc
@@ -29,22 +29,10 @@
# /var
#
/var/run/(i)?ppp.*pid[^/]* -- gen_context(system_u:object_r:pppd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/(i)?ppp.*pid[^/]* -- gen_context(system_u:object_r:pppd_var_run_t,s0)
-')
/var/run/pppd[0-9]*\.tdb -- gen_context(system_u:object_r:pppd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pppd[0-9]*\.tdb -- gen_context(system_u:object_r:pppd_var_run_t,s0)
-')
/var/run/ppp(/.*)? gen_context(system_u:object_r:pppd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ppp(/.*)? gen_context(system_u:object_r:pppd_var_run_t,s0)
-')
# Fix pptp sockets
/var/run/pptp(/.*)? gen_context(system_u:object_r:pptp_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pptp(/.*)? gen_context(system_u:object_r:pptp_var_run_t,s0)
-')
/var/log/ppp-connect-errors.* -- gen_context(system_u:object_r:pppd_log_t,s0)
/var/log/ppp/.* -- gen_context(system_u:object_r:pppd_log_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ircd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ircd.fc
@@ -5,6 +5,3 @@
/var/lib/dancer-ircd(/.*)? gen_context(system_u:object_r:ircd_var_lib_t,s0)
/var/log/(dancer-)?ircd(/.*)? gen_context(system_u:object_r:ircd_log_t,s0)
/var/run/dancer-ircd(/.*)? gen_context(system_u:object_r:ircd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dancer-ircd(/.*)? gen_context(system_u:object_r:ircd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rpcbind.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rpcbind.fc
@@ -5,14 +5,5 @@
/var/lib/rpcbind(/.*)? gen_context(system_u:object_r:rpcbind_var_lib_t,s0)
/var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-')
/var/run/rpcbind\.lock -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpcbind\.lock -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-')
/var/run/rpcbind\.sock -s gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpcbind\.sock -s gen_context(system_u:object_r:rpcbind_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/varnishd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/varnishd.fc
@@ -14,14 +14,5 @@
/var/log/varnish(/.*)? gen_context(system_u:object_r:varnishlog_log_t,s0)
/var/run/varnish\.pid -- gen_context(system_u:object_r:varnishd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/varnish\.pid -- gen_context(system_u:object_r:varnishd_var_run_t,s0)
-')
/var/run/varnishlog\.pid -- gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/varnishlog\.pid -- gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-')
/var/run/varnishncsa\.pid -- gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/varnishncsa\.pid -- gen_context(system_u:object_r:varnishlog_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/hal.fc refpolicy-2.20110726/policy/modules/services/hal.fc
--- refpolicy-2.20110726/policy/modules/services/hal.fc
+++ refpolicy-2.20110726/policy/modules/services/hal.fc
@@ -22,29 +22,11 @@
/var/log/pm-.*\.log.* gen_context(system_u:object_r:hald_log_t,s0)
/var/run/hald(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hald(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
-')
/var/run/haldaemon\.pid -- gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/haldaemon\.pid -- gen_context(system_u:object_r:hald_var_run_t,s0)
-')
/var/run/pm(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pm(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
-')
/var/run/pm-utils(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pm-utils(/.*)? gen_context(system_u:object_r:hald_var_run_t,s0)
-')
/var/run/synce.* gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/synce.* gen_context(system_u:object_r:hald_var_run_t,s0)
-')
/var/run/vbe.* -- gen_context(system_u:object_r:hald_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/vbe.* -- gen_context(system_u:object_r:hald_var_run_t,s0)
-')
ifdef(`distro_gentoo',`
/var/lib/cache/hald(/.*)? gen_context(system_u:object_r:hald_cache_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/nut.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nut.fc
@@ -6,9 +6,6 @@
/usr/sbin/upsmon -- gen_context(system_u:object_r:nut_upsmon_exec_t,s0)
/var/run/nut(/.*)? gen_context(system_u:object_r:nut_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nut(/.*)? gen_context(system_u:object_r:nut_var_run_t,s0)
-')
/var/www/nut-cgi-bin/upsimage\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
/var/www/nut-cgi-bin/upsset\.cgi -- gen_context(system_u:object_r:httpd_nutups_cgi_script_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/vhostmd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/vhostmd.fc
@@ -3,6 +3,3 @@
/usr/sbin/vhostmd -- gen_context(system_u:object_r:vhostmd_exec_t,s0)
/var/run/vhostmd.pid -- gen_context(system_u:object_r:vhostmd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/vhostmd.pid -- gen_context(system_u:object_r:vhostmd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/sssd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/sssd.fc
@@ -9,6 +9,3 @@
/var/log/sssd(/.*)? gen_context(system_u:object_r:sssd_var_log_t,s0)
/var/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sssd.pid -- gen_context(system_u:object_r:sssd_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/nagios.fc refpolicy-2.20110726/policy/modules/services/nagios.fc
--- refpolicy-2.20110726/policy/modules/services/nagios.fc
+++ refpolicy-2.20110726/policy/modules/services/nagios.fc
@@ -1,5 +1,5 @@
/etc/nagios(/.*)? gen_context(system_u:object_r:nagios_etc_t,s0)
-/etc/nagios/nrpe\.* -- gen_context(system_u:object_r:nrpe_etc_t,s0)
+/etc/nagios/nrpe\.cfg -- gen_context(system_u:object_r:nrpe_etc_t,s0)
ifndef(`distro_debian', `
/etc/rc\.d/init\.d/nagios -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0)
/etc/rc\.d/init\.d/nrpe -- gen_context(system_u:object_r:nagios_initrc_exec_t,s0)
@@ -15,9 +15,6 @@
/var/log/netsaint(/.*)? gen_context(system_u:object_r:nagios_log_t,s0)
/var/run/nagios.* gen_context(system_u:object_r:nagios_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nagios.* gen_context(system_u:object_r:nagios_var_run_t,s0)
-')
/var/spool/nagios(/.*)? gen_context(system_u:object_r:nagios_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/dkim.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dkim.fc
@@ -5,14 +5,5 @@
/var/db/dkim(/.*)? gen_context(system_u:object_r:dkim_milter_private_key_t,s0)
/var/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/dkim-filter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
-')
/var/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/dkim-milter(/.*)? gen_context(system_u:object_r:dkim_milter_data_t,s0)
-')
/var/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/dkim-milter\.pid -- gen_context(system_u:object_r:dkim_milter_data_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/watchdog.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/watchdog.fc
@@ -3,6 +3,3 @@
