More fixes for the move from /lib, /bin, /sbin, to /usr directory

author Dan Walsh <dwalsh@redhat.com>

Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)

committer Dan Walsh <dwalsh@redhat.com>

Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)
author Dan Walsh <dwalsh@redhat.com>
Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)
committer Dan Walsh <dwalsh@redhat.com>
Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)
diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc

index de8e41bbfdceb95a352c6110e620dc0e39841b24..9446ba8fce418ced78cf5c104344f698eb939901 100644 (file)
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -1,7 +1,7 @@
  #
  # /bin
  #
-/bin                           -d      gen_context(system_u:object_r:bin_t,s0)
+/bin                                   gen_context(system_u:object_r:bin_t,s0)
  /bin/.*                                        gen_context(system_u:object_r:bin_t,s0)
  /bin/d?ash                     --      gen_context(system_u:object_r:shell_exec_t,s0)
  /bin/bash                      --      gen_context(system_u:object_r:shell_exec_t,s0)
@@ -146,7 +146,7 @@ ifdef(`distro_gentoo',`
  #
  # /sbin
  #
-/sbin                          -d      gen_context(system_u:object_r:bin_t,s0)
+/sbin                                  gen_context(system_u:object_r:bin_t,s0)
  /sbin/.*                               gen_context(system_u:object_r:bin_t,s0)
  /sbin/insmod_ksymoops_clean    --      gen_context(system_u:object_r:bin_t,s0)
  /sbin/mkfs\.cramfs             --      gen_context(system_u:object_r:bin_t,s0)
@@ -179,8 +179,22 @@ ifdef(`distro_gentoo',`
  #
  # /usr
  #
+/usr/bin                               -d      gen_context(system_u:object_r:bin_t,s0)
  /usr/(.*/)?Bin(/.*)?                   gen_context(system_u:object_r:bin_t,s0)
  /usr/(.*/)?bin(/.*)?                   gen_context(system_u:object_r:bin_t,s0)
+/usr/bin/.*                                    gen_context(system_u:object_r:bin_t,s0)
+/usr/bin/d?ash                 --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/bash                  --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/bash2                 --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/fish                  --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/ksh.*                 --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/mksh                  --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/mountpoint                    --      gen_context(system_u:object_r:bin_t,s0)
+/usr/bin/sash                  --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/tcsh                  --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/yash                  --      gen_context(system_u:object_r:shell_exec_t,s0)
+/usr/bin/zsh.*                 --      gen_context(system_u:object_r:shell_exec_t,s0)
+
  /usr/bin/git-shell             --      gen_context(system_u:object_r:shell_exec_t,s0)
  /usr/bin/fish                  --      gen_context(system_u:object_r:shell_exec_t,s0)
  /usr/bin/scponly               --      gen_context(system_u:object_r:shell_exec_t,s0)
@@ -261,6 +275,9 @@ ifdef(`distro_gentoo',`
  /usr/local/Brother/(.*/)?inf/setup.* gen_context(system_u:object_r:bin_t,s0)
  /usr/local/linuxprinter/filters(/.*)?  gen_context(system_u:object_r:bin_t,s0)
  
+/usr/sbin/insmod_ksymoops_clean        --      gen_context(system_u:object_r:bin_t,s0)
+/usr/sbin/mkfs\.cramfs         --      gen_context(system_u:object_r:bin_t,s0)
+/usr/sbin/nologin              --      gen_context(system_u:object_r:shell_exec_t,s0)
  /usr/sbin/scponlyc             --      gen_context(system_u:object_r:shell_exec_t,s0)
  /usr/sbin/sesh                 --      gen_context(system_u:object_r:shell_exec_t,s0)
  /usr/sbin/smrsh                        --      gen_context(system_u:object_r:shell_exec_t,s0)
diff --git a/policy/modules/system/libraries.fc b/policy/modules/system/libraries.fc

index 2bfa2258a6c4c159cd56a5a8fe209e6fb3901dfc..39aace99ef6401c1d6dfdf1ff352dfbd07a9d9a9 100644 (file)
--- a/policy/modules/system/libraries.fc
+++ b/policy/modules/system/libraries.fc
@@ -37,7 +37,7 @@ ifdef(`distro_redhat',`
  #
  # /lib(64)?
  #
-/lib                                   -d      gen_context(system_u:object_r:lib_t,s0)
+/lib                                           gen_context(system_u:object_r:lib_t,s0)
  /lib/.*                                                gen_context(system_u:object_r:lib_t,s0)
  /lib/ld-[^/]*\.so(\.[^/]*)*            --      gen_context(system_u:object_r:ld_so_t,s0)
author	Dan Walsh <dwalsh@redhat.com>
	Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)
committer	Dan Walsh <dwalsh@redhat.com>
	Tue, 6 Dec 2011 17:13:42 +0000 (12:13 -0500)
policy/modules/kernel/corecommands.fc		patch \| blob \| blame \| history
policy/modules/system/libraries.fc		patch \| blob \| blame \| history