/var/log/watchdog(/.*)? gen_context(system_u:object_r:watchdog_log_t,s0)
/var/run/watchdog\.pid -- gen_context(system_u:object_r:watchdog_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/watchdog\.pid -- gen_context(system_u:object_r:watchdog_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/postfixpolicyd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postfixpolicyd.fc
@@ -4,6 +4,3 @@
/usr/sbin/policyd -- gen_context(system_u:object_r:postfix_policyd_exec_t, s0)
/var/run/policyd\.pid -- gen_context(system_u:object_r:postfix_policyd_var_run_t, s0)
-ifdef(`distro_debian', `
-/run/policyd\.pid -- gen_context(system_u:object_r:postfix_policyd_var_run_t, s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/lpd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/lpd.fc
@@ -35,6 +35,3 @@
/var/spool/cups-pdf(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh)
/var/spool/lpd(/.*)? gen_context(system_u:object_r:print_spool_t,s0)
/var/run/lprng(/.*)? gen_context(system_u:object_r:lpd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lprng(/.*)? gen_context(system_u:object_r:lpd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/denyhosts.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/denyhosts.fc
@@ -4,8 +4,4 @@
/var/lib/denyhosts(/.*)? gen_context(system_u:object_r:denyhosts_var_lib_t,s0)
/var/lock/subsys/denyhosts -- gen_context(system_u:object_r:denyhosts_var_lock_t,s0)
-ifdef(`distro_debian', `
-/var/run/lock/subsys/denyhosts -- gen_context(system_u:object_r:denyhosts_var_lock_t,s0)
-/run/lock/subsys/denyhosts -- gen_context(system_u:object_r:denyhosts_var_lock_t,s0)
-')
/var/log/denyhosts(/.*)? gen_context(system_u:object_r:denyhosts_var_log_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/icecast.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/icecast.fc
@@ -5,6 +5,3 @@
/var/log/icecast(/.*)? gen_context(system_u:object_r:icecast_log_t,s0)
/var/run/icecast(/.*)? gen_context(system_u:object_r:icecast_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/icecast(/.*)? gen_context(system_u:object_r:icecast_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/networkmanager.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/networkmanager.fc
@@ -20,22 +20,7 @@
/var/log/wpa_supplicant.* -- gen_context(system_u:object_r:NetworkManager_log_t,s0)
/var/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/NetworkManager\.pid -- gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
/var/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/NetworkManager(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
/var/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wpa_supplicant(/.*)? gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
/var/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/wpa_supplicant-global -s gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/sasl.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/sasl.fc
@@ -10,6 +10,3 @@
#
/var/lib/sasl2(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0)
/var/run/saslauthd(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/saslauthd(/.*)? gen_context(system_u:object_r:saslauthd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/smokeping.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/smokeping.fc
@@ -7,6 +7,3 @@
/var/lib/smokeping(/.*)? gen_context(system_u:object_r:smokeping_var_lib_t,s0)
/var/run/smokeping(/.*)? gen_context(system_u:object_r:smokeping_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/smokeping(/.*)? gen_context(system_u:object_r:smokeping_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/radvd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/radvd.fc
@@ -4,10 +4,4 @@
/usr/sbin/radvd -- gen_context(system_u:object_r:radvd_exec_t,s0)
/var/run/radvd\.pid -- gen_context(system_u:object_r:radvd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radvd\.pid -- gen_context(system_u:object_r:radvd_var_run_t,s0)
-')
/var/run/radvd(/.*)? gen_context(system_u:object_r:radvd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radvd(/.*)? gen_context(system_u:object_r:radvd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/howl.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/howl.fc
@@ -3,6 +3,3 @@
/usr/bin/nifd -- gen_context(system_u:object_r:howl_exec_t,s0)
/var/run/nifd\.pid -- gen_context(system_u:object_r:howl_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nifd\.pid -- gen_context(system_u:object_r:howl_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/dovecot.fc refpolicy-2.20110726/policy/modules/services/dovecot.fc
--- refpolicy-2.20110726/policy/modules/services/dovecot.fc
+++ refpolicy-2.20110726/policy/modules/services/dovecot.fc
@@ -25,7 +25,6 @@
ifdef(`distro_debian', `
/usr/lib/dovecot/dovecot-auth -- gen_context(system_u:object_r:dovecot_auth_exec_t,s0)
-/usr/lib/dovecot/.+ -- gen_context(system_u:object_r:bin_t,s0)
')
ifdef(`distro_redhat', `
@@ -39,15 +38,9 @@
# /var
#
/var/run/dovecot(-login)?(/.*)? gen_context(system_u:object_r:dovecot_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dovecot(-login)?(/.*)? gen_context(system_u:object_r:dovecot_var_run_t,s0)
-')
ifdef(`distro_redhat', `
# this is a hard link to /var/lib/dovecot/ssl-parameters.dat
/var/run/dovecot/login/ssl-parameters.dat gen_context(system_u:object_r:dovecot_var_lib_t,s0)
-ifdef(`distro_debian', `
-/run/dovecot/login/ssl-parameters.dat gen_context(system_u:object_r:dovecot_var_lib_t,s0)
-')
')
/var/lib/dovecot(/.*)? gen_context(system_u:object_r:dovecot_var_lib_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/amavis.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/amavis.fc
@@ -3,21 +3,16 @@
/etc/amavisd(/.*)? gen_context(system_u:object_r:amavis_etc_t,s0)
/etc/rc\.d/init\.d/amavis -- gen_context(system_u:object_r:amavis_initrc_exec_t,s0)
-ifdef(`strict_policy',`
/usr/sbin/amavisd.* -- gen_context(system_u:object_r:amavis_exec_t,s0)
/usr/lib(64)?/AntiVir/antivir -- gen_context(system_u:object_r:amavis_exec_t,s0)
-')
ifdef(`distro_debian',`
+/usr/sbin/amavisd-new-cronjob -- gen_context(system_u:object_r:amavis_exec_t,s0)
-/usr/sbin/amavisd-new-cronjob -- gen_context(system_u:object_r:amavis_exec_t,s0)
')
/var/amavis(/.*)? gen_context(system_u:object_r:amavis_var_lib_t,s0)
/var/lib/amavis(/.*)? gen_context(system_u:object_r:amavis_var_lib_t,s0)
/var/log/amavisd\.log -- gen_context(system_u:object_r:amavis_var_log_t,s0)
/var/run/amavis(d)?(/.*)? gen_context(system_u:object_r:amavis_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/amavis(d)?(/.*)? gen_context(system_u:object_r:amavis_var_run_t,s0)
-')
/var/spool/amavisd(/.*)? gen_context(system_u:object_r:amavis_spool_t,s0)
/var/virusmails(/.*)? gen_context(system_u:object_r:amavis_quarantine_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/cyphesis.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/cyphesis.fc
@@ -3,6 +3,3 @@
/var/log/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_log_t,s0)
/var/run/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/dictd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dictd.fc
@@ -7,6 +7,3 @@
/var/lib/dictd(/.*)? gen_context(system_u:object_r:dictd_var_lib_t,s0)
/var/run/dictd\.pid -- gen_context(system_u:object_r:dictd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dictd\.pid -- gen_context(system_u:object_r:dictd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/gatekeeper.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/gatekeeper.fc
@@ -5,10 +5,4 @@
/var/log/gnugk(/.*)? gen_context(system_u:object_r:gatekeeper_log_t,s0)
/var/run/gk\.pid -- gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gk\.pid -- gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-')
/var/run/gnugk(/.*)? gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gnugk(/.*)? gen_context(system_u:object_r:gatekeeper_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/nis.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nis.fc
@@ -16,18 +16,6 @@
/var/yp(/.*)? gen_context(system_u:object_r:var_yp_t,s0)
/var/run/ypxfrd.* -- gen_context(system_u:object_r:ypxfr_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ypxfrd.* -- gen_context(system_u:object_r:ypxfr_var_run_t,s0)
-')
/var/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ypbind.* -- gen_context(system_u:object_r:ypbind_var_run_t,s0)
-')
/var/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ypserv.* -- gen_context(system_u:object_r:ypserv_var_run_t,s0)
-')
/var/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/yppass.* -- gen_context(system_u:object_r:yppasswdd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/automount.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/automount.fc
@@ -14,6 +14,3 @@
#
/var/run/autofs.* gen_context(system_u:object_r:automount_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/autofs.* gen_context(system_u:object_r:automount_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/clamav.fc refpolicy-2.20110726/policy/modules/services/clamav.fc
--- refpolicy-2.20110726/policy/modules/services/clamav.fc
+++ refpolicy-2.20110726/policy/modules/services/clamav.fc
@@ -9,17 +9,8 @@
/usr/sbin/clamav-milter -- gen_context(system_u:object_r:clamd_exec_t,s0)
/var/run/clamav(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clamav(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
/var/run/clamd\..* gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clamd\..* gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
/var/run/clamav\..* gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/clamav\..* gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
/var/spool/postfix/clamav(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0)
/var/clamav(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
@@ -28,9 +19,6 @@
/var/log/clamav/freshclam.* -- gen_context(system_u:object_r:freshclam_var_log_t,s0)
/var/log/clamd.* gen_context(system_u:object_r:clamd_var_log_t,s0)
/var/run/amavis(d)?/clamd\.pid -- gen_context(system_u:object_r:clamd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/amavis(d)?/clamd\.pid -- gen_context(system_u:object_r:clamd_var_run_t,s0)
-')
/var/spool/amavisd/clamd\.sock -s gen_context(system_u:object_r:clamd_var_run_t,s0)
/etc/amavis\.conf -- gen_context(system_u:object_r:clamd_etc_t,s0)
@@ -46,9 +34,6 @@
/var/lib/amavis(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
/var/log/amavisd\.log -- gen_context(system_u:object_r:clamd_var_lib_t,s0)
/var/run/amavis(d)?(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
-ifdef(`distro_debian', `
-/run/amavis(d)?(/.*)? gen_context(system_u:object_r:clamd_var_lib_t,s0)
-')
/var/spool/amavisd(/.*)? gen_context(system_u:object_r:clamd_spool_t,s0)
/var/virusmails(/.*)? gen_context(system_u:object_r:clamd_spool_t,s0)
/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:clamd_var_run_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/inetd.te refpolicy-2.20110726/policy/modules/services/inetd.te
--- refpolicy-2.20110726/policy/modules/services/inetd.te
+++ refpolicy-2.20110726/policy/modules/services/inetd.te
@@ -40,7 +40,7 @@
allow inetd_t self:capability { setuid setgid };
dontaudit inetd_t self:capability sys_tty_config;
-allow inetd_t self:process { setsched setexec };
+allow inetd_t self:process { setrlimit setsched setexec };
allow inetd_t self:fifo_file rw_fifo_file_perms;
allow inetd_t self:tcp_socket create_stream_socket_perms;
allow inetd_t self:udp_socket create_socket_perms;
reverted:
--- refpolicy-2.20110726/policy/modules/services/postgrey.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postgrey.fc
@@ -7,12 +7,6 @@
/var/lib/postgrey(/.*)? gen_context(system_u:object_r:postgrey_var_lib_t,s0)
/var/run/postgrey(/.*)? gen_context(system_u:object_r:postgrey_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postgrey(/.*)? gen_context(system_u:object_r:postgrey_var_run_t,s0)
-')
/var/run/postgrey\.pid -- gen_context(system_u:object_r:postgrey_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postgrey\.pid -- gen_context(system_u:object_r:postgrey_var_run_t,s0)
-')
/var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/plymouthd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/plymouthd.fc
@@ -4,7 +4,4 @@
/var/lib/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_var_lib_t,s0)
/var/run/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_var_run_t,s0)
-')
/var/spool/plymouth(/.*)? gen_context(system_u:object_r:plymouthd_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/nslcd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/nslcd.fc
@@ -2,6 +2,3 @@
/etc/rc\.d/init\.d/nslcd -- gen_context(system_u:object_r:nslcd_initrc_exec_t,s0)
/usr/sbin/nslcd -- gen_context(system_u:object_r:nslcd_exec_t,s0)
/var/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/nslcd(/.*)? gen_context(system_u:object_r:nslcd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/squid.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/squid.fc
@@ -10,8 +10,5 @@
/var/log/squid(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
/var/log/squidGuard(/.*)? gen_context(system_u:object_r:squid_log_t,s0)
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
-')
/var/spool/squid(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
/var/squidGuard(/.*)? gen_context(system_u:object_r:squid_cache_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/portreserve.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/portreserve.fc
@@ -5,6 +5,3 @@
/sbin/portreserve -- gen_context(system_u:object_r:portreserve_exec_t,s0)
/var/run/portreserve(/.*)? gen_context(system_u:object_r:portreserve_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/portreserve(/.*)? gen_context(system_u:object_r:portreserve_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/certmaster.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/certmaster.fc
@@ -6,6 +6,3 @@
/var/lib/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_lib_t,s0)
/var/log/certmaster(/.*)? gen_context(system_u:object_r:certmaster_var_log_t,s0)
/var/run/certmaster.* gen_context(system_u:object_r:certmaster_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/certmaster.* gen_context(system_u:object_r:certmaster_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/radius.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/radius.fc
@@ -20,10 +20,4 @@
/var/log/radwtmp.* -- gen_context(system_u:object_r:radiusd_log_t,s0)
/var/run/radiusd(/.*)? gen_context(system_u:object_r:radiusd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radiusd(/.*)? gen_context(system_u:object_r:radiusd_var_run_t,s0)
-')
/var/run/radiusd\.pid -- gen_context(system_u:object_r:radiusd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/radiusd\.pid -- gen_context(system_u:object_r:radiusd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/consolekit.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/consolekit.fc
@@ -3,15 +3,5 @@
/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
/var/run/consolekit\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/consolekit\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
-')
/var/run/console-kit-daemon\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/console-kit-daemon\.pid -- gen_context(system_u:object_r:consolekit_var_run_t,s0)
-')
/var/run/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_var_run_t,s0)
-')
-/usr/lib/ConsoleKit(/.*)? gen_context(system_u:object_r:bin_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/certmonger.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/certmonger.fc
@@ -4,6 +4,3 @@
/var/lib/certmonger(/.*)? gen_context(system_u:object_r:certmonger_var_lib_t,s0)
/var/run/certmonger.pid -- gen_context(system_u:object_r:certmonger_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/certmonger.pid -- gen_context(system_u:object_r:certmonger_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/postgresql.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/postgresql.fc
@@ -44,11 +44,5 @@
')
/var/run/postgresql(/.*)? gen_context(system_u:object_r:postgresql_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postgresql(/.*)? gen_context(system_u:object_r:postgresql_var_run_t,s0)
-')
/var/run/postmaster.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/postmaster.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/bind.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/bind.fc
@@ -14,21 +14,9 @@
/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0)
/var/run/ndc -s gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ndc -s gen_context(system_u:object_r:named_var_run_t,s0)
-')
/var/run/bind(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/bind(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
-')
/var/run/named(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/named(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
-')
/var/run/unbound(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/unbound(/.*)? gen_context(system_u:object_r:named_var_run_t,s0)
-')
ifdef(`distro_debian',`
/etc/bind(/.*)? gen_context(system_u:object_r:named_zone_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/inetd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/inetd.fc
@@ -10,6 +10,3 @@
/var/log/(x)?inetd\.log -- gen_context(system_u:object_r:inetd_log_t,s0)
/var/run/(x)?inetd\.pid -- gen_context(system_u:object_r:inetd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/(x)?inetd\.pid -- gen_context(system_u:object_r:inetd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/sendmail.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/sendmail.fc
@@ -3,10 +3,4 @@
/var/log/mail(/.*)? gen_context(system_u:object_r:sendmail_log_t,s0)
/var/run/sendmail\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sendmail\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
-')
/var/run/sm-client\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sm-client\.pid -- gen_context(system_u:object_r:sendmail_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/setroubleshoot.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/setroubleshoot.fc
@@ -3,9 +3,6 @@
/usr/share/setroubleshoot/SetroubleshootFixit\.py* -- gen_context(system_u:object_r:setroubleshoot_fixit_exec_t,s0)
/var/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_run_t,s0)
-')
/var/log/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
diff -u refpolicy-2.20110726/policy/modules/services/milter.fc refpolicy-2.20110726/policy/modules/services/milter.fc
--- refpolicy-2.20110726/policy/modules/services/milter.fc
+++ refpolicy-2.20110726/policy/modules/services/milter.fc
@@ -6,25 +6,10 @@
/var/lib/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_state_t,s0)
/var/run/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/milter-greylist(/.*)? gen_context(system_u:object_r:greylist_milter_data_t,s0)
-')
/var/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/milter-greylist\.pid -- gen_context(system_u:object_r:greylist_milter_data_t,s0)
-')
/var/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/spamass-milter(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
-')
/var/run/spamass(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/spamass(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
-')
/var/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
-ifdef(`distro_debian', `
-/run/spamass-milter\.pid -- gen_context(system_u:object_r:spamass_milter_data_t,s0)
-')
/var/spool/milter-regex(/.*)? gen_context(system_u:object_r:regex_milter_data_t,s0)
/var/spool/postfix/spamass(/.*)? gen_context(system_u:object_r:spamass_milter_data_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/oddjob.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/oddjob.fc
@@ -3,6 +3,3 @@
/usr/sbin/oddjobd -- gen_context(system_u:object_r:oddjob_exec_t,s0)
/var/run/oddjobd\.pid gen_context(system_u:object_r:oddjob_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/oddjobd\.pid gen_context(system_u:object_r:oddjob_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/bluetooth.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/bluetooth.fc
@@ -27,10 +27,4 @@
/var/lib/bluetooth(/.*)? gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
/var/run/bluetoothd_address gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/bluetoothd_address gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-')
/var/run/sdp -s gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/sdp -s gen_context(system_u:object_r:bluetooth_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rpc.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rpc.fc
@@ -28,10 +28,4 @@
/var/lib/nfs(/.*)? gen_context(system_u:object_r:var_lib_nfs_t,s0)
/var/run/rpc\.statd(/.*)? gen_context(system_u:object_r:rpcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpc\.statd(/.*)? gen_context(system_u:object_r:rpcd_var_run_t,s0)
-')
/var/run/rpc\.statd\.pid -- gen_context(system_u:object_r:rpcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rpc\.statd\.pid -- gen_context(system_u:object_r:rpcd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/likewise.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/likewise.fc
@@ -46,27 +46,9 @@
/var/lib/likewise-open/run/rpcdep.dat -- gen_context(system_u:object_r:dcerpcd_var_lib_t, s0)
/var/run/eventlogd.pid -- gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/eventlogd.pid -- gen_context(system_u:object_r:eventlogd_var_run_t,s0)
-')
/var/run/lsassd.pid -- gen_context(system_u:object_r:lsassd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lsassd.pid -- gen_context(system_u:object_r:lsassd_var_run_t,s0)
-')
/var/run/lwiod.pid -- gen_context(system_u:object_r:lwiod_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lwiod.pid -- gen_context(system_u:object_r:lwiod_var_run_t,s0)
-')
/var/run/lwregd.pid -- gen_context(system_u:object_r:lwregd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/lwregd.pid -- gen_context(system_u:object_r:lwregd_var_run_t,s0)
-')
/var/run/netlogond.pid -- gen_context(system_u:object_r:netlogond_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/netlogond.pid -- gen_context(system_u:object_r:netlogond_var_run_t,s0)
-')
/var/run/srvsvcd.pid -- gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/srvsvcd.pid -- gen_context(system_u:object_r:srvsvcd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/cups.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/cups.fc
@@ -65,27 +65,9 @@
/var/ccpd(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
/var/ekpd(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
/var/run/cups(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cups(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
-')
/var/run/hp.*\.pid -- gen_context(system_u:object_r:hplip_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hp.*\.pid -- gen_context(system_u:object_r:hplip_var_run_t,s0)
-')
/var/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/hp.*\.port -- gen_context(system_u:object_r:hplip_var_run_t,s0)
-')
/var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
-')
/var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
-')
/var/run/udev-configure-printer(/.*)? gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/udev-configure-printer(/.*)? gen_context(system_u:object_r:cupsd_config_var_run_t,s0)
-')
/var/turboprint(/.*)? gen_context(system_u:object_r:cupsd_var_run_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/ksmtuned.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/ksmtuned.fc
@@ -3,6 +3,3 @@
/usr/sbin/ksmtuned -- gen_context(system_u:object_r:ksmtuned_exec_t,s0)
/var/run/ksmtune\.pid -- gen_context(system_u:object_r:ksmtuned_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/ksmtune\.pid -- gen_context(system_u:object_r:ksmtuned_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/rgmanager.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/rgmanager.fc
@@ -3,11 +3,5 @@
/var/log/cluster/rgmanager\.log -- gen_context(system_u:object_r:rgmanager_var_log_t,s0)
/var/run/cluster/rgmanager\.sk -s gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/cluster/rgmanager\.sk -s gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-')
/var/run/rgmanager\.pid -- gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/rgmanager\.pid -- gen_context(system_u:object_r:rgmanager_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/dnsmasq.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/dnsmasq.fc
@@ -9,10 +9,4 @@
/var/log/dnsmasq\.log gen_context(system_u:object_r:dnsmasq_var_log_t,s0)
/var/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/dnsmasq\.pid -- gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-')
/var/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/libvirt/network(/.*)? gen_context(system_u:object_r:dnsmasq_var_run_t,s0)
-')
diff -u refpolicy-2.20110726/policy/modules/services/clamav.te refpolicy-2.20110726/policy/modules/services/clamav.te
--- refpolicy-2.20110726/policy/modules/services/clamav.te
+++ refpolicy-2.20110726/policy/modules/services/clamav.te
@@ -174,8 +174,10 @@
tunable_policy(`clamd_use_jit',`
allow clamd_t self:process execmem;
+ allow freshclam_t self:process execmem;
', `
dontaudit clamd_t self:process execmem;
+ dontaudit freshclam_t self:process execmem;
')
########################################
reverted:
--- refpolicy-2.20110726/policy/modules/services/apcupsd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/apcupsd.fc
@@ -8,9 +8,6 @@
/var/log/apcupsd\.status.* -- gen_context(system_u:object_r:apcupsd_log_t,s0)
/var/run/apcupsd\.pid -- gen_context(system_u:object_r:apcupsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/apcupsd\.pid -- gen_context(system_u:object_r:apcupsd_var_run_t,s0)
-')
/var/www/apcupsd/multimon\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsfstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/resmgr.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/resmgr.fc
@@ -4,10 +4,4 @@
/sbin/resmgrd -- gen_context(system_u:object_r:resmgrd_exec_t,s0)
/var/run/\.resmgr_socket -s gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/\.resmgr_socket -s gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-')
/var/run/resmgr\.pid -- gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/resmgr\.pid -- gen_context(system_u:object_r:resmgrd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/prelude.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/prelude.fc
@@ -13,12 +13,6 @@
/var/lib/prelude-lml(/.*)? gen_context(system_u:object_r:prelude_var_lib_t,s0)
/var/log/prelude.* gen_context(system_u:object_r:prelude_log_t,s0)
/var/run/prelude-lml.pid -- gen_context(system_u:object_r:prelude_lml_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/prelude-lml.pid -- gen_context(system_u:object_r:prelude_lml_var_run_t,s0)
-')
/var/run/prelude-manager(/.*)? gen_context(system_u:object_r:prelude_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/prelude-manager(/.*)? gen_context(system_u:object_r:prelude_var_run_t,s0)
-')
/var/spool/prelude-manager(/.*)? gen_context(system_u:object_r:prelude_spool_t,s0)
/var/spool/prelude(/.*)? gen_context(system_u:object_r:prelude_spool_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/pcscd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pcscd.fc
@@ -1,18 +1,6 @@
/var/run/pcscd\.comm -s gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.comm -s gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
/var/run/pcscd\.pid -- gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.pid -- gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
/var/run/pcscd\.pub -- gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.pub -- gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
/var/run/pcscd\.events(/.*)? gen_context(system_u:object_r:pcscd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/pcscd\.events(/.*)? gen_context(system_u:object_r:pcscd_var_run_t,s0)
-')
/usr/sbin/pcscd -- gen_context(system_u:object_r:pcscd_exec_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/gpsd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/gpsd.fc
@@ -3,10 +3,4 @@
/usr/sbin/gpsd -- gen_context(system_u:object_r:gpsd_exec_t,s0)
/var/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gpsd\.pid -- gen_context(system_u:object_r:gpsd_var_run_t,s0)
-')
/var/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/gpsd\.sock -s gen_context(system_u:object_r:gpsd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/virt.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/virt.fc
@@ -24,12 +24,6 @@
/var/log/libvirt(/.*)? gen_context(system_u:object_r:virt_log_t,s0)
/var/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/libvirt(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
-')
/var/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/libvirt/qemu(/.*)? gen_context(system_u:object_r:svirt_var_run_t,s0)
-')
/var/vdsm(/.*)? gen_context(system_u:object_r:virt_var_run_t,s0)
reverted:
--- refpolicy-2.20110726/policy/modules/services/chronyd.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/chronyd.fc
@@ -7,6 +7,3 @@
/var/lib/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_lib_t,s0)
/var/log/chrony(/.*)? gen_context(system_u:object_r:chronyd_var_log_t,s0)
/var/run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/chronyd\.pid -- gen_context(system_u:object_r:chronyd_var_run_t,s0)
-')
reverted:
--- refpolicy-2.20110726/policy/modules/services/pegasus.fc
+++ refpolicy-2.20110726.orig/policy/modules/services/pegasus.fc
@@ -8,8 +8,5 @@
/var/lib/Pegasus(/.*)? gen_context(system_u:object_r:pegasus_data_t,s0)
/var/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/tog-pegasus(/.*)? gen_context(system_u:object_r:pegasus_var_run_t,s0)
-')
/usr/share/Pegasus/mof(/.*)?/.*\.mof gen_context(system_u:object_r:pegasus_mof_t,s0)
diff -u refpolicy-2.20110726/policy/modules/kernel/corecommands.fc refpolicy-2.20110726/policy/modules/kernel/corecommands.fc
--- refpolicy-2.20110726/policy/modules/kernel/corecommands.fc
+++ refpolicy-2.20110726/policy/modules/kernel/corecommands.fc
@@ -135,7 +135,6 @@
/lib/udev/scsi_id -- gen_context(system_u:object_r:bin_t,s0)
/lib/upstart(/.*)? gen_context(system_u:object_r:bin_t,s0)
-
/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
/lib64/udev/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
@@ -185,9 +184,9 @@
/usr/(.*/)?Bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/bin/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
-/usr/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/fish -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/bin/scponly -- gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
/usr/lib(.*/)?bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -202,9 +201,6 @@
/usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
-ifdef(`distro_debian', `
-/usr/lib(64)?/ConsoleKit/.* -- gen_context(system_u:object_r:bin_t,s0)
-')
/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
@@ -300,6 +296,13 @@
/usr/X11R6/lib(64)?/X11/xkb/xkbcomp -- gen_context(system_u:object_r:bin_t,s0)
+ifdef(`distro_debian',`
+/usr/lib(64)?/ConsoleKit/.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/gnome-vfs-2.0/gnome-vfs-daemon -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/udisks/.* -- gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/dovecot/.+ -- gen_context(system_u:object_r:bin_t,s0)
+')
+
ifdef(`distro_gentoo', `
/usr/.*-.*-linux-gnu/gcc-bin/.*(/.*)? gen_context(system_u:object_r:bin_t,s0)
/usr/.*-.*-linux-gnu/binutils-bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
diff -u refpolicy-2.20110726/policy/modules/kernel/files.fc refpolicy-2.20110726/policy/modules/kernel/files.fc
--- refpolicy-2.20110726/policy/modules/kernel/files.fc
+++ refpolicy-2.20110726/policy/modules/kernel/files.fc
@@ -62,6 +62,8 @@
/etc/ipsec\.d/examples(/.*)? gen_context(system_u:object_r:etc_t,s0)
+/etc/network/run/ifstate -- gen_context(system_u:object_r:etc_runtime_t,s0)
+
/etc/ptal/ptal-printd-like -- gen_context(system_u:object_r:etc_runtime_t,s0)
/etc/sysconfig/hwconf -- gen_context(system_u:object_r:etc_runtime_t,s0)
@@ -105,6 +107,12 @@
/lib/modules(/.*)? gen_context(system_u:object_r:modules_object_t,s0)
/lib64/modules(/.*)? gen_context(system_u:object_r:modules_object_t,s0)
+ifdef(`distro_debian',`
+# on Debian /lib/init/rw is a tmpfs used like /var/run but
+# before /var is mounted
+/lib/init/rw(/.*)? gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
+')
+
#
# /lost+found
#
@@ -256,8 +264,2 @@
/var/run/motd -- gen_context(system_u:object_r:initrc_var_run_t,s0)
-ifdef(`distro_debian', `
-/run/motd -- gen_context(system_u:object_r:initrc_var_run_t,s0)
-')
-# on Debian /lib/init/rw is a tmpfs used like /var/run but
-# before /var is mounted
-/lib/init/rw(/.*)? gen_context(system_u:object_r:var_run_t,s0-mls_systemhigh)
')
reverted:
--- refpolicy-2.20110726/policy/modules/kernel/filesystem.fc
+++ refpolicy-2.20110726.orig/policy/modules/kernel/filesystem.fc
@@ -1,8 +1,4 @@
/cgroup -d gen_context(system_u:object_r:cgroup_t,s0)
-ifdef(`distro_debian', `
-/run/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
-/var/run/shm -d gen_context(system_u:object_r:tmpfs_t,s0)
-')
/cgroup/.* <>
/dev/hugepages -d gen_context(system_u:object_r:hugetlbfs_t,s0)
diff -u refpolicy-2.20110726/policy/modules/roles/unprivuser.te refpolicy-2.20110726/policy/modules/roles/unprivuser.te
--- refpolicy-2.20110726/policy/modules/roles/unprivuser.te
+++ refpolicy-2.20110726/policy/modules/roles/unprivuser.te
@@ -70,6 +70,7 @@
optional_policy(`
gpg_role(user_r, user_t)
+ gpg_agent_domtrans_user(user_t, user_home_t)
')
optional_policy(`
diff -u refpolicy-2.20110726/debian/changelog refpolicy-2.20110726/debian/changelog
--- refpolicy-2.20110726/debian/changelog
+++ refpolicy-2.20110726/debian/changelog
@@ -1,9 +1,24 @@
-refpolicy (2:2.20110726-1ubuntu1) precise; urgency=low
+refpolicy (2:2.20110726-3) unstable; urgency=low
- * Merge from Debian testing. Remaining changes:
- - debian/control: drop "selinux" conflict (Closes: #576598)
+ * Label /run/mdadm/map .
+ Closes: #643490
+ * Stop conflicting with ancient "selinux" package.
+ Closes: #576598
+
+ -- Russell Coker Wed, 25 Jan 2012 23:52:15 +1100
+
+refpolicy (2:2.20110726-2) unstable; urgency=low
+
+ * Merged all the patches from 2:0.2.20100524-13.
+ * Allow mozilla_t to search user_home_t for ~/.config/chromium
+ * Allow mozilla_t to create sym links in /tmp
+ * Use a separate default setrans.conf for mls
+ * Allow inetd_t setrlimit access
+ * Allow mozilla_t to create socket files in /tmp, for chromium
+ * Remove the hack for /run etc that was introduced in 2:0.2.20100524-10
+ * Correctly label nrpe.cfg as nrpe_etc_t
- -- Angel Abad Sat, 03 Dec 2011 15:16:52 +0100
+ -- Russell Coker Wed, 02 Nov 2011 12:57:17 +1100
refpolicy (2:2.20110726-1) unstable; urgency=low
@@ -25,13 +40,6 @@
-- Russell Coker Thu, 15 Sep 2011 11:53:02 +1000
-refpolicy (2:0.2.20100524-12ubuntu1) precise; urgency=low
-
- * Merge from debian testing. Remaining changes:
- - debian/control: drop "selinux" conflict (Closes: #576598)
-
- -- Angel Abad Sun, 16 Oct 2011 16:06:08 +0200
-
refpolicy (2:0.2.20100524-12) unstable; urgency=low
* Allow perdition to bind to sieve port, read /dev/urandom, and capabilities
@@ -63,13 +71,6 @@
-- Russell Coker Fri, 19 Aug 2011 16:36:17 +1000
-refpolicy (2:0.2.20100524-10ubuntu1) oneiric; urgency=low
-
- * Merge from debian unstable. Remaining changes:
- - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad Tue, 26 Jul 2011 00:31:22 +0200
-
refpolicy (2:0.2.20100524-10) unstable; urgency=low
* Label gpgsm as gpg_exec_t
@@ -79,13 +80,6 @@
-- Russell Coker Sun, 24 Jul 2011 15:50:23 +1000
-refpolicy (2:0.2.20100524-9ubuntu1) oneiric; urgency=low
-
- * Merge from debian unstable. Remaining changes:
- - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad Tue, 17 May 2011 14:44:24 +0200
-
refpolicy (2:0.2.20100524-9) unstable; urgency=low
* Make gnome.pp not be autoloaded and revert some of the gnome stuff from the
@@ -116,13 +110,6 @@
-- Russell Coker Wed, 11 May 2011 11:58:46 +1000
-refpolicy (2:0.2.20100524-8ubuntu1) oneiric; urgency=low
-
- * Merge from debian unstable. Remaining change:
- - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Bhavani Shankar Sun, 01 May 2011 15:52:51 +0530
-
refpolicy (2:0.2.20100524-8) unstable; urgency=low
* Add tunable user_manage_dos_files which defaults to true
@@ -142,13 +129,6 @@
-- Russell Coker Fri, 11 Mar 2011 14:28:58 +1100
-refpolicy (2:0.2.20100524-7ubuntu1) natty; urgency=low
-
- * Merge from debian unstable. Remaining changes:
- - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad Thu, 13 Jan 2011 22:04:50 +0100
-
refpolicy (2:0.2.20100524-7) unstable; urgency=low
* Allow crontab_t to create a directory of type crontab_tmp_t, necessary to
@@ -156,13 +136,6 @@
-- Russell Coker Thu, 13 Jan 2011 21:32:24 +1100
-refpolicy (2:0.2.20100524-6ubuntu1) natty; urgency=low
-
- * Merge from debian unstable. Remaining changes:
- - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Angel Abad Thu, 13 Jan 2011 13:40:14 +0100
-
refpolicy (2:0.2.20100524-6) unstable; urgency=low
* Allow mysqld_safe_t to send messages to syslogd
@@ -178,13 +151,6 @@
-- Russell Coker Thu, 13 Jan 2011 12:41:00 +1100
-refpolicy (2:0.2.20100524-5ubuntu1) natty; urgency=low
-
- * Merge from debian unstable. Remaining change:
- - ebian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Bhavani Shankar Sun, 09 Jan 2011 19:02:47 +0530
-
refpolicy (2:0.2.20100524-5) unstable; urgency=low
* Label /usr/bin/tcsh as shell_exec_t
@@ -226,13 +192,6 @@
-- Russell Coker Sat, 08 Jan 2011 14:13:43 +1100
-refpolicy (2:0.2.20100524-4ubuntu1) natty; urgency=low
-
- * Merge from debian unstable. Remaining changes:
- - debian/control: drop "selinux" conflict (Debian bug 576598)
-
- -- Bhavani Shankar Sun, 17 Oct 2010 19:29:51 +0530
-
refpolicy (2:0.2.20100524-4) unstable; urgency=low
* Label /dev/vd* as fixed_disk_device_t, closes: #589997
@@ -265,13 +224,6 @@
-- Russell Coker Sat, 25 Jul 2010 09:39:00 +1000
-refpolicy (2:0.2.20100524-2ubuntu1) maverick; urgency=low
-
- * Merge from debian unstable (LP: #607149). Remaining changes:
- - debian/control: drop "selinux" conflict (Debian bug 576598).
-
- -- Angel Abad Fri, 09 Jul 2010 06:30:26 +0100
-
refpolicy (2:0.2.20100524-2) unstable; urgency=low
* Include tmpreaper in base policy as mountnfs-bootclean.sh and
@@ -294,13 +246,6 @@
-- Russell Coker Fri, 9 Jul 2010 09:47:00 +1000
-refpolicy (2:0.2.20100524-1ubuntu1) maverick; urgency=low
-
- * Merge from debian unstable. Remaining changes: LP: #602199
- - debian/control: drop "selinux" conflict (Debian bug 576598).
-
- -- Bhavani Shankar Tue, 06 Jul 2010 14:26:53 +0530
-
refpolicy (2:0.2.20100524-1) unstable; urgency=low
* New Upstream release. This version has had a good deal of testing for
@@ -335,13 +280,6 @@
-- Russell Coker Tue, 18 May 2010 19:06:24 +1000
-refpolicy (2:0.2.20091117-2ubuntu1) maverick; urgency=low
-
- * Merge from debian unstable. Remaining changes:
- - debian/control: drop "selinux" conflict (Debian bug 576598).
-
- -- Kees Cook Thu, 24 Jun 2010 14:26:07 -0700
-
refpolicy (2:0.2.20091117-2) unstable; urgency=low
* Label /etc/gdm/Xsession, /etc/gdm/PostSession/* and /etc/gdm/PreSession/*
@@ -366,13 +304,6 @@
-- Russell Coker Mon, 22 Feb 2010 07:58:07 +1100
-refpolicy (2:0.2.20091117-1ubuntu1) lucid; urgency=low
-
- * debian/control: drop "selinux" conflict for sane installation
- in Ubuntu (Debian bug 576598).
-
- -- Kees Cook Mon, 05 Apr 2010 13:03:23 -0700
-
refpolicy (2:0.2.20091117-1) unstable; urgency=low
* New upstream release.
diff -u refpolicy-2.20110726/debian/local.mk refpolicy-2.20110726/debian/local.mk
--- refpolicy-2.20110726/debian/local.mk
+++ refpolicy-2.20110726/debian/local.mk
@@ -212,7 +212,7 @@
test ! -f $(TMPTOP)/usr/share/selinux/mls/$$module.pp || \
rm -f $(TMPTOP)/usr/share/selinux/mls/$$module.pp; \
done
- $(install_file) debian/setrans.conf $(TMPTOP)/etc/selinux/mls/
+ $(install_file) debian/setrans.conf.mls $(TMPTOP)/etc/selinux/mls/setrans.conf
$(install_file) debian/file_contexts.subs_dist $(TMPTOP)/etc/selinux/mls/contexts/files/
$(install_file) VERSION $(DOCDIR)/
$(install_file) README $(DOCDIR)/
@@ -249,7 +249,7 @@
test ! -f $(TMPTOP)/usr/share/selinux/default/$$module.pp || \
rm -f $(TMPTOP)/usr/share/selinux/default/$$module.pp; \
done
- $(install_file) debian/setrans.conf $(TMPTOP)/etc/selinux/default/
+ $(install_file) debian/setrans.conf.default $(TMPTOP)/etc/selinux/default/setrans.conf
$(install_file) debian/file_contexts.subs_dist $(TMPTOP)/etc/selinux/default/contexts/files/
$(install_file) VERSION $(DOCDIR)/
$(install_file) README $(DOCDIR)/
diff -u refpolicy-2.20110726/debian/control refpolicy-2.20110726/debian/control
--- refpolicy-2.20110726/debian/control
+++ refpolicy-2.20110726/debian/control
@@ -4,8 +4,7 @@
Priority: optional
Section: admin
Homepage: http://oss.tresys.com/projects/refpolicy/wiki/DownloadRelease
-Maintainer: Ubuntu Developers
-XSBC-Original-Maintainer: Russell Coker
+Maintainer: Russell Coker
Uploaders: Erich Schubert , Manoj Srivastava
Standards-Version: 3.8.3.0
Build-Depends-Indep: policycoreutils (>= 2.1.0), checkpolicy (>= 2.1.0),
diff -u refpolicy-2.20110726/debian/file_contexts.subs_dist refpolicy-2.20110726/debian/file_contexts.subs_dist
--- refpolicy-2.20110726/debian/file_contexts.subs_dist
+++ refpolicy-2.20110726/debian/file_contexts.subs_dist
@@ -5,0 +6 @@
+/lib64 /lib
reverted:
--- refpolicy-2.20110726/debian/setrans.conf
+++ refpolicy-2.20110726.orig/debian/setrans.conf
@@ -1,19 +0,0 @@
-#
-# Multi-Category Security translation table for SELinux
-#
-# Uncomment the following to disable translation libary
-# disable=1
-#
-# Objects can be categorized with 0-1023 categories defined by the admin.
-# Objects can be in more than one category at a time.
-# Categories are stored in the system as c0-c1023. Users can use this
-# table to translate the categories into a more meaningful output.
-# Examples:
-# s0:c0=CompanyConfidential
-# s0:c1=PatientRecord
-# s0:c2=Unclassified
-# s0:c3=TopSecret
-# s0:c1,c3=CompanyConfidentialRedHat
-s0=SystemLow
-s0-s0:c0.c1023=SystemLow-SystemHigh
-s0:c0.c1023=SystemHigh
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/debian/setrans.conf.mls
+++ refpolicy-2.20110726/debian/setrans.conf.mls
@@ -0,0 +1,52 @@
+#
+# Multi-Level Security translation table for SELinux
+#
+# Uncomment the following to disable translation libary
+# disable=1
+#
+# Objects can be labeled with one of 16 levels and be categorized with 0-1023
+# categories defined by the admin.
+# Objects can be in more than one category at a time.
+# Users can modify this table to translate the MLS labels for different purpose.
+#
+# Assumptions: using below MLS labels.
+# SystemLow
+# SystemHigh
+# Unclassified
+# Secret with compartments A and B.
+#
+# SystemLow and SystemHigh
+s0=SystemLow
+s15:c0.c1023=SystemHigh
+s0-s15:c0.c1023=SystemLow-SystemHigh
+
+# Unclassified level
+s1=Unclassified
+
+# Secret level with compartments
+s2=Secret
+s2:c0=A
+s2:c1=B
+
+# ranges for Unclassified
+s0-s1=SystemLow-Unclassified
+s1-s2=Unclassified-Secret
+s1-s15:c0.c1023=Unclassified-SystemHigh
+
+# ranges for Secret with compartments
+s0-s2=SystemLow-Secret
+s0-s2:c0=SystemLow-Secret:A
+s0-s2:c1=SystemLow-Secret:B
+s0-s2:c0,c1=SystemLow-Secret:AB
+s1-s2:c0=Unclassified-Secret:A
+s1-s2:c1=Unclassified-Secret:B
+s1-s2:c0,c1=Unclassified-Secret:AB
+s2-s2:c0=Secret-Secret:A
+s2-s2:c1=Secret-Secret:B
+s2-s2:c0,c1=Secret-Secret:AB
+s2-s15:c0.c1023=Secret-SystemHigh
+s2:c0-s2:c0,c1=Secret:A-Secret:AB
+s2:c0-s15:c0.c1023=Secret:A-SystemHigh
+s2:c1-s2:c0,c1=Secret:B-Secret:AB
+s2:c1-s15:c0.c1023=Secret:B-SystemHigh
+s2:c0,c1-s15:c0.c1023=Secret:AB-SystemHigh
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/debian/setrans.conf.default
+++ refpolicy-2.20110726/debian/setrans.conf.default
@@ -0,0 +1,19 @@
+#
+# Multi-Category Security translation table for SELinux
+#
+# Uncomment the following to disable translation libary
+# disable=1
+#
+# Objects can be categorized with 0-1023 categories defined by the admin.
+# Objects can be in more than one category at a time.
+# Categories are stored in the system as c0-c1023. Users can use this
+# table to translate the categories into a more meaningful output.
+# Examples:
+# s0:c0=CompanyConfidential
+# s0:c1=PatientRecord
+# s0:c2=Unclassified
+# s0:c3=TopSecret
+# s0:c1,c3=CompanyConfidentialRedHat
+s0=SystemLow
+s0-s0:c0.c1023=SystemLow-SystemHigh
+s0:c0.c1023=SystemHigh
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/policy/modules/admin/apt.te
+++ refpolicy-2.20110726/policy/modules/admin/apt.te
@@ -142,6 +142,10 @@
#')
optional_policy(`
+ pythonsupport_domtrans(apt_t)
+')
+
+optional_policy(`
# dpkg interaction
dpkg_read_db(apt_t)
dpkg_domtrans(apt_t)
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/policy/modules/system/userdomain.fc
+++ refpolicy-2.20110726/policy/modules/system/userdomain.fc
@@ -1,4 +1,5 @@
HOME_DIR -d gen_context(system_u:object_r:user_home_dir_t,s0-mls_systemhigh)
HOME_DIR/.+ gen_context(system_u:object_r:user_home_t,s0)
+HOME_DIR/\.gnupg/gpg.conf -- gen_context(system_u:object_r:user_home_t,s0)
/tmp/gconfd-USER -d gen_context(system_u:object_r:user_tmp_t,s0)
only in patch2:
unchanged:
--- refpolicy-2.20110726.orig/policy/modules/system/hostname.te
+++ refpolicy-2.20110726/policy/modules/system/hostname.te
@@ -25,6 +25,8 @@
kernel_read_proc_symlinks(hostname_t)
dev_read_sysfs(hostname_t)
+dev_read_urand(hostname_t)
+
# Early devtmpfs, before udev relabel
dev_dontaudit_rw_generic_chr_files(hostname_t)